Jump to content

About this blog

Entries in this blog

KES malware scan task detects viruses in Thunderbird or TheBat! mail base file [KES for Windows]

Description Starting from KES Windows version 12.6, it can parse third-party mail base files, but still can't re-assemble them. Malware scan tasks runs in folders where mail base files for Thunderbird or TheBat! are located and finds threats in old mail items.   Diagnostics After choosing Resolve or setting "Disinfect, delete if disinfection fails" in the KSC task, nothing changes, and another malware scan task anyway finds the same threats.  Workaround and solution Sinc

svc_kms

svc_kms in Known problem

Thunderbolt bridge connection does not work when Network Threat Protection is enabled [KES for Mac]

Scenario Enable Network Threat Protection Connect another Mac via a thunderbolt cable Try to send any data from one computer to another Connection times out Workaround & Solution Connect computers by other means or disable NTP when using Thunderbolt bridge. RCA This issue is caused by a bug in macOS' built-in packet filter and was reported to apple.

svc_kms

svc_kms in Known problem

KES for Windows on KES Cloud installation fails [KES for Windows]

Problem Description, Symptoms & Impact Local installation from a standalone package fails Diagnostics Check installation logs of the product. We are looking for the following string: 09.02.2022 17:06:19.453 00000374.000028B4 L1  KLSTD: #1, Error was caught in KLERR_throwError, c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061. Error params: (1187/0x0 ("Bad parameter "VerifyCertDate""), "KLSTD", c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkgi

svc_kms

svc_kms in Known problem

KES installation error 0x80004005 [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows)   Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MS

svc_kms

svc_kms in Known problem

OS hangs caused by excessive use of file descriptors [KES for Linux]

Symptoms OS hang, sometimes with open file errors in journals Customer application degrades with errors "unable to open file", "too many open files" Hangs and third-party (compatibility) issues often require advanced data collection and are sophisticated to investigate. However, a quick check is possible: On a system where KESL has worked for some time (not immediately after reboot/restart), validate the output of the following command, ran as root, for numerous r

svc_kms

svc_kms in Known problem

Trusted Applications [KES for Mac]

The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications. The both filesystem and network activity of which can be ignored by the product increasing performance. Please, however, note that this could be potentially risky.  https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm Problem This article will describe a few ways to configure KES for Mac to exclude some of the software from th

svc_kms

svc_kms in Known problem

KES Processing Error on Google Drive shares [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact KES File Threat Protection sometimes can't check Microsoft office documents from mounted Google Drive shares, therefore generating Processing error events. This issue is caused by an incompatibility between Google Drive VFS driver and KES. There are no plans on making KES compatible with Google Drive. Workaround & Solution As a workaround, add fil

svc_kms

svc_kms in Known problem

KES for Windows 12: printing order is much slower when Device Control component is running [KES for Windows]

Problem Description, Symptoms & Impact In KES 12.0, the way Device Control component works has been changed. See changelog: https://support.kaspersky.com/help/KESWin/12.0/en-US/127969.htm Due to these changes, you may notice that printing order becomes slow after you have upgraded KES to version 12.0 or higher. This delay may be around 30-60s or even 10-15 minutes. When you disable KES, it becomes instant. In some exceptional cases, the delay may be so big that it's impossible to p

svc_kms

svc_kms in Known problem

VMWare guest BSODs with a driver related stop code after installing or updating KES [KES for Windows]

Description VMWare guest using Kaspersky products hanging or crashing due to driver conflicts between drivers used by VMWare NSX (vnetWFP.sys, previously vnetflt.sys) and Network Threat Protection component. This problem is known to happen with following versions of KES and VMware Tools: KES 11.6 with VMWare Tools 10.0.9 KES 11.6 and 11.7 with VMWare Tools 11.3.5 KES 12 with VMWare Tools 10.1.7 Troubleshooting steps Update VMWare Tools Somet

svc_kms

svc_kms in Known problem

Error 27211. Failed to enable Self-Defense [KES for Windows]

Problem Description While installing KES for Windows via KSC installation package the following error appears and interferes with installation. Possible causes: KES components installed already before installation. Required driver files were not found. Workaround & Solution Use kavremover and reinstall KES with the latest patch. In case kavremover will not help, please collect procmon and KES installation logs, actual GSI with e

svc_kms

svc_kms in Known problem

File Threat Protection does not start due to driver interceptor error [KES for Linux]

Problem kesl-control --app-info outputs the following error: en File Threat Protection:                     Unavailable due to file interceptor driver error One of the most common root causes is Fanotify is disabled (or KESL could not access it) and kernel module compilation also failed. A special utility can  be used for this directly on the affected mac

svc_kms

svc_kms in Known problem

The operation with application resources is blocked by Self-Defense [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) This informational message does not mean that Self-Defense accuses any process of being under malware attack, it proactively blocks certain operations that could pose a potential threat to processes. The number of events depends on the activity of applications that inhabit the system, especially from their periodic acti

svc_kms

svc_kms in Known problem

Device Control errors [KES for Windows]

