If you want to store FDE encryption keys in Active Directory, this is possible if BitLocker encryption is used.
In order to transfer and store the recovery passwords (keys) in Active Directory, it is necessary to:
1. Enable the “Choose how BitLocker-protected operating system drives can be recovered” group policy https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-rec1 for target computers and configure saving BitLoc
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
There are multiple settings in both KES and KSC that allow to set notifications about various events. This article is based on example of setting complaint notification (message send to administrator if the users considers the blocking of the page to be mistaken).
Let's review three main scenarios, when KES is connected to KSC (either constantly or intermittently) and when it is not connected.
KES
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
You may come across an occasion when instead of an internal webpage you will have a warning message in a browser if you have Scan encrypted connections option enabled.
You should not blindly add certificates to a Trusted Root Certification Authorities storage just to remove a legitimate warning. Doing so ma
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Outlook add-in failure may be related to a KES upgrade.
Step-by-step guide
As the first step to quickly fix majority of the issues with Outlook add-in, unregister it and register again. Here is how to do it properly:
Close Outlook if opened.
Execute
Step-by-step guide
Open KSWS policy
Navigate to "User rights" section
Under "Configure application management section" press "Settings" button
In the "Permissions for Kaspersky Security" window press "Advanced" button
Select necessary user or group -> press "Edit" button -> press "Show advanced permissions"
In the "Permissions Entry for Kaspersky Security" window unselect "Uninstall Kaspersky Security", make sure that Type is set to "Allow"
Advice and Solutions (Community Knowledgebase) Disclaimer. Read before using materials.
In case you want to skip automatic uninstallation of a specific software, but do not want to disable incompatible software check completely, you may edit cleaner.cab.
Step-by-step guide
Download full KES distributive
Start it and make sure all files were unpacked
Navigate to the directory you unpacked kes_win.msi to
Find cleaner.cab in case of KES11.9 and older version
Problem
KSC and KS4Android are implemented but KSC is offline and could not access Internet. KUU can be used for updating KS for Android and distribute the update databases. But after running KUU (Kaspersky Update Utility), you cannot find actual KES for Android versions.
Solution
AV bases for new KESM versions will appear in KUU UI after running KUU with empty application list.
The KUU settings should look like the following (in order to update the list of supported applic
There are 2 methods of installing iOS MDM on the user's device:
Via AppStore (iTunes Store);
Via Manifest URL (with manual placement of the package).
How to install via AppStore
Installation via AppStore involves a special key named App ID.
This process is fully automatic and requires no actions from the KSC administrator. In KSC, you need to specify the application name (this name will be used in KSC event log) and the application ID.
The applica
Description
As part of proactive security, you may wish to add sha256 to block the execution of application or malicious applications without having the original source files.
This article explains how to perform this action.
How To
Create a text file containing the sha256 you want to block.
Use the AppRulesGenerator.exe app to generate an xml file:
Import the generated .xml file into the KSWS policy:
Intro
This instruction describes how to create an installation package (.pkg) for the MacOS operating system from the standalone installation package of Kaspersky Endpoint Security for Mac.
You may need to create such a package to automate the installation of Kaspersky Endpoint Security software via third-party systems (e.g. AirWatch).
Details
Files
Munki tool (with predefined files)
Prerequisites
Kaspersky Security Center
MacOS machine
Python
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
The complete encryption procedure is as follows:
1. During authentication, a private key is generated based on the username and password
2. The private key is used to decrypt the user’s storage and extract the primary key
3. The primary key is checked against the identifier specified in the file hea
Description and cautions
The original scenario located on the page https://support.kaspersky.com/kes11mac/diagnostics/15299, requires a lot of efforts and manual manipulations.
I am offering a bit easier and time-saving approach doing the same.
Details
All the commands from the original document are saved here, but placed together and being run one after another consequently; the old product logs are also wiped up in order to avoid mess:
Login under root:
Description and cautions
The original scenario located on the page https://support.kaspersky.com/kes11mac/diagnostics/15299, requires a lot of efforts and manual manipulations.
I am offering a bit easier and time-saving approach doing the same.
