All Activity

Environment/Preconditions KSC - 12 KSWS - 11.0.1.897 You may find a massive increase in disk usage from the folder report under the Kaspersky folder. The size of the report folder will increase from around 2GB to 12GB, the files in the report folder have random name (like 340a13d9-2a50-4c4e-94d6-82a79d80da4b), which rapidly grows and consumes disk space. The file can be deleted to resolve the disk space full issue, which itself can cause many issues (can't log in to the server, KSWS stop, etc) To delete the file: Stop KSWS. Add permission/owner for the login account. Right-click and delete file. This issue is caused by the Task log setting under Log and Notification tab in the KSWS policy. To avoid the detailed events issue: Ensure that there are no Informational events in the Importance level option in each Component. Remove task logs older than (days) is selected. In case you do the above step and the random file is still keep growing rapidly (100 MB per hour), it may be causes by the flooding event. You can check the event flooding by using product local console. Install and launch KSWS tools and under Logs and Notifications node observe Task logs, System audit log and Security log in local UI. Check which event is generated in excessive amounts.

Странно, что раньше не было AdGuard в несовместимых - давно пора было ее добавить.

Second part of this article is also applicable to KSB 2.0, details about it below. It's rather hard to understand if malware channel works on KATA Sandbox or not. Here's a simple and reliable way of doing it. Step-by-step guide Create a .bat script with commands that you would normally execute in console to check internet connection - like ping or tracert, - and redirect commands output to file. Here's the example of such script. Upload this script to Storage and wait for it to be scanned: After the scan completes, download debug info with scan results. Unpack scan results using the password 'infected' without quotes. In folder task0 or folder task1, rename the file internal_tracing_report to internal_tracing_report.zip and unpack it. Open the file files.list with notepad and note the name of file that you used for commands output redirection (results.txt in our example script) Open the file with notepad to see the command results: Done! You will see the output of ping/tracert commands. In our example, ping command succeeded, but tracert failed with DNS problems, which means malware channel does not work properly and detection rate will be significantly decreased. How to test DNS on malware channel There is also an option to test DNS without running samples in Sandbox. Sandbox server uses core DNS servers in the wild web, not the ones specified in WebUI. DNS servers are accessed by VMs via local unbound server, which attempts to run DNS queries via internet interface. Interface namespace may be different, so in order to identify yours execute (after identifying proper dom* name execute command above): cd /var/run/netns ll Example: First, you need to jump to internet interface's namespace: /opt/kaspersky/sandbox/bin/ns_exec /var/run/netns/dom1 /bin/bash Then, test name resolution via local DNS server: dig @127.0.0.1 google.com Example: You can also test pings same way: /opt/kaspersky/sandbox/bin/ns_exec /var/run/netns/dom1 /bin/ping -c 3 8.8.8.8 Do not forget to exit the namespace via exit command!

Information in this article can be used when there are disk space limitations imposed on the folders used by KESL: /var/opt/kaspersky - default KESL installation folder /tmp - default folder used to store temporary files during the scan /var/opt/kaspersky To move files located in this directory you can create a symbolic link to another folder before installation. Use the following steps: Before installing KESL: mkdir /new/kesl/folder/ ln -s /new/kesl/folder/ /var/opt/kaspersky #root has to be the owner of all kesl subfolders below / chmod go-w,a-t /new Install KESL If you encounter "Fatal error: Invalid permissions. Check /, /opt, /opt/kaspersky, /var, /var/opt, /var/opt/kaspersky. Only root user should have write access to these directories." while running the post install script, make sure root is owner of all subfolders in the path to kesl executable. /tmp You can declare a new temporary folder for KESL by following these steps: Execute this: systemctl edit kesl Add the following: [Service] Environment="TMP=/new/temp/folder"

