Problem
Currently KSMG has IPv6 support enabled in Postfix:
inet_protocols = all
However, Postfix 2.6 has a known limitation:
http://www.postfix.org/IPV6_README.html
"Postfix SMTP clients before version 2.8 try to connect over IPv6 before trying IPv4. With more recent Postfix versions, the order of IPv6 versus IPv4 outgoing connection attempts is
Issue
During initial deployments you may encounter errors like this:
Jun 3 12:50:13 ksmg postfix/smtpd[841]: NOQUEUE: reject: RCPT from ksmg.example.com[10.10.10.1]: 450 4.1.2 <test@example.com>: Recipient address rejected: Domain not found; from=<test@example.com> to=<test@example.com> proto=ESMTP helo=<example.com>
This means that the recipi
Scenario
In certain cases one may need to move an SQL database that stores KSE operational data to another SQL server/instance. The following procedure can be used to achieve that:
Step-by-step guide
Change the startup type of KSE services to Manual.
Stop the KSE services which use this database (may be located on several hosts in case of DAG, for example).
Create a backup of the KSE database using MS SQL tools.
Restore the database on a new SQL server/inst
Problem
OAuth consent validation algorithm is the same for Exchange online, OneDrive and SharePoint online.
Initial steps of consent validation algorithm are basically the following:
A user is redirected to the Microsoft website, where the user agrees to provide necessary permissions for our Azure application.
KS365 receives an OAuth callback confirming that the consent was received. But we do not trust this callback as it can be forged.
The user is redirected to
Problem
Messaged are delayed for 50 minutes and in /var/log/maillog there are following entries:
Dec 10 12:07:07 ksmg KSMG: put to asp quarantine: message-id="": relay-ip="10.10.1.1": action="Postponed": size=21958: mail-from="test@example2.com": rcpt-to="test@example.com"
Solution
This is a a feature which delays some suspicious messages for 50 minutes (by default) and then rescan them with newer bases and information in KSN.
This can be turned off in Settin
When administrator attempts to establish a connection between KS4O365 workspace and their Exchange online organization by doing the following in the administration console:
Office 365 connection → Exchange Online connection → Grant Access → passes the consent validation algorithm but in the end gets the Error processing the request error:
This error is usually triggered by the browser settings on the client host that is performing the consent validation.
Upon executing con
There're only two known errors during KSMG installation.
First one:
ksmg.celeryd.service failed because a timeout was exceeded
Above error means that DNS and/or DHCP servers are not accessible. Please reinstall and make sure that DNS and/or DHCP is configured properly.
Second error:
with error code=1 and msg=initdb: error: directory "/var/opt/kaspersky/ksmg/postgresql" exists but is not empty
if you want to create a new databa
Completely exclude the KSE folder with all its subfolders and all KSE processes from the scan scope:
Kavscmesrv.exe
Antiphishing.OutprocScanner.exe
Antispam.OutprocScanner.exe
Antivirus.OutprocScanner.exe
Kse.Ksn.exe
Kse.Licensing.exe
Kse.Updater.exe
In most cases the issue is related to processing downloaded bases on the server drive.
Databases are downloaded from our sites successfully, but the problem appears during compiling and copying the downloaded bases locally on the KSE server.
Such behavior may be caused by the following:
Not configured exclusions for KSE in Kaspersky Security for Windows Server or Kaspersky Endpoint Security.
Other utilities (backup, for example), that may interfere with the file processing.
Version: KSE for Microsoft Exchange Server versions 9.5.10000.64, 9.6.96.
Scenario: We have established a workaround to a problem with invalid SQL server parameters during its installation.
An error about invalid SQL server parameters occurred during the installation: "The server was not found or was not accessible. Verify that the instance name is correct, and that SQL Server is configured to allow remote connections. Error 26 - Error Locating Server/Instance Specified".
Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.
Version: Kaspersky Security for Exchange 9.0 MR5 (9.5.10000.64)
Scenario
The following error message appears:
"Access denied. To manage application features, the user's account must be added to one of the following Active Directory groups:
KSE Administrators
KSE AV Security Officers
KSE AV Operators
KSE Security Officers."
Solution
This error means that
Scenario
Kaspersky Security for Exchange installation failed with the following error: "Failed to grant rights to run under a different name (impersonation) for Kse Watchdog Service".
Solution
If you get the error message about impersonation, execute the following command in PowerShell:
Add-PsSnapin Microsoft.Exchange.Management.PowerShell.E2010
Remove-ManagementRoleAssignment KSE_IMPERSONATION -Confirm:$False
Press the Retry button.
