Description
Starting from KES Windows version 12.6, it can parse third-party mail base files, but still can't re-assemble them. Malware scan tasks runs in folders where mail base files for Thunderbird or TheBat! are located and finds threats in old mail items.
Diagnostics
After choosing Resolve or setting "Disinfect, delete if disinfection fails" in the KSC task, nothing changes, and another malware scan task anyway finds the same threats.
Workaround and solution
Sinc
Scenario
Enable Network Threat Protection
Connect another Mac via a thunderbolt cable
Try to send any data from one computer to another
Connection times out
Workaround & Solution
Connect computers by other means or disable NTP when using Thunderbolt bridge.
RCA
This issue is caused by a bug in macOS' built-in packet filter and was reported to apple.
Problem Description, Symptoms & Impact
Local installation from a standalone package fails
Diagnostics
Check installation logs of the product. We are looking for the following string:
09.02.2022 17:06:19.453 00000374.000028B4 L1 KLSTD: #1, Error was caught in KLERR_throwError, c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061. Error params: (1187/0x0 ("Bad parameter "VerifyCertDate""), "KLSTD", c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkgi
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below.
MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MS
Description and cautions
The original scenario located on the page https://support.kaspersky.com/kes11mac/diagnostics/15299, requires a lot of efforts and manual manipulations.
I am offering a bit easier and time-saving approach doing the same.
Details
All the commands from the original document are saved here, but placed together and being run one after another consequently; the old product logs are also wiped up in order to avoid mess:
Login under root:
Symptoms
OS hang, sometimes with open file errors in journals
Customer application degrades with errors "unable to open file", "too many open files"
Hangs and third-party (compatibility) issues often require advanced data collection and are sophisticated to investigate. However, a quick check is possible:
On a system where KESL has worked for some time (not immediately after reboot/restart), validate the output of the following command, ran as root, for numerous r
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
You need a Mac device with macOS 14+ to supervise iOS device log via Apple Configurator
Your iOS device will be reset to factory settings during supervising
Download Apple configurator via App Store.
Run Apple Configurator.
Connect your iOS device.
Unlock the device and tap Trust.
Select your device and click on the Prepare button
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Problem Description, Symptoms & Impact
KES File Threat Protection sometimes can't check Microsoft office documents from mounted Google Drive shares, therefore generating Processing error events. This issue is caused by an incompatibility between Google Drive VFS driver and KES. There are no plans on making KES compatible with Google Drive.
Workaround & Solution
As a workaround, add fil
Step-by-step guide
You need a Mac device to collect iOS device log via Apple Configurator.
Download Apple configurator via App Store.
Run Apple Configurator.
Connect your iOS device.
Unlock the device and tap Trust.
Open the iOS device → Console.
Reproduce the issue.
Save the log in Apple configurator.
Try to save the log as soon as possible after you reproduce the issue, because the log is constantly being overwritten.
Problem
While WTP/NTP is enabled, nft utility produces errors (stderr) like
# nft list ruleset
XT target TPROXY not found
XT target TPROXY not found
XT target TPROXY not found
XT target TPROXY not found
These errors are caused by a bug in nft ut
Problem Description, Symptoms & Impact
In KES 12.0, the way Device Control component works has been changed. See changelog: https://support.kaspersky.com/help/KESWin/12.0/en-US/127969.htm
Due to these changes, you may notice that printing order becomes slow after you have upgraded KES to version 12.0 or higher. This delay may be around 30-60s or even 10-15 minutes. When you disable KES, it becomes instant. In some exceptional cases, the delay may be so big that it's impossible to p
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
The complete encryption procedure is as follows:
1. During authentication, a private key is generated based on the username and password
2. The private key is used to decrypt the user’s storage and extract the primary key
3. The primary key is checked against the identifier specified in the file hea
Description
VMWare guest using Kaspersky products hanging or crashing due to driver conflicts between drivers used by VMWare NSX (vnetWFP.sys, previously vnetflt.sys) and Network Threat Protection component.
This problem is known to happen with following versions of KES and VMware Tools:
KES 11.6 with VMWare Tools 10.0.9
KES 11.6 and 11.7 with VMWare Tools 11.3.5
KES 12 with VMWare Tools 10.1.7
Troubleshooting steps
Update VMWare Tools
Somet
Problem Description
While installing KES for Windows via KSC installation package the following error appears and interferes with installation.
Possible causes:
KES components installed already before installation.
Required driver files were not found.
Workaround & Solution
Use kavremover and reinstall KES with the latest patch.
In case kavremover will not help, please collect procmon and KES installation logs, actual GSI with e
Intro
This instruction describes how to create an installation package (.pkg) for the MacOS operating system from the standalone installation package of Kaspersky Endpoint Security for Mac.
You may need to create such a package to automate the installation of Kaspersky Endpoint Security software via third-party systems (e.g. AirWatch).
Details
Files
Munki tool (with predefined files)
Prerequisites
Kaspersky Security Center
MacOS machine
Python
Problem
KSC and KS4Android are implemented but KSC is offline and could not access Internet. KUU can be used for updating KS for Android and distribute the update databases. But after running KUU (Kaspersky Update Utility), you cannot find actual KES for Android versions.
Solution
AV bases for new KESM versions will appear in KUU UI after running KUU with empty application list.
The KUU settings should look like the following (in order to update the list of supported applic
Sometimes you may need to add a particular site\domain to an exclusions list of Traffic Security.
Unfortunately, at current moment KSWS console allows us to make exclusions ONLY for Ports, IP-addresses, and Processes:
But we have ability to make site and domain exclusions for Traffic Security via registry workaround.
To implement workaround, we need to create and fill following REG_MULTI_SZ key:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\WSEE\11.0\Env
Problem
kesl-control --app-info outputs the following error:
en
File Threat Protection: Unavailable due to file interceptor driver error
One of the most common root causes is Fanotify is disabled (or KESL could not access it) and kernel module compilation also failed.
A special utility can be used for this directly on the affected mac
Download KES distributive
Unpack to the folder
Copy patch .msp file (i.e. pf1794.msp) to the same folder
In KSC create Installation package using the files from this folder
Install
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This informational message does not mean that Self-Defense accuses any process of being under malware attack, it proactively blocks certain operations that could pose a potential threat to processes.
The number of events depends on the activity of applications that inhabit the system, especially from their periodic acti
If you want to store FDE encryption keys in Active Directory, this is possible if BitLocker encryption is used.
In order to transfer and store the recovery passwords (keys) in Active Directory, it is necessary to:
1. Enable the “Choose how BitLocker-protected operating system drives can be recovered” group policy https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-rec1 for target computers and configure saving BitLoc
To check Block action:
Specify Block actions for all rules in the group Activity of script engines and frameworks.
Extract files from the archive and start the scripts. All scripts should be blocked, popup about it should be shown.
There will be new records about blockings in the local report, events and AAC report in KSC console.
To check Smart action:
Host where KES is installed is under the policy applied. Specify Smart mode for all rules in the group Activi
Issue
Sometimes Device Control errors in KES may occur. For example, hard drives are wrongly blocked when USB device blocking is enabled, or flash drive blocking is not happening although the policies require to do so.
In some cases, the reason for erroneous blocking is that the operating system (OS) is incorrectly identifying the device type.
Solution
As an example, if the policies prohibit access to flash drives, but this rule does not always work, you can check the followi
How to check if KES is installed, its state (running or not) and bases version via registry:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState
More information about these registry keys is available in Online Help: https://support.kaspersky.com/ksc14/3644.
Obtaining information from the registry is for familiarization purposes only. KESCLI commands method supported by developers:
Managing the application from the command
