How to renew KEA unique identifier on cloned devices [Kaspersky Endpoint Agent]
You may use images with installed KEA that are distributed to multiple devices, or some hardware vendors (ACER) do not comply with standards and sell hardware with non-unique BIOS IDs, etc.
As a result, a telemetry from different agents may end up merged into a single record.
Symptoms
- Certain hostnames are present in KATA alerts, but search returns 0 events. Moreover, such hostnames are not present in the agent list. If looked up by an IP in the database/logs, UUID is found to be non-unique or belonging to other host.
- The same UUID is found in KEA logs from different machines.
- There is UUID 03000200-0400-0500-0006-000700080009 in the logs.
- There is UUID 6ab5b300-538d-1014-9fb5-b0684d007b53 in the logs.
- There is UUID 0bea76da-28ca-4e13-9715-361a8bbf3bc8 in the logs.
Solution for KEA
Run the new script on the affected machine to reset the UUID.
Solution for KES with built-in Endpoint Agent
Download this script, unpack it. Please check the KES version inside of it and change if needed. Turn off self-defence feature of KES, and run the script. After that please restart KES and UUID should be changed (if restarting the KES does not work then please reboot the machine).
For 32-bit system use this 32-bit script.
Solution for KESL with built-in Endpoint Agent
uuidgen > /var/opt/kaspersky/epagent/install_id uuidgen > /var/opt/kaspersky/kesl/common/pcid systemctl restart kesl
Solution for LENA
Remove LENA from the host rm /var/opt/kaspersky/kesl/common/install_id Reinstall LENA
0 Comments
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now