Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known Problem

KSWS Console removal fails with error 1336 [Kaspersky Security for Windows Server]

While removing Kaspersky Security for Windows Server Console removal log may contain a message: Error 1336. There was an error creating a temporary file that is needed to complete this installation. Folder: C:\Program Files (x86)\Common Files\Kaspersky Lab\Kaspersky Security for Windows Server\. System error code: 5 And if you launch removal process using an appwiz.cpl a popup will be displayed stating :  “There was an error creating a temporary file that is needed to complete
svc_kms

svc_kms in Known Problem

0
How-to

How to use wildcard in KSWS/KESS exclusions [Kaspersky Security for Windows Server]

KSWS/KESS use * as a wildcard character. There are multiple ways to use it. Examples Masks without paths *.exe - all files with extension *.exe test - all files with name test Masks with absolute paths C:\dir\*.* - all files in folder C:\dir\ and its subfolders C:\dir\*.exe - all files with mask *.exe in folder C:\dir\ and its subfolders C:\dir\test - all files named test in folder C:\dir\ and its subfolders C:\dir\ - all files in fold
svc_kms

svc_kms in How-to

0
How-to

How to collect KES11 traffic dump [KES for Windows]

This instruction is relevant only in case of troubleshooting incorrect loading or rendering of a web page. In order to troubleshoot issues KES network traffic related issues traffic dump is required. It is easier to analyze and does not require third-party software installation.  If reproduction of the issue requires the web browser to open web pages(such as web control non-working as expected, web page not loading, and so on), the tests should be performed in Incognito mod
svc_kms

svc_kms in How-to

0
How-to

How to check Adaptive Anomaly Control (AAC) [KES for Windows]

To check Block action: Specify Block actions for all rules in the group Activity of script engines and frameworks.  Extract files from the archive and start the scripts.  All scripts should be blocked, popup about it should be shown. There will be new records about blockings in the local report, events and AAC report in KSC console.    To check Smart action: Host where KES is installed is under the policy applied. Specify Smart mode for all rules in the group Activi
svc_kms

svc_kms in How-to

0
Known Problem

Information on Trojan.Multi.Accesstr detection [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Trojan.Multi.Accesstr detection is triggered when KES detects that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe. Please see below for a list of affected files with exact detection names. Detection event looks like this:
svc_kms

svc_kms in Known Problem

0
Known Problem

HIKVision video monitoring does not work with Web Threat Protection and Web Control enabled [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem 3d party video monitoring solution from HIKVision and KES 11.3 or more recent version, up to 12.0 When you open the URL of video web server, for example, http://172.17.64.5/ the error Playback interrupted occurs. The problem occurs because video software does not comply with HTTP RFC.  Use
svc_kms

svc_kms in Known Problem

0
How-to

How to set email notification for KES events [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. There are multiple settings in both KES and KSC that allow to set notifications about various events. This article is based on example of setting complaint notification (message send to administrator if the users considers the blocking of the page to be mistaken). Let's review three main scenarios, when KES is connected to KSC (either constantly or intermittently) and when it is not connected. KES
svc_kms

svc_kms in How-to

0
Known Problem

Application startup control rules based on the file's metadata [KES for Windows]

Problem Application category based on the "Metadata" conditions created, but does not work. Solution This is expected behavior, in case the file does not have a digital signature, that can be trusted by local KES on the host in question, or is not known in KSN. Use sigcheck tool to see if the file has a valid digital signature – https://technet.microsoft.com/ru-ru/sysinternals/bb897441.aspx  Use other criteria, to determine the category (for example file hash).
svc_kms

svc_kms in Known Problem

0
Known Problem

About Disk I/O usage optimization option [Kaspersky Security for Windows Server]

In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O. It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there. Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD. Actu
svc_kms

svc_kms in Known Problem

0
Known Problem

kesl-supervisor.service: Control process exited, code=exited status=203 [KES for Linux]

Description After successful installation kesl-supervisor.service may refuse to start with the following error: kesl-supervisor.service: Control process exited, code=exited status=203 journalctl -xe command provide more information related this error ***** kesl-supervisor.service: Failed to execute command: Permission denied kesl-supervisor.service: Failed at step EXEC spawning /var/opt/kaspersky/kesl/install-current/etc/init.d/kesl-supervisor: 
svc_kms

svc_kms in Known Problem

0
How-to

How to prohibit security administrator to uninstall KSWS/KESS [Kaspersky Security for Windows Server]

Step-by-step guide Open KSWS policy Navigate to "User rights" section Under "Configure application management section" press "Settings" button In the "Permissions for Kaspersky Security" window press "Advanced" button Select necessary user or group -> press "Edit" button -> press "Show advanced permissions" In the "Permissions Entry for Kaspersky Security" window unselect "Uninstall Kaspersky Security", make sure that Type is set to "Allow"
svc_kms

svc_kms in How-to

0
Known Problem

Tray icon appears twice or does not appear at all [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) This problem has been observed in KES 11.5, but may apply to other versions as well. Problem Sometimes the KES tray icon behaves unexpectedly: it appears twice or does not appear at all (the icon next to the Windows clock). Solution Reset the tray icons: Open regedit; Go to HKEY
svc_kms

svc_kms in Known Problem

0
Known Problem

About Disk I/O usage optimization option [Kaspersky Security for Windows Server]