Version: Kaspersky Security for Exchange 9.5.10000.64, 9.6.96
Scenario
In Kaspersky Security 9.0 for Microsoft Exchange Servers there's the following error event: "AM Error Kernel: The Anti-Virus (Anti-Spam) module has been switched to limited scan mode for next 30 minutes. Some objects may be skipped without being scanned."
The same error message appears on the KSE console:
Solution
Sometimes Exchange tries to give KSE more emails to check than KSE is able to to
Scenario:
Phishing links are detected but some emails are allowed through, even though the selected Action is Move to Junk Email folder .
Solution:
The original e-mail was already located in the Junk folder when our product started to scan it.
The "Allow through" action was performed, in this case it means that we've added the phishing tag to the e-mail and left it in the Junk folder.
Most likely this e-mail was detected by some third-party anti-malware/phishing so
Is there any capacity limit of mails in the Quarantine zone? If any, can we modify it?
Unfortunately, there is no possibility to customize this setting per user, it is hardcoded in the product (30 days for objects in the backup and 92 days for statistics).
Is there any limit on the number of emails that can be stored in the Quarantine?
On the KS4O365 side, there isn't a limit to the number of emails that can be saved in the backup. KS4O365 stores only metadata information
If anti-spam detects an e-mail as not definitely categorized as clean, it moves the e-mail to the "Temporary Quarantine" for 50 minutes to re-scan it with updated anti-spam databases.
If upon after this 50 minutes' time the e-mail is not defined as spam, it is released automatically without any interaction with the user.
The administrator has an option to manually release such e-mails from "Temporary Quarantine" before the 50 minute period ends. At the same time, the e-mail will rema
Why are emails detected by Microsoft Exchange Online not being detected by KS365? Because "first come, first served"?
Yes. In more than 95% of cases, Microsoft Exchange anti-malware and anti-spam filters are processing all objects before KS4O365. That being said, all the detections performed by our application are actually detections of mail flow that has already been scanned by Microsoft filters if they are not disabled.
If some email was already scanned and quarantined by Microsoft,
Access to the Microsoft quarantine is carried out immediately after the issuance of the consent. Additional quarantine access accounts, that were subject to the MFA restriction in the previous versions, are no longer required for quarantine access. The connection is carried out using the application to which the consent is issued.
Description
When trying to deliver any message from Backup, the following error occurs:
Facade::DeliverMessage failed. [0xeceb0013] Details: Cannot create temporary file, code: 0xeceb0013.
Solution
Add to the /usr/lib/tmpfiles.d/tmp.conf file the following exclusions:
x /tmp/klms*
x /tmp/klmstmp/
x /tmp/klms_filter/
x /tmp/klmstmp/*
x /tmp/klms_filter/*
Restart the klms service.
If the issue persists, send a screenshot of the information from the web i
Description
When installing or upgrading KSE, you may encounter various issues when installing or starting our service. If a user has repeated the installation many times and changed many settings manually, we recommend to remove KSE completely using the instructions below.
Cause
There are files that remain in the system from a previous KSE installation, so a new installation cannot be successful.
Solution
Delete the remaining KSE files from the Exchange server manually
To install the solution in the silent mode, run the command line with administrator rights and execute the following command:
msiexec /i "<PATH_TO_MSI>" /qn ADDLOCAL="<FEATURES>" SQL_SERVER_NAME="<SQL_SERVER_NAME>" BACKUP_DATABASE_NAME="<DATABASE_NAME>" SQL_ACCOUNT_DLG_USER_TYPE="UserAccount" SQL_ACCOUNT_DLG_USER="<UserName>" SQL_ACCOUNT_DLG_PASSWORD="<Password>" SERVICE_ACCOUNT_DLG_USER_TYPE="UserAccount" SERVICE_ACCOUNT_DLG_USER="<UserName>" SER
KSO365 is a cloud solution. It does not work in the cloud by itself but together with Microsoft Exchange Online (EOL) and its anti-spam and anti-virus protection.
In more than 95% of cases, Microsoft Forefront (Ff) performs the spam and virus scans first, due to Microsoft's cloud architecture. Thus, if Ff has identified an email as spam, virus, phishing, etc., and has done with it any action (according to the settings) except “Skip”, we do not check this email and do nothing with it. We can
The table below contains the criteria for Kaspersky Security for Microsoft Exchange Servers 9.0 MR6 settings health check. Using the settings as specified in the table ensures meeting the recommended security level of the system.
№
Parameters (settings) to check
Check criteri