Consider the following scenario: Open update or scan KSWS task. Go to Schedule->Advanced→Task stop settings: Solution Task's stop settings are greyed out and cannot be changed. This is by design behaviour: Task stop settings can be changed only for real-time tasks - Real-Time File Protection and Script Monitoring. These tasks can be configured in KSWS policy to pause the execution at certain time not to interfere with 3d apps or speed up heavy operations. Task stop settings cannot be changed for Updater and On Demand Scan tasks. These tasks should be executed without pausing them.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. OS restart will be requested If you upgrading KEA above 3.11 version. About This article contains the best way of upgrading KEA 3.9 to the last KEA version avoiding possible known issues. Procedure Disable Password-protection and Self-Defense in KEA policy, lock the settings. Ensure that policy is applied on all devices. Upgrade KEA plug-in on the KSC side. Recreate KEA policy. Prepare installation package: - copy KEA distributive to KSC; - copy KEA Core-patch into the same folder; - copy KEA3.9_upgrade_script.zip into the same folder; - modify the last part of the script specifying the correct patch name (optional). Uncomment the last string if you want to install the patch right after KEA installation: Create an installation package on KSC → → Create and start "Install Application Remotely" task from KSC; Wait for successful completion; Enable Password-protection and Self-Defense in KEA policy after the upgrade is done. Upgrade Script:KEA3.9_upgrade_script.zip This scenario helps to avoid possible known issues with KEA 3.9 upgrade. Rarely, even the script doesn't work. The cause of it - KEA 3.9 Self-Defense. The files and services are marked for deletion but can't be deleted. So, if the script doesn't help you - the only possible way to complete the upgrade, unfortunately, is the reboot.

The scenario is applicable for KEA version 3.10 and above. There is no built-in feature to perform Yara-scan using KATA/EDR Expert 3.7.2. But if necessary, it's possible to perform it using KEA 3.10 and above. Yara-scan using the Command line Requirements: KEA 3.10 (and above) installed Files with Yara-rules (*.yara; *.yar) Scenario: Ensure that KEA is installed and running; Run the Yara-scan "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\agent.exe" --scan-yara --path c:\rules --folder c:\files --scan-files yes Syntax --path [PATH] - the location of yara-files --folder [PATH] - the scope of scanning (e.g. C:\ to scan all files on the C drive and subfolders) Results will be listed on the CLI Yara-scan using KATA/EDR Web-UI Alternatively you can perform the commend using "Run program" EDR task from Central Node. Yara-scan using KSC If KEA is installed and managed from KSC server, you can start the command by *.bat file using Remote installation task. Requirements: KEA 3.10 (and above) installed Files with Yara-rules (*.yara; *.yar) Shared folder with READ ALL access Shared folder with WRITE ALL access Follow these steps: Prepare the batch file Prepare Shared folders: one with READ and one with WRITE access for everyone Create installation package on KSC using *.bat file (see example below) Create and start "Install application remotely" task Example: *.bat file example @echo off "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\agent.exe" --scan-yara --path \\SHARE\YaraRules\ --folder C:\ --scan-files yes >> C:\Windows\Temp\yara-scan-results.txt copy C:\Windows\Temp\yara-scan-results.txt \\SHARE\YaraScanRusults\%computername%_results.txt The script will start Yara scanning using KEA: all files at C:\ will be scanned using all rules from \\SHARE\YaraRules\, results will be saved into \\SHARE\YaraScanRusults\ folder. \\SHARE\YaraRules\ folder should be available for READ \\SHARE\YaraScanRusults\ folder should be available for WRITE

Problem KEA writes in its event logs numeric task states. Solution Number Meaning 0 Unknown 1 PreparedToStart 2 Starting 3 Started 4 Stopping 5 Stopped 6 Reloading 7 Recovering 8 Failed 9 Completed

Problem KSWS10 and KSWS11 may have two issues because of the Application Control component: Can't uninstall KSWS with the error "There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run" Can't run GSI with this error "Unable to unpack the critical file. GsiSharp.bin" Solution Disable Application Control and retry uninstallation. Сollect GSI, if necessary.

