Description and cautions
The original scenario located on the page https://support.kaspersky.com/kes11mac/diagnostics/15299, requires a lot of efforts and manual manipulations.
I am offering a bit easier and time-saving approach doing the same.
Details
All the commands from the original document are saved here, but placed together and being run one after another consequently; the old product logs are also wiped up in order to avoid mess:
Login under root:
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
You need a Mac device with macOS 14+ to supervise iOS device log via Apple Configurator
Your iOS device will be reset to factory settings during supervising
Download Apple configurator via App Store.
Run Apple Configurator.
Connect your iOS device.
Unlock the device and tap Trust.
Select your device and click on the Prepare button
Step-by-step guide
You need a Mac device to collect iOS device log via Apple Configurator.
Download Apple configurator via App Store.
Run Apple Configurator.
Connect your iOS device.
Unlock the device and tap Trust.
Open the iOS device → Console.
Reproduce the issue.
Save the log in Apple configurator.
Try to save the log as soon as possible after you reproduce the issue, because the log is constantly being overwritten.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
The complete encryption procedure is as follows:
1. During authentication, a private key is generated based on the username and password
2. The private key is used to decrypt the user’s storage and extract the primary key
3. The primary key is checked against the identifier specified in the file hea
Intro
This instruction describes how to create an installation package (.pkg) for the MacOS operating system from the standalone installation package of Kaspersky Endpoint Security for Mac.
You may need to create such a package to automate the installation of Kaspersky Endpoint Security software via third-party systems (e.g. AirWatch).
Details
Files
Munki tool (with predefined files)
Prerequisites
Kaspersky Security Center
MacOS machine
Python
Problem
KSC and KS4Android are implemented but KSC is offline and could not access Internet. KUU can be used for updating KS for Android and distribute the update databases. But after running KUU (Kaspersky Update Utility), you cannot find actual KES for Android versions.
Solution
AV bases for new KESM versions will appear in KUU UI after running KUU with empty application list.
The KUU settings should look like the following (in order to update the list of supported applic
Sometimes you may need to add a particular site\domain to an exclusions list of Traffic Security.
Unfortunately, at current moment KSWS console allows us to make exclusions ONLY for Ports, IP-addresses, and Processes:
But we have ability to make site and domain exclusions for Traffic Security via registry workaround.
To implement workaround, we need to create and fill following REG_MULTI_SZ key:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\WSEE\11.0\Env
If you want to store FDE encryption keys in Active Directory, this is possible if BitLocker encryption is used.
In order to transfer and store the recovery passwords (keys) in Active Directory, it is necessary to:
1. Enable the “Choose how BitLocker-protected operating system drives can be recovered” group policy https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-rec1 for target computers and configure saving BitLoc
To check Block action:
Specify Block actions for all rules in the group Activity of script engines and frameworks.
Extract files from the archive and start the scripts. All scripts should be blocked, popup about it should be shown.
There will be new records about blockings in the local report, events and AAC report in KSC console.
To check Smart action:
Host where KES is installed is under the policy applied. Specify Smart mode for all rules in the group Activi
This is a workaround and should be used if you can't check it the standard way.
1. Collect GSI
2. Open this file (see screenshot) and press ctrl+f and search for the word, for example, Firewall. Immediately you'll get a line with the installed components.
In Compact Diagnostic Interface
Can be checked in "About the application" window.
In Kaspersky Security Console
Can be checked in Action -> Information about the application and available module updates...
Step-by-step guide
Open Outlook.
Go to File → Options → Add-ins.
Check add-in options for the KES plugin.
Make sure that scan on receive and scan on send are enabled.
If problem persists, enable KES tracing.
Restart Outlook.
Send e-mail with infected .doc file.
Send another e-mail with EICAR.
Stop traces and send them to the Kaspersky support for further analysis.
There are 2 methods of installing iOS MDM on the user's device:
Via AppStore (iTunes Store);
Via Manifest URL (with manual placement of the package).
How to install via AppStore
Installation via AppStore involves a special key named App ID.