In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O. It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there. Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD. Actu
svc_kms

svc_kms in Known Problem

0
Known Problem

KSWS spawns a lot of PR*.tmp files [Kaspersky Security for Windows Server]

Problem You might notice that large files named like PR*.tmp appear in C:\Windows\Temp. Cause This is known and expected behavior. When the product scans an object it creates a temporary copy, names it like PR*.tmp and places it in the temp folder.Once the scan is complete, this temporary file gets deleted. Large PR*.tmp files mean that some large objects are scanned by OAS (On-Access Scan) or ODS (On-Demand Scan). Solution In some cases there might be not enough sp
svc_kms

svc_kms in Known Problem

0
How-to

How to authorize keyboardless device in BadUSB [KES for Windows]

Problem Some devices do not have keyboards, but still are detected with BadUSB. Step-by-step guide In order to allow them work properly use BadUSB on-screen keyboard, using other onscreen keyboards or physical ones is not recommended. To open BadUSB on-screen keyboard click on the highlighted text (example for Russian localization). Note that Prohibit use of On-Screen Keyboard for authorization of USB devices option should be turned off.
svc_kms

svc_kms in How-to

0
Known Problem

SSH certificate import error during the "Install application remotely" task in KSC [KES for Linux]

Problem The "Install application remotely" task wizard presents an option to specify an SSH certificate as account credentials, if Linux package is selected for installation.  The wizard does not accept certain certificates and fails to provide informative error messages why this happens. Examples: Failed to upload the certificate. Failed to import the private key of the certificate. Root cause KSC 13.2 only accepts PEM certificates, they start with
svc_kms

svc_kms in Known Problem

0
Known Problem

Trusted Applications [KES for Mac]

The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications. The both filesystem and network activity of which can be ignored by the product increasing performance. Please, however, note that this could be potentially risky.  https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm Problem This article will describe a few ways to configure KES for Mac to exclude some of the software from th
svc_kms

svc_kms in Known Problem

0
Known Problem

KES for Windows on KES Cloud installation fails with '(1187/0x0 ("Bad parameter "VerifyCertDate"")' [KES for Windows]

Problem Description, Symptoms & Impact Local installation from a standalone package fails Diagnostics Check installation logs of the product. We are looking for the following string: 09.02.2022 17:06:19.453 00000374.000028B4 L1  KLSTD: #1, Error was caught in KLERR_throwError, c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061. Error params: (1187/0x0 ("Bad parameter "VerifyCertDate""), "KLSTD", c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkgi
Stan Shpatar

Stan Shpatar in Known Problem

0
Known Problem

Licensing and FDE functionality [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   There are two real-world scenarios related to KES FDE encryption and licensing that often result in unexpected behavior of encrypted devices: FDE encryption is used with the Advanced license and later replaced with the Select license (or any other license without encryption). Encryption license is expir
svc_kms

svc_kms in Known Problem

0
Known Problem

Linux programs remote execution using "Install application remotely" task in KSC [KES for Linux]

This only applies to KSC 14.2 and below Problem Remote installation tasks finishes with uninformative errors: Setup process error: Unknown error. (126) Setup process error: Unknown error. (2) Solution 1. Create 3rd party installation package (Create installation package -> Create an installation package for the specified executable file.) 2. Specify executable file, for example script.sh 3. Locate this package folder in KSC storage, by default %ProgramD
svc_kms

svc_kms in Known Problem

0
Known Problem

BitLocker management [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. What is the role of Kaspersky in BitLocker encryption process ? Basically, KES BitLocker management is a COM object that is registered in the system and changes the BitLocker component settings in accordance to the settings that are specified in the KES policy. Afterwards it stores the recovery data received from BitLocker component on the KSC side. Also, it provides error-reporting and verifies that th
svc_kms

svc_kms in Known Problem

0
Known Problem

Errors with removing KSWS and running GSI because of the Application Control [Kaspersky Security for Windows Server]

Problem KSWS10 and KSWS11 may have two issues because of the Application Control component: Can't uninstall KSWS with the error "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run" Can't run GSI with this error "Unable to unpack the critical file. GsiSharp.bin" Solution Disable Application Control and retry uninstallation. Сollect GSI, if necessary. 
svc_kms

svc_kms in Known Problem

0
Known Problem

Why doesn't KES work in Safe Mode? [KES for Windows]

This behavior is expected. We have no control over a system booting in Safe mode, because Safe mode is a special boot mode for OS diagnostics and repair. It is not possible to enable KES booting when Safe mode is running. However, booting in Safe mode can be disabled using GPOs or the local registry. It can be done by a local administrator. One of the ways to disable Safe Mode is described here.
svc_kms

svc_kms in Known Problem

0
How-to

How to trace when KES doesn't detect malware files in Outlook [KES for Windows]

Step-by-step guide Open Outlook. Go to File → Options → Add-ins. Check add-in options for the KES plugin. Make sure that scan on receive and scan on send are enabled. If problem persists, enable KES tracing. Restart Outlook. Send e-mail with infected .doc file. Send another e-mail with EICAR. Stop traces and send them to the Kaspersky support for further analysis.
svc_kms

svc_kms in How-to

0


×
×
  • Create New...