This article is fully applicable to KSB 2.0 server as well You may want to gather KATA Sandbox diagnostics via SSH, without accessing Web UI. Here's how to do it. Step-by-step guide Login to Sandbox via SSH and become root. Then, execute the command: Produce collect sb-logs --create '/tmp' '-7' chmod 777 /tmp/sandbox-debug-report* sandbox-debug-report%timestamp%.tar.gz archive will be created in /tmp directory. Its name will be printed in the output, .e.g /tmp/sandbox-debug-report.2022-12-13.2022-12-20.tar.gz Use this full path as input for local scp to download it: Retrieve using scp scp admin@SB_IP:/tmp/path/to/sandbox-debug-report

Problem This error appears when newest MDR Configuration files that are above 1MB in size are uploaded into KATA WebUI following the integration scenario either to establish the integration or to replace the outdated config: https://support.kaspersky.com/KATA/3.7.2/en-US/201839.htm Solution Extend zip-archive file size limit from 1MB to 2MB: Become root: sudo su Open the file for modification: /opt/kaspersky/apt-request-utils/lib/request_utils/zip_checker.py Find the line in the file: def verify_zip(file_to_check, files=(), max_size=(1024 * 1024)) Change the max_size value to (1024 * 2048) def verify_zip(file_to_check, files=(), max_size=(1024 * 2048)) Save the changes. Restart uwsgi: systemctl restart uwsgi Clear the browser cache, reload page and check if issue is now fixed.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. In this scenario we will create an internal user "test-user" on KSC who has permission on admin group "Virtualized" only, while couldn't view nor manage admin groups "servers" and "workstations". Step-by-step guide 1. Take a backup from KSC admin server in order to make sure that incorrect changes will not impact your KSC. 2. Login to KSC admin server using admin account and go to KSC admin server → Monitoring → Administration server → Configure functionality displayed in user interface → check the box Display security settings section. 3. Close KSC admin console and re-open it again in order to apply the feature. 4. Go to KSC admin server → server properties → security → + internal user. 5. Don't assign Roles to the created user and only assign Rights. 6. The assigned Rights should be allow-all except Management of administration groups as per below. 7. Go to Managed devices → properties → security → uncheck inherit settings → assign the right to the user as per below. 8. For admin groups that the user will not manage (e.g. servers in this scenario). 9. For admin group that the user will manage (e.g. virtualized in this scenario). 10. Disconnect from KSC admin server and login to KSC console using the created user and you will find that he has access to only virtualized admin group as per below.

The symptoms of the issue are: Installation/upgrade of KSV LA 5.2 vSphere Virtual Machine is unresponsive after KSV LA 5.2 installation Based on the investigation results the problem related to NSX Introspection Drivers coming with VMware Tools. There is the article about it: https://kb.vmware.com/s/article/78016 Solution: The best option is to uninstall NSX File Introspection and NSX Network Introspection by modifying VMware Tools on a virtual machine. Try to upgrade VMware Tools up to the latest supported by vSphere version.

