All Activity

Sometimes, you may want to have Kaspersky Endpoint Agent traces which start from its very cradle. This guide is applicable to local installation. Step-by-step guide Place the attached JSON file next to endpointagent.msi file. Feel free to modify patch to traces folder inside. Install Endpoint Agent using GUI or command line: msiexec /i endpointagent.msi /qn Traces will appear as soon as the services start, even before the installation completes.

Problem Sometimes the problem with events receiving/transferring on KSC (including export to SIEM) may occur. The first thing that you have to check is Kaspersky Event Log. The following warnings may occur: Warning Total number of events stored in database (4010532) has exceeded the actual limit of 4000000 event(s). Starting to delete excessive events from the database... Warning 600 event(s) have been deleted from the database because the limit of 4000000 event(s) was exceeded. Warning Server is busy: event has been rejected for device '<Device_name>', most common events in the database are: 'Scheduled' (from 'KES 11.0.0.0'), 'Error sending the request to KSN' (from 'Kaspersky Security 10 for Windows Server 10.0.0.486') and 'Password-protected archive detected' (from 'KES 11.0.0.0') The same is correct for SIEM integration. Because KSC is busy, it won't provide event to SIEM immediately. You'll have to wait until load will be decreased.Events are coming from the hosts to KSC and sometimes KSC just cannot process all of them. For example, during KES update task all the hosts transfer event Scheduled and then Running. The more hosts you have, the more chance that KSC will suffer a pike load which will lead to the other events rejecting. Solution Configure events storing in all KES policies according to https://support.kaspersky.com/KSC/14/en-US/92424_1.htm Open KEL and check what the most common events in the database are. Most probably those events will be informational and not very helpful. Disable storing events you are not interested in on KSC server in all corresponding policies. Task related events can be disabled in the corresponding task properties, on the Notifications tab. There are different store events options, choose to store only task execution results. Do this for all the tasks running of which cause "server busy" event. After a while events receiving/transferring should be normalized.

The KESMac 12 and the KESMac 11.3 patch C allows adding particular processes into the trusted section named Trusted Applications. The both filesystem and network activity of which can be ignored by the product increasing performance. Please, however, note that this could be potentially risky. https://support.kaspersky.com/KESMac/11.3_adminguide/en-US/194142.htm Problem This article will describe a few ways to configure KES for Mac to exclude some of the software from the scope of the product. Solution Trusted applications In order to have an ability to exсlude an application from scanning with KES, a function of Trusted Applications available in Kaspersky Endpoint Security for Mac can be used: The Trusted applications section as seen in the policy creation wizard. Naturally, it can be configured later by modifying the policy. Update the plugin to at least version 11.3.0.33 to get the new functionality. In some specific cases it might be required to put several binaries to Trusted Applications simultaneously in order to take effect. So, a final solution might include several path-based exclusions accompanied by a few BundleID-based ones. Trusted Applications are only available for configuration via KSC policy; i.e. it is currently impossible to add application to exclusions having no KSC installed. Additionally, an appropriate application control plug-in for KESMac must be downloaded and installed on the KSC prior to using Trusted Application functionality. It can be found on the corresponding download page. Common exclusions for developers It's suggested excluding the following paths: "/Library/Developer/CommandLineTools" and "/Library/Toolchains" for the standard developers' utilities, as well as the "/Applications/Xcode.app/*" for the XCode. At the same time, in case you use alternative tools, contact Kaspersky Support to get the exact paths for further exclusions. Excluding TCP 443 from port monitoring Additionally, in case of HTTPS-connectivity issues, unchecking port 443 in Monitored ports may also help:

Problem You might notice that large files named like PR*.tmp appear in C:\Windows\Temp. Cause This is known and expected behavior. When the product scans an object it creates a temporary copy, names it like PR*.tmp and places it in the temp folder.Once the scan is complete, this temporary file gets deleted. Large PR*.tmp files mean that some large objects are scanned by OAS (On-Access Scan) or ODS (On-Demand Scan). Solution In some cases there might be not enough space of drive to create large temporary file. Below are the possible solutions: Exclude large objects from OAS and ODS; In OAS and ODS settings, enable option 'Do not scan compound objects larger than' and specify required size in MB; Change the folder where KSWS temporary files are created to a drive with higher capacity. In KSWS11 this can be achieved by editing Application settings → Scalability, interface and scan settings → Scan settings → 'Folder for temporary files created during scanning'. In KSWS10 use below registry entry: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\WSEE\10.1\Environment] "ProcessingTempPath"="d:\\Temp\\"

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. We suggest free and lightweight client, part of Putty: pscp. Step-by-step guide You can download pscp.exe for Windows from official site. Navigate to the folder with pscp.exe and start cmd or powershell there To copy files to KATA, run the following command: .\pscp.exe -scp <path to local file> admin@<kata_ip>:<remote location> .\pscp.exe -scp D:\patch.ktgz admin@10.70.244.89: \\sample command that will put patch.ktgz to /var/op/kaspersky/apt/files/ folder To copy files from KATA, run the following command: .\pscp.exe -scp admin@<kata_ip>:<filename> <path to local folder> .\pscp.exe -scp admin@10.70.244.89:collect-20200429-133436.tar.gz D:\ \\sample command for downloading collect from KATA

Problem While running Fix vulnerabilities task, the following error can occur: 'Transaction became the database conflict victim: '1205, 'Lock wait timeout exceeded; try restarting transaction' , LastStatement='CALL vapm_arrange_task_updates(119, 0xC89EAD3312227039C9FAC933840D7936)' Solution Most possible, the reason of the problem is that you have Fix vulnerabilities task or tasks with a big number of vulnerabilities that should be fixed inside one task. For example, you scroll list of KLAs and add each KLA to be fixed in the existing task. You have to check all fix vulnerabilities tasks or delete them and create new tasks. In the tasks, it's suggested to use categories attributes (like severity level etc.) instead of the big list of vulnerabilities.

