Problem Description, Symptoms & Impact
Sometimes an error might occur when installing KSE:
KseCheckServicePortIsFreeActionStep has completed with an error: Service network port 13100 is occupied by another application…
Diagnostics
Screenshot or KSEInfoCollector.
Make sure that port 13100 is open and not used by any application, and repeat the installation. This can be done using the command below. You will see a chart with a process ID (PID column) nex
It is impossible to detect .bat and .cmd files by format, because these are regular plain text files.
If you want to block attachments, you can only configure detection of these files by masks: *.bat, *.cmd.
Please check the section "Configuring the general settings and conditions of rules" of the sites https://support.kaspersky.com/KS4Exchange/9.6/en-US/166855.htm
Add a condition for the Attachment filtering rule and select File name mask instead of File format and then add *.bat
Administrator receives the notification about outdated anti-spam (AS) and/or anti-virus (AV) bases because a large time interval for updating AS and/or AV databases is set (every 5 hours or more for AS and every 24 hours or more for AV). Anti-spam and anti-virus bases should be updated much more often. Accordingly, Kaspersky Security Center should also update anti-spam and anti-virus bases more frequently.
The best way is to update anti-spam bases directly via Internet from Kaspersky Update
The table below contains the criteria for Kaspersky Security for Microsoft Exchange Servers 9.0 MR6 settings health check. Using the settings as specified in the table ensures meeting the recommended security level of the system.
№
Parameters (settings) to check
Check criteri
KSO365 is a cloud solution. It does not work in the cloud by itself but together with Microsoft Exchange Online (EOL) and its anti-spam and anti-virus protection.
In more than 95% of cases, Microsoft Forefront (Ff) performs the spam and virus scans first, due to Microsoft's cloud architecture. Thus, if Ff has identified an email as spam, virus, phishing, etc., and has done with it any action (according to the settings) except “Skip”, we do not check this email and do nothing with it. We can
To install the solution in the silent mode, run the command line with administrator rights and execute the following command:
msiexec /i "<PATH_TO_MSI>" /qn ADDLOCAL="<FEATURES>" SQL_SERVER_NAME="<SQL_SERVER_NAME>" BACKUP_DATABASE_NAME="<DATABASE_NAME>" SQL_ACCOUNT_DLG_USER_TYPE="UserAccount" SQL_ACCOUNT_DLG_USER="<UserName>" SQL_ACCOUNT_DLG_PASSWORD="<Password>" SERVICE_ACCOUNT_DLG_USER_TYPE="UserAccount" SERVICE_ACCOUNT_DLG_USER="<UserName>" SER
Description
When trying to deliver any message from Backup, the following error occurs:
Facade::DeliverMessage failed. [0xeceb0013] Details: Cannot create temporary file, code: 0xeceb0013.
Solution
Add to the /usr/lib/tmpfiles.d/tmp.conf file the following exclusions:
x /tmp/klms*
x /tmp/klmstmp/
x /tmp/klms_filter/
x /tmp/klmstmp/*
x /tmp/klms_filter/*
Restart the klms service.
If the issue persists, send a screenshot of the information from the web i
Access to the Microsoft quarantine is carried out immediately after the issuance of the consent. Additional quarantine access accounts, that were subject to the MFA restriction in the previous versions, are no longer required for quarantine access. The connection is carried out using the application to which the consent is issued.
Why are emails detected by Microsoft Exchange Online not being detected by KS365? Because "first come, first served"?
Yes. In more than 95% of cases, Microsoft Exchange anti-malware and anti-spam filters are processing all objects before KS4O365. That being said, all the detections performed by our application are actually detections of mail flow that has already been scanned by Microsoft filters if they are not disabled.
If some email was already scanned and quarantined by Microsoft,
If anti-spam detects an e-mail as not definitely categorized as clean, it moves the e-mail to the "Temporary Quarantine" for 50 minutes to re-scan it with updated anti-spam databases.
If upon after this 50 minutes' time the e-mail is not defined as spam, it is released automatically without any interaction with the user.
The administrator has an option to manually release such e-mails from "Temporary Quarantine" before the 50 minute period ends. At the same time, the e-mail will rema
Is there any capacity limit of mails in the Quarantine zone? If any, can we modify it?
Unfortunately, there is no possibility to customize this setting per user, it is hardcoded in the product (30 days for objects in the backup and 92 days for statistics).
Is there any limit on the number of emails that can be stored in the Quarantine?