KATA doesn't have auto removal for inactive agents, and also it doesn't have support for VDI scenarios yet. So if you have many VDI clients in use, they will quickly fill up the license. Step-by-step guide KATA 3.7.2 You can set up cron task to remove clients periodically, for example, this code will remove clients older than 3 days sudo -u kluser psql antiapt -c "delete from agent_status where last_packet_time < (NOW() - INTERVAL '3 days');" KATA 4.0/4.1/5.0 docker exec -it `docker ps | grep kedr_database_server | awk '{print $1}'` psql -U kluser antiapt -c "delete from agent_status where last_packet_time < (now() - interval '2 weeks');" It will delete 2 weeks old inactive agents.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Problem "Removable disk" Encryption is enabled and the policy applied to the machines, but nothing happens when the client connects USB drive. Solution Encryption of the removable drives supports two modes: Encrypt entire removable drive: based on Kaspersky Full Disk Encryption (FDE), the entire disk including the file system is encrypted using klfde.sys. Encrypt all files or new files only: based on Kaspersky File Level Encryption (FLE), files on a removable drive are encrypted using klfle.sys and file system remains unchanged Encryption of removable drives (kaspersky.com). If you have collected GSI from an affected device, check file KL_Drivers_Versions_****.txt: If klfde.sys module is installed on the machine → there should be klfde.sys in KL_Drivers_Versions_****.txt file in GSI. If klfle.sys module is installed on the machine → there should be klfle.sys in KL_Drivers_Versions_****.txt file in GSI. If there's no GSI from an affected device, check: klfde.sys module is installed on the machine (in case of Encrypt entire removable hard drive) → path C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\klfde_x64 klfle.sys module is installed on the machine (in case of Encrypt all files or new files only on removable hard drive) → C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\klfle_x64 If none of the above exists, the related component as per Change application components (kaspersky.com) should be installed. Portable mode (which allows access to data outside the corporate network and allows encrypted data to be accessed on computers that do not have KES installed) is only available for File Level Encryption (FLE). It is not possible to enable portable mode support for Full Disk Encryption (FDE).

Please note that Kaspersky Light Agent 5.2 has been passed basic test scenarios on Windows Server 2022 and Windows 11. Currently KSV LA 5.2 supports installation on Windows Server 2022 and Windows 11.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Sometimes EDR agents generate more telemetry than anticipated. There's an option to tune telemetry collection via KEA bases, and in order to do it, telemetry profile, aka "topic-dump", is needed in ready-to-use format. In order to collect telemetry, do the following: Please do not run apt-sedr-reset before collecting topic dumps. Execute the following command and wait till it finishes (it may take significant time to finish, depending on the telemetry flow): KATA 3.7: docker exec -it $(sudo docker ps | grep kafka1 | awk '{printf $1}') kafka-console-consumer.sh --bootstrap-server 127.0.0.1:9092 --from-beginning --property print.key=true --property key.separator="~" --max-messages 2000000 --timeout-ms 200000 --topic EndpointEnrichedEventsTopic | head -n -1 | gzip > /tmp/topic-dump.gz KATA 4.0/4.1/5.0/5.1: docker exec -it $(sudo docker ps | grep kafka\: | awk '{printf $1}') kafka-console-consumer.sh --bootstrap-server 127.0.0.1:9092 --from-beginning --property print.key=true --property key.separator="~" --max-messages 2000000 --timeout-ms 200000 --topic EndpointEnrichedEventsTopic | head -n -1 | gzip > /tmp/topic-dump.gz Collect and provide to Kaspersky Support /tmp/topic-dump.gz

Problem KSWS detects certain exploit or malware frequently with N/A as an action in KSC reports. Solution 1. Download the latest patch for our product on the machine which detects the issue. 2. Download the latest Windows security updates on the machine to cover the potential vulnerabilities. 3. Make sure that the product has the latest updates from KLABs servers. 4. Check the events on the impacted server as sometimes KSC report shows "detection events" only with action N/A while KSWS already takes the action. i. If you find a blocking event, it’s probably N/A on the report (Cause the blocking event appears in the next warning event at the same moment). ii. If you couldn’t find a blocking event: a. Enable KSWS traces https://support.kaspersky.com/15618 b. In case the exploit or malware impacts system memory or the object path is .exe, download and run ProcMon (Process Monitor) https://support.kaspersky.com/common/diagnostics/10935 c. Restart the product’s agent. d. Simulate the issue and wait till correlated event being generated. e. Stop product’s traces and ProcMon. f. Collect export from server's events and GSI report including event logs and AVZ. https://support.kaspersky.com/common/diagnostics/3632#block7 g. Get KSWS reports if exists {c:\ProgramData\Kaspersky Lab\Kaspersky Security for Windows Server\11.0\Reports} i. Submit an issue to Kaspersky Support.