Details
All the commands from the original document are saved here, but placed together and being run one after another consequently; the old product logs are also wiped up in order to avoid mess:
Login under root:
Problem
There are slight differences when connecting devices to the Wi-Fi network configured via Kaspersky Endpoint Security for Mobile in Android 10.
The main difference is that the connection to the target Wi-Fi network is made automatically through the product installed on the device and can't be forced manually via device settings.
Step-by-step description
The following scenario demonstrates the correct way to connect the device to a Wi-Fi network, as well as what behavi
Information in this article can be used when there are disk space limitations imposed on the folders used by KESL:
/var/opt/kaspersky - default KESL installation folder
/tmp - default folder used to store temporary files during the scan
/var/opt/kaspersky
To move files located in this directory you can create a symbolic link to another folder before installation. Use the following steps:
Before installing KESL:
This instruction is relevant only in case of troubleshooting incorrect loading or rendering of a web page.
In order to troubleshoot issues KES network traffic related issues traffic dump is required. It is easier to analyze and does not require third-party software installation.
If reproduction of the issue requires the web browser to open web pages(such as web control non-working as expected, web page not loading, and so on), the tests should be performed in Incognito mod
Step-by-step guide
You need a Mac device to collect iOS device log via Apple Configurator.
Download Apple configurator via App Store.
Run Apple Configurator.
Connect your iOS device.
Unlock the device and tap Trust.
Open the iOS device → Console.
Reproduce the issue.
Save the log in Apple configurator.
Try to save the log as soon as possible after you reproduce the issue, because the log is constantly being overwritten.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
These logs are needed only in specific cases, to save time and effort do not collect these logs unless explicitly requested.
Behaviour Stream Signatures or BSS is a major part of System Watcher. Sometimes its logs are required to diagnose the issue.
Step-by-step guide
BSS log collecting is started via bases, so when you activate logging via the avp.com command, it will re
This is a workaround and should be used if you can't check it the standard way.
1. Collect GSI
2. Open this file (see screenshot) and press ctrl+f and search for the word, for example, Firewall. Immediately you'll get a line with the installed components.
In Compact Diagnostic Interface
Can be checked in "About the application" window.
In Kaspersky Security Console
Can be checked in Action -> Information about the application and available module updates...
To check Block action:
Specify Block actions for all rules in the group Activity of script engines and frameworks.
Extract files from the archive and start the scripts. All scripts should be blocked, popup about it should be shown.
There will be new records about blockings in the local report, events and AAC report in KSC console.
To check Smart action:
Host where KES is installed is under the policy applied. Specify Smart mode for all rules in the group Activi
Problem
Some devices do not have keyboards, but still are detected with BadUSB.
Step-by-step guide
In order to allow them work properly use BadUSB on-screen keyboard, using other onscreen keyboards or physical ones is not recommended.
To open BadUSB on-screen keyboard click on the highlighted text (example for Russian localization).
Note that Prohibit use of On-Screen Keyboard for authorization of USB devices option should be turned off.
Sometimes you may need to add a particular site\domain to an exclusions list of Traffic Security.
Unfortunately, at current moment KSWS console allows us to make exclusions ONLY for Ports, IP-addresses, and Processes:
But we have ability to make site and domain exclusions for Traffic Security via registry workaround.
To implement workaround, we need to create and fill following REG_MULTI_SZ key:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\WSEE\11.0\Env
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
3d party video monitoring solution from HIKVision and KES 11.3 or more recent version, up to 12.0
When you open the URL of video web server, for example, http://172.17.64.5/ the error Playback interrupted occurs.
The problem occurs because video software does not comply with HTTP RFC.
Use
Problem
On Windows 10 v1903 and Windows Server v1903 after applying GPO Enable svchost.exe mitigation options, in System\Service Control Manager Settings\Security Settings, high CPU consumption by the following processes may be observed (avp.exe, klnagent.exe, kavfs.exe, kavfswp.exe). When checking if any resource consuming tasks are running, there are no ODS tasks running in KES or KSWS and no patch management related tasks are running too.
This is happening because MS security config
