This error message means that KSWS KSN-Client was unable to reach KSN Cloud servers (in most cases if KSN Proxy is used).
Possible causes of the issue:
Various transport-level issues
KSC Server has been moved to another host with new DNS-name and IP-address
Troubleshooting steps:
Check that KSC is accessible via both its IP address and its hostname
Check that option "Bypass proxy for local addresses" is enabled (KSC server properties > Advanced > C
To check Block action:
Specify Block actions for all rules in the group Activity of script engines and frameworks.
Extract files from the archive and start the scripts. All scripts should be blocked, popup about it should be shown.
There will be new records about blockings in the local report, events and AAC report in KSC console.
To check Smart action:
Host where KES is installed is under the policy applied. Specify Smart mode for all rules in the group Activi
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This is a rough guide for testing FDE prior to implementation in production.
Make sure that the encrypted hosts will be serviced by a healthy KSC infrastructure (backups are performed regularly, no errors in Kaspersky Event log that need to be addressed, healthy database with plenty room for growth, no clo
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
These logs are needed only in specific cases, to save time and effort do not collect these logs unless explicitly requested.
Behaviour Stream Signatures or BSS is a major part of System Watcher. Sometimes its logs are required to diagnose the issue.
Step-by-step guide
BSS log collecting is started via bases, so when you activate logging via the avp.com command, it will re
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
There are multiple settings in both KES and KSC that allow to set notifications about various events. This article is based on example of setting complaint notification (message send to administrator if the users considers the blocking of the page to be mistaken).
Let's review three main scenarios, when KES is connected to KSC (either constantly or intermittently) and when it is not connected.
KES
Problem
You might notice that large files named like PR*.tmp appear in C:\Windows\Temp.
Cause
This is known and expected behavior. When the product scans an object it creates a temporary copy, names it like PR*.tmp and places it in the temp folder.Once the scan is complete, this temporary file gets deleted.
Large PR*.tmp files mean that some large objects are scanned by OAS (On-Access Scan) or ODS (On-Demand Scan).
Solution
In some cases there might be not enough sp
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This article covering the specific effect brought by any PF installation for the following versions:
KES 11 and higher
Private fix installation on host with KES has a side effect: the HIPS (Host Intrusion Prevention System) configuration will be reset back to defaults and, since Firewall is the part of
Problem
In some cases KESMac is not able to start protection components:
Or, the status "Allow encrypted traffic to be inspected" is not changing:
Solution
1) Please get acquainted with the article https://support.kaspersky.com/kis20mac/error/15031#block1;
2) If the article above did not help, try to remove the FireFox user's profiles directory via Terminal:
rm -rf ~/Library/Application
Problem
The "Install application remotely" task wizard presents an option to specify an SSH certificate as account credentials, if Linux package is selected for installation.
The wizard does not accept certain certificates and fails to provide informative error messages why this happens.
Examples:
Failed to upload the certificate.
Failed to import the private key of the certificate.
Root cause
KSC 13.2 only accepts PEM certificates, they start with
Sometimes you may need to add a particular site\domain to an exclusions list of Traffic Security.
Unfortunately, at current moment KSWS console allows us to make exclusions ONLY for Ports, IP-addresses, and Processes:
But we have ability to make site and domain exclusions for Traffic Security via registry workaround.
To implement workaround, we need to create and fill following REG_MULTI_SZ key:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\WSEE\11.0\Env
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Testing Network Threat Protection (NTP, Network Attack Blocker or NAB) may appear tricky, as it is finely tuned to specific attacks only. During past years many detections were modified or removed to prevent major false detections. It is necessary to understand that NTP is not intended to prevent the following types of attac
This only applies to KSC 14.2 and below
Problem
Remote installation tasks finishes with uninformative errors:
Setup process error: Unknown error. (126)
Setup process error: Unknown error. (2)
Solution
1. Create 3rd party installation package (Create installation package -> Create an installation package for the specified executable file.)
2. Specify executable file, for example script.sh
3. Locate this package folder in KSC storage, by default %ProgramD
The Application Control component has a category called Browser extensions. There is a known limitation for it in Chrome.
If an extension runs in an already running Chrome process (many of them run as newly started Chrome processes, especially for extension reasons), it cannot be blocked because it is not a newly started process and the extension itself is not an executable. It requires an .exe file to load. An extension that is already running cannot be blocked by application control (it h
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
"Removable disk" Encryption is enabled and the policy applied to the machines, but nothing happens when the client connects USB drive.
Solution
Encryption of the removable drives supports two modes:
Encrypt entire removable drive: based on Kaspersky Full Disk Encryption (FDE), the entir
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
In cases when Bitlocker encryption of a certain volume is started using KES Bitlocker management, and the product returns the following error:
Event type: The policy can not be applied.
Action: Encryption
Reason: The system drive is not compatible with the Microsoft BitLocker encryption.
Type of encryption: dis
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
There are two real-world scenarios related to KES FDE encryption and licensing that often result in unexpected behavior of encrypted devices:
FDE encryption is used with the Advanced license and later replaced with the Select license (or any other license without encryption).
Encryption license is expir
Problem
Sometimes Anti-Cryptor task in KESL won't be able to launch after the OS is started. This may happen because Anti-Cryptor needs all the protected network resources to be up before KESL service is started. In other words, Samba or NFS services should be started before KESL service.
Solution
To resolve this problem you need to make sure that services start in the correct order.
For Systemd systems:
1. Create a file /etc/systemd/system/kesl.service.d/override.conf
Security administrator can create KSWS Application Control rules based on Digital Certificate.
What does product actually checks and how it is related to the file itself?
First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa.
If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed?
Alte
Problem
If you found out that KSWS installations are somehow corrupted, and you're not able to remove it using conventional means (using misexec and/or appwiz.cpl), please do not use kavremover and/or mszap tools. Do not attempt removing the product manually as our goal is to determine the root cause of the product moving to this inconsistent state.
Solution
Please provide Kaspersky Support with the pertinent GSI log of the affected host and KSWS msi installer logs containing all
Problem
KSWS10 and KSWS11 may have two issues because of the Application Control component:
Can't uninstall KSWS with the error "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run"
Can't run GSI with this error "Unable to unpack the critical file. GsiSharp.bin"
Solution
Disable Application Control and retry uninstallation.
Сollect GSI, if necessary.
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
This instruction is relevant only in case of troubleshooting incorrect loading or rendering of a web page.
In order to troubleshoot issues KES network traffic related issues traffic dump is required. It is easier to analyze and does not require third-party software installation.
If reproduction of the issue requires the web browser to open web pages(such as web control non-working as expected, web page not loading, and so on), the tests should be performed in Incognito mod
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
HIPS (Host Intrusion Prevention System) unexpectedly blocks data stream (audio, video) in trusted communication software such as MS Teams, Skype, Skype for Business etc.
Solution
The root cause is in KUsrInit.exe (parent process for many processes in the OS where it exists) which in some cases can be f