On the KS4O365 side, there isn't a limit to the number of emails that can be saved in the backup. KS4O365 stores only metadata information
Scenario:
Phishing links are detected but some emails are allowed through, even though the selected Action is Move to Junk Email folder .
Solution:
The original e-mail was already located in the Junk folder when our product started to scan it.
The "Allow through" action was performed, in this case it means that we've added the phishing tag to the e-mail and left it in the Junk folder.
Most likely this e-mail was detected by some third-party anti-malware/phishing so
Version: Kaspersky Security for Exchange 9.5.10000.64, 9.6.96
Scenario
In Kaspersky Security 9.0 for Microsoft Exchange Servers there's the following error event: "AM Error Kernel: The Anti-Virus (Anti-Spam) module has been switched to limited scan mode for next 30 minutes. Some objects may be skipped without being scanned."
The same error message appears on the KSE console:
Solution
Sometimes Exchange tries to give KSE more emails to check than KSE is able to to
Scenario
Kaspersky Security for Exchange installation failed with the following error: "Failed to grant rights to run under a different name (impersonation) for Kse Watchdog Service".
Solution
If you get the error message about impersonation, execute the following command in PowerShell:
Add-PsSnapin Microsoft.Exchange.Management.PowerShell.E2010
Remove-ManagementRoleAssignment KSE_IMPERSONATION -Confirm:$False
Press the Retry button.
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Version: Kaspersky Security for Exchange 9.0 MR5 (9.5.10000.64)
Scenario
The following error message appears:
"Access denied. To manage application features, the user's account must be added to one of the following Active Directory groups:
KSE Administrators
KSE AV Security Officers
KSE AV Operators
KSE Security Officers."
Solution
This error means that
Version: KSE for Microsoft Exchange Server versions 9.5.10000.64, 9.6.96.
Scenario: We have established a workaround to a problem with invalid SQL server parameters during its installation.
An error about invalid SQL server parameters occurred during the installation: "The server was not found or was not accessible. Verify that the instance name is correct, and that SQL Server is configured to allow remote connections. Error 26 - Error Locating Server/Instance Specified".
In most cases the issue is related to processing downloaded bases on the server drive.
Databases are downloaded from our sites successfully, but the problem appears during compiling and copying the downloaded bases locally on the KSE server.
Such behavior may be caused by the following:
Not configured exclusions for KSE in Kaspersky Security for Windows Server or Kaspersky Endpoint Security.
Other utilities (backup, for example), that may interfere with the file processing.
Completely exclude the KSE folder with all its subfolders and all KSE processes from the scan scope:
Kavscmesrv.exe
Antiphishing.OutprocScanner.exe
Antispam.OutprocScanner.exe
Antivirus.OutprocScanner.exe
Kse.Ksn.exe
Kse.Licensing.exe
Kse.Updater.exe
There're only two known errors during KSMG installation.
First one:
ksmg.celeryd.service failed because a timeout was exceeded
Above error means that DNS and/or DHCP servers are not accessible. Please reinstall and make sure that DNS and/or DHCP is configured properly.
Second error:
with error code=1 and msg=initdb: error: directory "/var/opt/kaspersky/ksmg/postgresql" exists but is not empty
if you want to create a new databa
When administrator attempts to establish a connection between KS4O365 workspace and their Exchange online organization by doing the following in the administration console:
Office 365 connection → Exchange Online connection → Grant Access → passes the consent validation algorithm but in the end gets the Error processing the request error:
This error is usually triggered by the browser settings on the client host that is performing the consent validation.
Upon executing con
Problem
Messaged are delayed for 50 minutes and in /var/log/maillog there are following entries:
Dec 10 12:07:07 ksmg KSMG: put to asp quarantine: message-id="": relay-ip="10.10.1.1": action="Postponed": size=21958: mail-from="test@example2.com": rcpt-to="test@example.com"
Solution
This is a a feature which delays some suspicious messages for 50 minutes (by default) and then rescan them with newer bases and information in KSN.
This can be turned off in Settin
Problem
OAuth consent validation algorithm is the same for Exchange online, OneDrive and SharePoint online.
Initial steps of consent validation algorithm are basically the following:
A user is redirected to the Microsoft website, where the user agrees to provide necessary permissions for our Azure application.
KS365 receives an OAuth callback confirming that the consent was received. But we do not trust this callback as it can be forged.
The user is redirected to
