All Activity

Ну все, теперь, значит, вся яндекс-реклама будет отдыхать.😄

На этой ноте закрываю тему.

Как? Там речь о других антивирусных продуктах 😉 и на форуме бета-тестирование обещали улучшения Анти-баннера. Может стоит им принять участие в программе Allowlist, если они ранее не участвовали. Так проще, так легче, чем связываться и пытаться решить проблему с разработчиком. Просто очень настойчиво и почти ежедневно будет об этом предупреждать.

В конфиге ровно то что в инструкции написал, ничего больше. Когда пытаюсь его сюда вставить пишет forbidden https://support.kaspersky.ru/ksc-linux/15.4/241223 https://support.kaspersky.ru/ksc-linux/15.4/242538 Вот этими статьями пользовался

Ну да, о том и речь, что не видят они особой проблемы.) Но если будет шквал недовольств пользователей, придется все же как-то решать - дать возможность хотя бы скрывать уведомление.) Попробую уточнить насчет невозможности скрывать уведомление, сообщу потом, если получится.

This error may be caused by non-Latin characters in the policy name. To fix this issue, check existing policy and place it with a new one, if it has non-Latin characters in its name: 1. In the NSX web console: Navigate to Security → Endpoint Protection Policies. 2. Delete the existing policy with Non-Latin characters in its name. 3. Create a new policy using English-only naming conventions.

Scenario Enable Network Threat Protection Connect another Mac via a thunderbolt cable Try to send any data from one computer to another Connection times out Workaround & Solution Connect computers by other means or disable NTP when using Thunderbolt bridge. RCA This issue is caused by a bug in macOS' built-in packet filter and was reported to apple.

Problem There are several problems with similar causes: 1) KESL postinstall script produces error. Warning: Failed to set up KSN 2) KESL is installed and running. However, the kesl-control command outputs something like that: kesl-control --app-info Connection refused. Invalid user permissions for /var. Only root user should have write access to this path. kesl-control --app-info Could not connect to Kaspersky Endpoint Security 11.2.2 for Linux 3) KESL is installed and running, kesl-control indicates no problems. However, kesl-gui shows the Application is currently unavailable error. 4) KESL is installed and running, nagent indicates no connectivity problems. However, KSC shows that KESL is stopped and can't be started. 5) (Starting from 11.3) KESL journal errors "RemoteConnectionRejected" EventType=RemoteConnectionRejected EventId=4385 Initiator=Product Date=2024-04-09 16:28:59 DangerLevel=Critical Reason=InvalidPermissions Path=/var Process=/var/opt/kaspersky/kesl/11.4.0.1096_1684141407/opt/kaspersky/kesl/bin/kesl-control 6) (Starting from 11.3) Nagent errors "Remote Connection Rejected" Note that in case the problem is with nagent itself (i.e not kesl-control or kesl-gui), nagent actually will not send these events to KSC due to very same issue. Root cause KESL service implements defensive internal logic which denies connections from not "trusted" processes. One of the causes is that the process executable file or some library it loads can be overwritten by a non-root user: 1) The Owner is not "root". 2) FS write permission is granted to "Group" or "Other". Such errors often serve as indication of some erratic configuration. For example: Some system administrators change ACL for /opt or other folder (which is supposed to not be widely accessible) to 777 because they don't want to work via sudo; In Astra Linux, the owner of the /var directory is sometimes changed to the fly-dm service user due to an error in the fly-dm package. Astra developers confirmed this bug and released fix. If the issue reproduces with new fly-dm versions, address Astra support. LD_PRELOAD variable may be used to load arbitrary libraries for any given process including KESL. This is usually the case when you see non-root permissions errors for some third-party libraries. Solution To restore proper permissions, use the chown and/or chmod commands: chown root:root /path/to/folder chmod g-w,o-w /path/to/folder Please exercise caution and rely upon common sense when changing permissions for / and folders straight under /. It depends on the environment which files/folders are checked, thus a complete list cannot be provided. 1) # ls -ld / /var /var/opt /opt /opt/kaspersky /bin /usr /usr/lib /usr/lib64 | egrep -v '^d.{4}-.{2}-.*root root' drwxr-xr-x. 20 x root 279 Apr 5 14:30 /var 2) (kesl 11.3+) check for RemoteConnectionRejected events. Path parameter should contain faulty directory. Check for events by directly querying events.db, or querying event database via kesl-control, or kesl-control errors depending on scenario. See examples Broken permissions for kesl, kesl-control errors root@dc-ubuntu:~# chmod 777 /var/opt/kaspersky/kesl/ root@dc-ubuntu:~# kesl-control --app-info Connection refused. Invalid user permissions for '/var/opt/kaspersky/kesl'. Only root user should have write access to this path. Broken permissions for klnagent, events.db query via kesl-control root@dc-ubuntu:~# chmod 777 /opt/kaspersky/klnagent64 root@dc-ubuntu:~# systemctl restart klnagent64 root@dc-ubuntu:~# kesl-control -E --query 'EventType=="RemoteConnectionRejected"' | tail -n 20 Process=/opt/kaspersky/klnagent64/sbin/klnagent EventType=RemoteConnectionRejected EventId=11301 Initiator=Product Date=2024-04-10 18:01:53 DangerLevel=Critical Reason=InvalidPermissions Path=/opt/kaspersky/klnagent64 Process=/opt/kaspersky/klnagent64/sbin/klnagent EventType=RemoteConnectionRejected EventId=11302 Initiator=Product Date=2024-04-10 18:02:04 DangerLevel=Critical Reason=InvalidPermissions Path=/opt/kaspersky/klnagent64 Process=/opt/kaspersky/klnagent64/sbin/klnagent events.db query via 3rd party tool (sqlite3 utility) root@dc-ubuntu:~# sqlite3 /var/opt/kaspersky/kesl/private/storage/events.db 'SELECT date,process,path FROM events WHERE eventtype=134 ORDER BY date DESC LIMIT 3' 2024-04-10 16:17:16|/var/opt/kaspersky/kesl/11.4.0.1096_1684141407/opt/kaspersky/kesl/bin/kesl-control|/var 2024-04-10 15:09:04|/opt/kaspersky/klnagent64/sbin/klnagent|/opt/kaspersky/klnagent64 2024-04-10 15:08:49|/opt/kaspersky/klnagent64/sbin/klnagent|/opt/kaspersky/klnagent64 3) To get a full list of files loaded by KESL or klnagent, you can read /proc/<pid>/maps. Use commands in the example below to filter out all application-specific files that are located in the folders listed above and to see what other files are used: # cat /proc/$(pidof -s klnagent)/maps | awk '{print $6}' | grep ^/ | grep -v 'kaspersky' | sort | uniq /usr/lib64/gconv/gconv-modules.cache /usr/lib64/ld-2.17.so /usr/lib64/libattr.so.1.1.0 /usr/lib64/libbz2.so.1.0.6 /usr/lib64/libc-2.17.so /usr/lib64/libcap.so.2.22 /usr/lib64/libdl-2.17.so /usr/lib64/libdw-0.176.so /usr/lib64/libelf-0.176.so /usr/lib64/liblzma.so.5.2.2 /usr/lib64/libm-2.17.so /usr/lib64/libnss_dns-2.17.so /usr/lib64/libnss_files-2.17.so /usr/lib64/libnss_myhostname.so.2 /usr/lib64/libpthread-2.17.so /usr/lib64/libresolv-2.17.so /usr/lib64/librt-2.17.so /usr/lib64/libz.so.1.2.7 /usr/lib/locale/locale-archive # cat /proc/$(pidof kesl)/maps | awk '{print $6}' | grep ^/ | grep -v 'kaspersky' | sort | uniq /usr/lib64/gconv/gconv-modules.cache /usr/lib64/ld-2.17.so /usr/lib64/libc-2.17.so /usr/lib64/libdl-2.17.so /usr/lib64/libm-2.17.so /usr/lib64/libnss_dns-2.17.so /usr/lib64/libnss_files-2.17.so /usr/lib64/libpthread-2.17.so /usr/lib64/libresolv-2.17.so /usr/lib64/librt-2.17.so /usr/lib64/libz.so.1.2.7 /usr/lib/locale/locale-archive