Problem After importing a custom certificate instead of a default self-signed one for accessing KSC 13 Web Console, you cannot reach Web Console. When using the default certificate, there is now issue with Web Console. Solution There are several causes and solutions for this issue: You might be using Internet Explorer or any other unsupported browser to access Web Console. So first we need to check if the browser is supported by KSC. Ref : https://support.kaspersky.com/KSC/13.1/en-US/96255.htm. You may use unsupported certificate's format. KSC Web Console can only work with PEM, not PFX format - https://support.kaspersky.com/KSC/13/en-US/191451.htm. If you use incorrect format, try to convert the certificate like described here: https://support.kaspersky.com/KSC/13/en-US/201428.htm. After converting the certificate you should be having 2 file formats ready: .crt and .pem. If you use correct browser and certificate, follow these steps: Run the Web Console installation package (KSCWebConsoleInstaller.12.0.<build number>.exe) again and follow the instruction here to upload the certificate and the key https://support.kaspersky.com/KSC/13/en-US/184363.htm. During the procedure when setting up the Trusted Administration Servers, you would be requested to provide the path for the trusted KSC's Administration Server certificate. Do note that this is a different certificate from the Web Console's certificate. By default, the Administration Server certificate file is stored in the ALLUSERSPROFILE%\Application Data\KasperskyLab\adminkit\1093\cert folder (ensure you correctly identify the path and also that the path is accessible). Once done, open the browser -> clear cache, cookies & history -> exit browser -> Open again. This should solve the problem.

This article applies to KEA 3.10+ Problem You need to install KEA on a host running MS Exhange 2013, 2016, 2019 server, and ensure compatibilty. Solution Add the following values into registry (should be done with "Local System" rights): [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\SOYUZ\4.0\Environment] "EnablePorts"=dword:00000001 "EnableSignatureLevel"=dword:00000001 "ServerProfile"=dword:0000000a In KEA policy, add the following telemetry exclusions: We highly recommend NOT to exclude UmWorkerProcess.exe. C:\Program Files\Microsoft\Exchange Server\V15\Bin\ComplianceAuditService.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\EdgeTransport.exe C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\fms.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\HygieneMicrosoft.Exchange.ContentFilter.Wrapper.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Diagnostics.Service.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Directory.TopologyService.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.EdgeCredentialSvc.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Notifications.Broker.exe C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.ProtectedServiceHost.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.RPCClientAccess.Service.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Search.Service.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Servicehost.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Store.Service.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Store.Worker.exe C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeCompliance.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDagMgmt.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDelivery.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeFrontendTransport.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMHost.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMWorker.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxAssistants.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxReplication.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeRepl.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeSubmission.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransport.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransportLogSearch.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeThrottling.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\Noderunner.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\OleConverter.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\ParserServer\ParserServer.exe C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\ScanEngineTest.exe C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\ScanningProcess.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\UmService.exe C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\UpdateService.exe C:\Program Files\Microsoft\Exchange Server\V15\Bin\wsbexchange.exe

Problem If you found out that KSWS installations are somehow corrupted, and you're not able to remove it using conventional means (using misexec and/or appwiz.cpl), please do not use kavremover and/or mszap tools. Do not attempt removing the product manually as our goal is to determine the root cause of the product moving to this inconsistent state. Solution Please provide Kaspersky Support with the pertinent GSI log of the affected host and KSWS msi installer logs containing all the previous installations/modifications of the product that have led it to its current state. Locate and copy all msi files from the windows temp folder and the user temp folders: %systemroot%\Temp :\Users\<username>\AppData\Local\Temp Or simply collect all files from those folders from the affected machine. Also, clarify the exact timestamp when the issue have started to occur, or an approximate date and time when you have noticed the problem on the affected host for the first time, and when the last time was when the product was working just fine on the said host as well. Based on this data it will be potentially possible to provide an automated msiexec string to repair and/or removing the product automatically, and more importantly it will give us a better chance of determining the root cause.

