Problem
There are slight differences when connecting devices to the Wi-Fi network configured via Kaspersky Endpoint Security for Mobile in Android 10.
The main difference is that the connection to the target Wi-Fi network is made automatically through the product installed on the device and can't be forced manually via device settings.
Step-by-step description
The following scenario demonstrates the correct way to connect the device to a Wi-Fi network, as well as what behavi
Description
As part of proactive security, you may wish to add sha256 to block the execution of application or malicious applications without having the original source files.
This article explains how to perform this action.
How To
Create a text file containing the sha256 you want to block.
Use the AppRulesGenerator.exe app to generate an xml file:
Import the generated .xml file into the KSWS policy:
Description
After successful installation kesl-supervisor.service may refuse to start with the following error:
kesl-supervisor.service: Control process exited, code=exited status=203
journalctl -xe command provide more information related this error
*****
kesl-supervisor.service: Failed to execute command: Permission denied
kesl-supervisor.service: Failed at step EXEC spawning /var/opt/kaspersky/kesl/install-current/etc/init.d/kesl-supervisor:
Problem
In some cases KESMac is not able to start protection components:
Or, the status "Allow encrypted traffic to be inspected" is not changing:
Solution
1) Please get acquainted with the article https://support.kaspersky.com/kis20mac/error/15031#block1;
2) If the article above did not help, try to remove the FireFox user's profiles directory via Terminal:
rm -rf ~/Library/Application
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
3d party video monitoring solution from HIKVision and KES 11.3 or more recent version, up to 12.0
When you open the URL of video web server, for example, http://172.17.64.5/ the error Playback interrupted occurs.
The problem occurs because video software does not comply with HTTP RFC.
Use
The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications.
The both filesystem and network activity of which can be ignored by the product increasing performance.
Please, however, note that this could be potentially risky.
https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm
Problem
This article will describe a few ways to configure KES for Mac to exclude some of the software from th
Problem
You might notice that large files named like PR*.tmp appear in C:\Windows\Temp.
Cause
This is known and expected behavior. When the product scans an object it creates a temporary copy, names it like PR*.tmp and places it in the temp folder.Once the scan is complete, this temporary file gets deleted.
Large PR*.tmp files mean that some large objects are scanned by OAS (On-Access Scan) or ODS (On-Demand Scan).
Solution
In some cases there might be not enough sp
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Problem
HIPS (Host Intrusion Prevention System) unexpectedly blocks data stream (audio, video) in trusted communication software such as MS Teams, Skype, Skype for Business etc.
Solution
The root cause is in KUsrInit.exe (parent process for many processes in the OS where it exists) which in some cases can be f
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This article covering the specific effect brought by any PF installation for the following versions:
KES 11 and higher
Private fix installation on host with KES has a side effect: the HIPS (Host Intrusion Prevention System) configuration will be reset back to defaults and, since Firewall is the part of
Problem
On Windows 10 v1903 and Windows Server v1903 after applying GPO Enable svchost.exe mitigation options, in System\Service Control Manager Settings\Security Settings, high CPU consumption by the following processes may be observed (avp.exe, klnagent.exe, kavfs.exe, kavfswp.exe). When checking if any resource consuming tasks are running, there are no ODS tasks running in KES or KSWS and no patch management related tasks are running too.
This is happening because MS security config
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
This is a rough guide for testing FDE prior to implementation in production.
Make sure that the encrypted hosts will be serviced by a healthy KSC infrastructure (backups are performed regularly, no errors in Kaspersky Event log that need to be addressed, healthy database with plenty room for growth, no clo
In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O.
It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there.
Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD.
Actu
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
You may come across an occasion when instead of an internal webpage you will have a warning message in a browser if you have Scan encrypted connections option enabled.
You should not blindly add certificates to a Trusted Root Certification Authorities storage just to remove a legitimate warning. Doing so ma
While removing Kaspersky Security for Windows Server Console removal log may contain a message:
Error 1336. There was an error creating a temporary file that is needed to complete this installation.
Folder: C:\Program Files (x86)\Common Files\Kaspersky Lab\Kaspersky Security for Windows Server\.
System error code: 5
And if you launch removal process using an appwiz.cpl a popup will be displayed stating :
“There was an error creating a temporary file that is needed to complete
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
If you are willing to uninstall KES with msiexec (msiexec.exe /x {PRODUCT_CODE/GUID}) then product code/GUID is something you are probably looking for. Here they are:
KES product codes
Product name
Product code/GUID
FS6
{1B419
In KSWS/KESS/KICS there is an option in update task to Lower the load on the disk I/O.
It is important to understand that when this option is enabled the task does not use HDD resources at all. Updater will not only place current updates to RAM. Update temp and cache files will also be placed there.
Incorrect expectation: The task uses dedicated amount of RAM, in case if dedicated RAM is not enough for all update files including temp and cache task will continues through HDD.
Actu
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
There are two real-world scenarios related to KES FDE encryption and licensing that often result in unexpected behavior of encrypted devices:
FDE encryption is used with the Advanced license and later replaced with the Select license (or any other license without encryption).
Encryption license is expir
This article describes what is considered a Full Scan, which affects the KSC status "Virus Scan has not been performed for a long time".
Scan task area settings
There are two ways to set areas for a Scan task. Tasks started with any other settings (including Quick Scan and Critical Area Scan with default settings) will not be considered as a Full Scan.
Primary
Kernel Memory
Running processes and Startup Objects
Disk boot sectors
Local disk (logical di
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Trojan.Multi.Accesstr detection is triggered when KES detects that one of Windows utilities in %systemroot%\system32 folder is replaced by cmd.exe or powershell.exe. Please see below for a list of affected files with exact detection names. Detection event looks like this:
Problem
Some devices do not have keyboards, but still are detected with BadUSB.
Step-by-step guide
In order to allow them work properly use BadUSB on-screen keyboard, using other onscreen keyboards or physical ones is not recommended.
To open BadUSB on-screen keyboard click on the highlighted text (example for Russian localization).
Note that Prohibit use of On-Screen Keyboard for authorization of USB devices option should be turned off.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Outlook add-in failure may be related to a KES upgrade.
Step-by-step guide
As the first step to quickly fix majority of the issues with Outlook add-in, unregister it and register again. Here is how to do it properly:
Close Outlook if opened.
Execute
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
Testing Network Threat Protection (NTP, Network Attack Blocker or NAB) may appear tricky, as it is finely tuned to specific attacks only. During past years many detections were modified or removed to prevent major false detections. It is necessary to understand that NTP is not intended to prevent the following types of attac
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
This article is about Kaspersky Endpoint Security for Windows (KES for Windows)
In cases when Bitlocker encryption of a certain volume is started using KES Bitlocker management, and the product returns the following error:
Event type: The policy can not be applied.
Action: Encryption
Reason: The system drive is not compatible with the Microsoft BitLocker encryption.
Type of encryption: dis
Problem
Application category based on the "Metadata" conditions created, but does not work.
Solution
This is expected behavior, in case the file does not have a digital signature, that can be trusted by local KES on the host in question, or is not known in KSN. Use sigcheck tool to see if the file has a valid digital signature – https://technet.microsoft.com/ru-ru/sysinternals/bb897441.aspx
Use other criteria, to determine the category (for example file hash).