Issue Sometimes Device Control errors in KES may occur. For example, hard drives are wrongly blocked when USB device blocking is enabled, or flash drive blocking is not happening although the policies require to do so. In some cases, the reason for erroneous blocking is that the operating system (OS) is incorrectly identifying the device type. Solution As an example, if the policies prohibit access to flash drives, but this rule does not always work, you can check the followi

svc_kms

svc_kms in Known problem

Info about KES in registry [KES for Windows]

How to check if KES is installed, its state (running or not) and bases version via registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState   More information about these registry keys is available in Online Help: https://support.kaspersky.com/ksc14/3644. Obtaining information from the registry is for familiarization purposes only. KESCLI commands method supported by developers: Managing the application from the command

svc_kms

svc_kms in Known problem

Linux programs remote execution using "Install application remotely" task in KSC [KES for Linux]

This only applies to KSC 14.2 and below Problem Remote installation tasks finishes with uninformative errors: Setup process error: Unknown error. (126) Setup process error: Unknown error. (2) Solution 1. Create 3rd party installation package (Create installation package -> Create an installation package for the specified executable file.) 2. Specify executable file, for example script.sh 3. Locate this package folder in KSC storage, by default %ProgramD

svc_kms

svc_kms in Known problem

Anti-Cryptor doesn't start on OS boot [KES for Linux]

Problem Sometimes Anti-Cryptor task in KESL won't be able to launch after the OS is started. This may happen because Anti-Cryptor needs all the protected network resources to be up before KESL service is started. In other words, Samba or NFS services should be started before KESL service.  Solution To resolve this problem you need to make sure that services start in the correct order. For Systemd systems: 1. Create a file /etc/systemd/system/kesl.service.d/override.conf

svc_kms

svc_kms in Known problem

KES public and product line versions chart [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Same info can be found here: https://support.kaspersky.com/16010 Starting from version 11.5, some file versions, registry and file system paths may differ from the release version and refer to the product line version. Release full build version Product line version GUID 1

svc_kms

svc_kms in Known problem

Error: Please go to the Control Panel to install and configure system components [Kaspersky Security for Windows Server]

Product version/Environment KSWS 10.1/11.X Windows Server Requirements for the server on which Kaspersky Security for Windows Server is deployed Description of Error Run installation of the application or the console with the setup file. Error "Please go to the Control Panel to install and configure system components" pops up and installation doesn't run. Solution Unpack the installation file and run the .msi file inside instead of the setup:

svc_kms

svc_kms in Known problem

SSH certificate import error during the "Install application remotely" task in KSC [KES for Linux]

Problem The "Install application remotely" task wizard presents an option to specify an SSH certificate as account credentials, if Linux package is selected for installation.  The wizard does not accept certain certificates and fails to provide informative error messages why this happens. Examples: Failed to upload the certificate. Failed to import the private key of the certificate. Root cause KSC 13.2 only accepts PEM certificates, they start with

svc_kms

svc_kms in Known problem

Why are not all browser extensions blocked by Application Control? [KES for Windows]

The Application Control component has a category called Browser extensions. There is a known limitation for it in Chrome. If an extension runs in an already running Chrome process (many of them run as newly started Chrome processes, especially for extension reasons), it cannot be blocked because it is not a newly started process and the extension itself is not an executable. It requires an .exe file to load. An extension that is already running cannot be blocked by application control (it h

svc_kms

svc_kms in Known problem

BitLocker management [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. What is the role of Kaspersky in BitLocker encryption process ? Basically, KES BitLocker management is a COM object that is registered in the system and changes the BitLocker component settings in accordance to the settings that are specified in the KES policy. Afterwards it stores the recovery data received from BitLocker component on the KSC side. Also, it provides error-reporting and verifies that th

svc_kms

svc_kms in Known problem

Why doesn't KES work in Safe Mode? [KES for Windows]

This behavior is expected. We have no control over a system booting in Safe mode, because Safe mode is a special boot mode for OS diagnostics and repair. It is not possible to enable KES booting when Safe mode is running. However, booting in Safe mode can be disabled using GPOs or the local registry. It can be done by a local administrator. One of the ways to disable Safe Mode is described here.

svc_kms

svc_kms in Known problem

Error 27310. Failed to install the directory file for the digital signature [KES for Windows]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Version: any KES11.* on any OS Scenario: The following error appears during the installation: Error 27310. Failed to install the directory file for the digital signature  Solution: 1. Run kavremover utility as administrator. 2. Delete KES drivers (if they were not deleted by kavremover) located

svc_kms

svc_kms in Known problem



×
×
  • Create New...