I need to use Split Tunnelling in Kaspersky VPN as one of my mail providers won't work with VPNs so that mail client is on the exception list not to use the VPN and works fine. The problem I have is that devices on the LAN that are accessed via a browser return a Bad Gateway error message and cant reach them. I don't want to put the browser in exception list as I want that traffic routed through the VPN. Is it possible to add IP addresses for LAN devices into the exception list so they don't get routed through the VPN? Windows 10 22H2 19045.6159 Kaspersky Small Office Security & Kaspersky VPN

Давайте не будем превращать тему в блог @Лексей и его отношениям с Катаной. пользуйтесь и пользуйтесь. все хорошо и ладно.

PostgreSQL 14.18 В требованиях есть 14.х

Тогда указывайте и наименование и версию БД, возможно, что несовместимость. Ну, и конфиг БД сразу приведите, может там не рекомендуемые параметры или ещё чего.

Are you the administrator of this suscription? Also, you can open a support ticket using my Kaspersky. Regards

Ну вот я и полноценный пользователь Катаны

У меня вроде пока что пробная лицензия, или про лицензию чего идет речь?

When I click on this link it appears like this. How can I know who the administrator is?

Ну как бы тут, в выводе, про проверку лицензии идёт речь? Нет? Как у Вас с оной обстоят дела? Добавили? Успешно?

Kaspersky Premium is just Kaspersky Plus with some additional services: https://support.kaspersky.com/help/Kaspersky/Win21.22/en-US/152975.htm

I was actually planning to migrate to Kaspersky Premium. What do you advise?

Hello, Please, open a support ticket en KSOS Portal or web. Regards

The website says that the small office security license includes the premium VPN, but it doesn't activate for me at all.

@Kevin K Welcome. Unfortunately in a lot of cases files can't be decrypted without the private key that is only known by the attacker and paying the ransom does not guarantee the encrypted files will be unlocked. Also please see : → https://www.nomoreransom.org/en/index.html → How to protect your PC against file-encrypting ransomware

Хотя нет, не влияет этот параметр (классические приложения) на работу компонента. Может быть, есть смысл обновиться до 21.22, если она еще не прилетела.

Welcome to Kaspersky Community. Firstly, migrate Your KIS to K. Standard, KIS is getting obsolete. After install Kaspersky Standard, recheck the URLs, and then I will answer the questions.

I have Kaspersky Premium installed and yesterday i got hit by the want_to_cry ransomware, can i get help on what to do next?

@Woitler По поводу несовместимых версий. Ваша версия 21.21 тоже несовместима. В адресной строке можете поменять соответствующие цифры - будет та же информация. Вплоть до старинной версии 21.8.

Добрый день! При попытке обновления веб консоль пишет превышено время ожидания. Служба kladminserver_srv.service выдает ошибки базы данных. Jul 25 08:12:41 ubuntu.packer.build klsecuritycenter_srv[255000]: Could not get primary index date. #2801 EkaMethodFailed: 'DoUpdate #1: UniversalUpdateAITask ##1: // updater // (KLUTIL::> Jul 25 08:12:41 ubuntu.packer.build klsecuritycenter_srv[255000]: >>> Update & retranslation task: One of subtasks failed (446F5570646174652023313A20556E6976657273616C557064617465414954> Jul 25 08:15:43 ubuntu.packer.build klserver[255000]: Debugging updater. Jul 25 08:16:19 ubuntu.packer.build kladminserver_srv[250689]: Database error occured: #1950 Generic db error: "[22003]`ERROR: integer out of range `, LastStatement=`CALL "licsrv_check"(110, -1, NULL);`" (D098D0BDD184D0BED180D0BCD0B0D186D0B8D18F20D0BED0B120D0BED188D0B8> Jul 25 08:16:19 ubuntu.packer.build kladminserver_srv[250689]: Database error occured: #1950 Generic db error: "[22003]`ERROR: integer out of range `, LastStatement=`CALL "licsrv_check"(100, 110, NULL);`" (D098D0BDD184D0BED180D0BCD0B0D186D0B8D18F20D0BED0B120D0BED188D0B> Jul 25 08:16:19 ubuntu.packer.build kladminserver_srv[250689]: Database error occured: #1950 Generic db error: "[22003]`ERROR: integer out of range `, LastStatement=`CALL "licsrv_check"(90, 100, NULL);`" (D098D0BDD184D0BED180D0BCD0B0D186D0B8D18F20D0BED0B120D0BED188D0B8> Jul 25 08:45:31 ubuntu.packer.build klsecuritycenter_srv[256017]: Could not get primary index date. #2801 EkaMethodFailed: 'DoUpdate #1: UniversalUpdateAITask ##1: // updater // (KLUTIL::> Jul 25 08:45:31 ubuntu.packer.build klsecuritycenter_srv[256017]: >>> Update & retranslation task: One of subtasks failed (446F5570646174652023313A20556E6976657273616C557064617465414954> Jul 25 08:48:33 ubuntu.packer.build klserver[256017]: Debugging updater. Также служба klwebrv_srv.service выдает ошибку /etc/systemd/system/klwebsrv_srv.service.d/override.conf:7: Unknown key name 'CapabilitiesParsec' in section 'Service', ignoring. С чем это может быть связано? Сервер на ubuntu 22.04, KSC 15.4