If you are writing your own rules for YARA engine on Central Node, you may need available modules in YARA and engine version. Engine version is 3.7-3.11 in KATA 3.7.x Engine version is 4.10 in KATA 4.1 and KATA 5.0 Here's the list of modules: tests pe elf math time pe_utils magic hash dotnet dex For more info on modules, please refer to YARA documentation.

Problem How to configure KEA exclusions required for KEA installed on AD controllers to prevent its slowdown and high hardware resources consumption. Step-by-step guide Add the following registry key to affected AD controller registry: [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\SOYUZ\4.0\Environment] "EnablePorts"=dword:00000001 "EnableSignatureLevel"=dword:00000001 "ServerProfile"=dword:0000000a This operation should be done as Local System account (either locally via psexec or via .bat script (attached) deployed via KSC and Network Agent). Please restart Endpoint Agent service after this change. This option will make KEA exclude the ports: Exclusions WinRM Exclution DHCP Exclude DNS Exclude SSDP Exclude mDNS Exclude LLMNR Exclusions RPC/NetBios Exclude LDAP Exclude Kerberos Networking and RabbitMQ Exclude Delivery Optimization for Windows 10[244] Exclusions Microsoft SQL Server database management system (MSSQL) server Exclusions In Windows Server 2008 (and Windows Vista), the dynamic port range is 49152-65535, for both TCP and UDP.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Make sure the network agent of KSCCC has already been implemented: Download the Network agent installer of KSCCC from the web console. Click the installer and confirm that it has already has been installed and click OK. Finding the HDS site which is used by this NA： Run the klnagchk utility within C:\Program Files (x86)\Kaspersky Lab\NetworkAgent to check the network connection. By running the utility klnagchk you find that the server address received from HDS is e009.ksc.kaspersky.com Regarding the HDS:Hosted Discovery Service please refer to the online guide here: https://support.kaspersky.com/KSC/CloudConsole/en-US/200848.htm If Request timed out appears while using ping, then that means that the KSCCC server is not accepting incoming ICMP traffic. And the PSPing utility from MS KB: https://docs.microsoft.com/zh-cn/sysinternals/downloads/pstools also has the same output: We recommend to use PowerShell command Test-NetConnection Test-NetConnection e009.ksc.kaspersky.com -port 23100 Then if connection successfully established you will see the following response:

When administrator attempts to establish a connection between KS4O365 workspace and their Exchange online organization by doing the following in the administration console: Office 365 connection → Exchange Online connection → Grant Access → passes the consent validation algorithm but in the end gets the Error processing the request error: This error is usually triggered by the browser settings on the client host that is performing the consent validation. Upon executing consent validation algorithm we get the access token from Microsoft. Then we redirect browser to our web site's URL and attach access token as a cookie. Upon redirecting, cookie with access token is lost/blocked somehow, usually this is caused by one of the following reasons: Browser filters cookies on its own. For instance due to some extensions, browser settings, or due to some beta version of browser with paranoid default security settings. Some 3rd party program, for example a file anti-virus, is blocking access to the file with the browser's cookies on the local hard drive. Thus, the following action plan is suggested. Step-by-step guide Clear all history, cache and cookie in the web-browser, restart it and check the reproduction. If it doesn’t help, then please make sure that the same error occurs if you try to do the same operation in another web-browser supported by the product (https://support.kaspersky.com/KS4MO365/1.2/en-US/141858.htm) or in incognito mode of the browser. Also, temporarily disabling anti-malware solutions or any 3-rd party products that might be blocking/locking/inspecting browser's cookie files is called for. If the issue will persist, then please do the following: 1. Open Google Chrome web-browser. 2. Press F12 keyboard button. 3. Enable Preserve log option in Network tab. 4. Reproduce the whole scenario from the begging (log into business hub account) and the issue itself. 5. Make an error screenshot with time stamp. 6. Export Network debugging results to HAR-file. 7. Provide HAR-file + screenshot to the Kaspersky Support. Also we will be interested in the URL that will be shown when the error will pop-up in the browser.