Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Version: KES 11.*
Scenario:
You're unable to boot into encrypted machine after FDE applied due to some problems with preboot agent or operating system.
The the safest and one of the most trivial options to restore the data from encrypted hdd or decrypt it 'in place' is going through KES related ‘challenge-response’ procedure using another (i.e. proxy) machine with KES and FDE installed.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article might be useful in the following cases:
If you want to configure multi-vendor security on endpoints, keeping both Kaspersky and Microsoft technologies;
If you don't know how to properly configure a Microsoft solution after installing KES;
If you're having some issues with the product and the OS after configuring KES and Defender.
The differences between the Defender
Environment/Preconditions
KSC - 12
KSWS - 11.0.1.897
You may find a massive increase in disk usage from the folder report under the Kaspersky folder. The size of the report folder will increase from around 2GB to 12GB, the files in the report folder have random name (like 340a13d9-2a50-4c4e-94d6-82a79d80da4b), which rapidly grows and consumes disk space.
The file can be deleted to resolve the disk space full issue, which itself can cause many issues (can't log in to the server, KS
Consider the following scenario:
Open update or scan KSWS task.
Go to Schedule->Advanced→Task stop settings:
Solution
Task's stop settings are greyed out and cannot be changed. This is by design behaviour:
Task stop settings can be changed only for real-time tasks - Real-Time File Protection and Script Monitoring. These tasks can be configured in KSWS policy to pause the execution at certain time not to interfere with 3d apps or speed up heav
Problem
KSWS10 and KSWS11 may have two issues because of the Application Control component:
Can't uninstall KSWS with the error "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run"
Can't run GSI with this error "Unable to unpack the critical file. GsiSharp.bin"
Solution
Disable Application Control and retry uninstallation.
Сollect GSI, if necessary.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
"Removable disk" Encryption is enabled and the policy applied to the machines, but nothing happens when the client connects USB drive.
Solution
Encryption of the removable drives supports two modes:
Encrypt entire removable drive: based on Kaspersky Full Disk Encryption (FDE), the entir
Problem
KSWS detects certain exploit or malware frequently with N/A as an action in KSC reports.
Solution
1. Download the latest patch for our product on the machine which detects the issue.
2. Download the latest Windows security updates on the machine to cover the potential vulnerabilities.
3. Make sure that the product has the latest updates from KLABs servers.
4. Check the events on the impacted server as sometimes KSC report shows "detection events" only with a
Problem
If you found out that KSWS installations are somehow corrupted, and you're not able to remove it using conventional means (using misexec and/or appwiz.cpl), please do not use kavremover and/or mszap tools. Do not attempt removing the product manually as our goal is to determine the root cause of the product moving to this inconsistent state.
Solution
Please provide Kaspersky Support with the pertinent GSI log of the affected host and KSWS msi installer logs containing all
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This problem has been observed in KES 11.5, but may apply to other versions as well.
Problem
Sometimes the KES tray icon behaves unexpectedly: it appears twice or does not appear at all (the icon next to the Windows clock).
Solution
Reset the tray icons:
Open regedit;
Go to HKEY
Problem
In some cases, it is possible to run a database upgrade task on the KSWS/KICS/KESS host, but despite the upgrade task successfully completing, the databases are still out of date.
Solution
Most probably product operates in UpdateBlackListOnly mode. This happens in cases when product is activated with activation code and is unable to reach our activation servers. Thus KSWS fails to receive/refresh activation ticket and downloads updates only for Blacklist.
Possible way
Description
After successful installation kesl-supervisor.service may refuse to start with the following error:
kesl-supervisor.service: Control process exited, code=exited status=203
journalctl -xe command provide more information related this error
*****
kesl-supervisor.service: Failed to execute command: Permission denied
kesl-supervisor.service: Failed at step EXEC spawning /var/opt/kaspersky/kesl/install-current/etc/init.d/kesl-supervisor:
Problem
In some cases KESMac is not able to start protection components:
Or, the status "Allow encrypted traffic to be inspected" is not changing:
Solution
1) Please get acquainted with the article https://support.kaspersky.com/kis20mac/error/15031#block1;
2) If the article above did not help, try to remove the FireFox user's profiles directory via Terminal:
rm -rf ~/Library/Application
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
3d party video monitoring solution from HIKVision and KES 11.3 or more recent version, up to 12.0
When you open the URL of video web server, for example, http://172.17.64.5/ the error Playback interrupted occurs.
The problem occurs because video software does not comply with HTTP RFC.
Use
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
Problem
You might notice that large files named like PR*.tmp appear in C:\Windows\Temp.
Cause
This is known and expected behavior. When the product scans an object it creates a temporary copy, names it like PR*.tmp and places it in the temp folder.Once the scan is complete, this temporary file gets deleted.
Large PR*.tmp files mean that some large objects are scanned by OAS (On-Access Scan) or ODS (On-Demand Scan).
Solution
In some cases there might be not enough sp
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
HIPS (Host Intrusion Prevention System) unexpectedly blocks data stream (audio, video) in trusted communication software such as MS Teams, Skype, Skype for Business etc.
Solution
The root cause is in KUsrInit.exe (parent process for many processes in the OS where it exists) which in some cases can be f
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This article covering the specific effect brought by any PF installation for the following versions:
KES 11 and higher
Private fix installation on host with KES has a side effect: the HIPS (Host Intrusion Prevention System) configuration will be reset back to defaults and, since Firewall is the part of
Problem
On Windows 10 v1903 and Windows Server v1903 after applying GPO Enable svchost.exe mitigation options, in System\Service Control Manager Settings\Security Settings, high CPU consumption by the following processes may be observed (avp.exe, klnagent.exe, kavfs.exe, kavfswp.exe). When checking if any resource consuming tasks are running, there are no ODS tasks running in KES or KSWS and no patch management related tasks are running too.
This is happening because MS security config
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This is a rough guide for testing FDE prior to implementation in production.
Make sure that the encrypted hosts will be serviced by a healthy KSC infrastructure (backups are performed regularly, no errors in Kaspersky Event log that need to be addressed, healthy database with plenty room for growth, no clo
In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O.
It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there.
Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD.
Actu
While removing Kaspersky Security for Windows Server Console removal log may contain a message:
Error 1336. There was an error creating a temporary file that is needed to complete this installation.
Folder: C:\Program Files (x86)\Common Files\Kaspersky Lab\Kaspersky Security for Windows Server\.
System error code: 5
And if you launch removal process using an appwiz.cpl a popup will be displayed stating :
“There was an error creating a temporary file that is needed to complete
In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O.
It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there.
Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD.
Actu
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
There are two real-world scenarios related to KES FDE encryption and licensing that often result in unexpected behavior of encrypted devices:
FDE encryption is used with the Advanced license and later replaced with the Select license (or any other license without encryption).
Encryption license is expir
This article describes what is considered a Full Scan, which affects the KSC status "Virus Scan has not been performed for a long time".
Scan task area settings
There are two ways to set areas for a Scan task. Tasks started with any other settings (including Quick Scan and Critical Area Scan with default settings) will not be considered as a Full Scan.
Primary
Kernel Memory
Running processes and Startup Objects
Disk boot sectors
Local disk (logical di