This process is fully automatic and requires no actions from the KSC administrator. In KSC, you need to specify the application name (this name will be used in KSC event log) and the application ID.
The applica
Information in this article can be used when there are disk space limitations imposed on the folders used by KESL:
/var/opt/kaspersky - default KESL installation folder
/tmp - default folder used to store temporary files during the scan
/var/opt/kaspersky
To move files located in this directory you can create a symbolic link to another folder before installation. Use the following steps:
Before installing KESL:
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Sometimes it is required to unregister KES from context menu of Explorer. Follow these steps:
Disable self-defense of KES;
Open CMD shell as admin;
Run commands:
regsvr32 /u C:\Program Files (x86)\Kaspersky
Problem
There are slight differences when connecting devices to the Wi-Fi network configured via Kaspersky Endpoint Security for Mobile in Android 10.
The main difference is that the connection to the target Wi-Fi network is made automatically through the product installed on the device and can't be forced manually via device settings.
Step-by-step description
The following scenario demonstrates the correct way to connect the device to a Wi-Fi network, as well as what behavi
Description
As part of proactive security, you may wish to add sha256 to block the execution of application or malicious applications without having the original source files.
This article explains how to perform this action.
How To
Create a text file containing the sha256 you want to block.
Use the AppRulesGenerator.exe app to generate an xml file:
Import the generated .xml file into the KSWS policy:
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
You may come across an occasion when instead of an internal webpage you will have a warning message in a browser if you have Scan encrypted connections option enabled.
You should not blindly add certificates to a Trusted Root Certification Authorities storage just to remove a legitimate warning. Doing so ma
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
If you are willing to uninstall KES with msiexec (msiexec.exe /x {PRODUCT_CODE/GUID}) then product code/GUID is something you are probably looking for. Here they are:
KES product codes
Product name
Product code/GUID
FS6
{1B419
Problem
Some devices do not have keyboards, but still are detected with BadUSB.
Step-by-step guide
In order to allow them work properly use BadUSB on-screen keyboard, using other onscreen keyboards or physical ones is not recommended.
To open BadUSB on-screen keyboard click on the highlighted text (example for Russian localization).
Note that Prohibit use of On-Screen Keyboard for authorization of USB devices option should be turned off.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Outlook add-in failure may be related to a KES upgrade.
Step-by-step guide
As the first step to quickly fix majority of the issues with Outlook add-in, unregister it and register again. Here is how to do it properly:
Close Outlook if opened.
Execute
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Testing Network Threat Protection (NTP, Network Attack Blocker or NAB) may appear tricky, as it is finely tuned to specific attacks only. During past years many detections were modified or removed to prevent major false detections. It is necessary to understand that NTP is not intended to prevent the following types of attac
Step-by-step guide
Open KSWS policy
Navigate to "User rights" section
Under "Configure application management section" press "Settings" button
In the "Permissions for Kaspersky Security" window press "Advanced" button
Select necessary user or group -> press "Edit" button -> press "Show advanced permissions"
In the "Permissions Entry for Kaspersky Security" window unselect "Uninstall Kaspersky Security", make sure that Type is set to "Allow"
Step-by-step guide
Install KSWS and make sure the Anti-Cryptor protection component running and its Work Mode is Active.
Install AESCrypt on a remote host.
Try to encrypt the files on a network share protected by KSWS.
Enter a password.
As encryption starts, Anti-Cryptor detects it and blocks remote user's session. In KSWS 11, by default, the application blocks a host's access to network file resources for 30 minutes.
The follow
KSWS/KESS use * as a wildcard character. There are multiple ways to use it.
Examples
Masks without paths
*.exe - all files with extension *.exe
test - all files with name test
Masks with absolute paths
C:\dir\*.* - all files in folder C:\dir\ and its subfolders
C:\dir\*.exe - all files with mask *.exe in folder C:\dir\ and its subfolders
C:\dir\test - all files named test in folder C:\dir\ and its subfolders
C:\dir\ - all files in fold