так их продукт не удаляют принудительно, просто предупреждают )

Don't apply to PCN, it will lead to the disconnection of all SCNs attached and will not restore automatically Problem Description A PCN connection request got stuck in the "Waiting" status and doesn't result in failure. The reboot doesn't help. It can happen if, for example, a SCN IP was specified instead of PCN. Solution Run the following commands as root: Cancel PCN connection request # console-settings-updater get /ipsec > /home/admin/ipsec.orig.json && chmod 777 /home/admin/ipsec.orig.json # console-settings-updater set /ipsec "{}" Clear the browser cache. Reload the page. Alternatively, force the reload (Ctrl+F5 in FF). The server status will revert to the Standalone solution. Select the Distributed solution, specify the correct IP of PCN and retry to connect. To restore config in case of error: Cancel PCN connection request # console-settings-updater set /ipsec @/home/admin/ipsec.orig.json

Issue An attempt to send POST request via KPSN API from a Windows client.: curl --cert C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem --key C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_key.pem -k -X POST -d "{\\"action ": \\"check_url\\",\\"data ": {\\"urls ": [\\"website1.com "]}}" https://10.90.116.27:80/api/ Fails with the following error: curl: (58) schannel: Failed to import cert file C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem, last error is 0x80092002 There is no such issue when using curl on a Linux client. Cause The used version of curl.exe on Windows is not configured to work with OpenSSL. Solution Use other tools to send requests, e.g Insomnia or curl from Git for Windows.

Problem Description, Symptoms & Impact Local installation from a standalone package fails Diagnostics Check installation logs of the product. We are looking for the following string: 09.02.2022 17:06:19.453 00000374.000028B4 L1 KLSTD: #1, Error was caught in KLERR_throwError, c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061. Error params: (1187/0x0 ("Bad parameter "VerifyCertDate""), "KLSTD", c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061) Error loc: ''. This string means that a certificate in the package is out of date Workaround & Solution In order to fix the problem you should: Log in to your KESCloud console Change a language \ proxy settings of the existing installation package Save changes Return needed language \ proxy settings Save changes Download a new standalone package and install products

Problem When you install Kaspersky Security for Mobile on Android from Kaspersky Endpoint Security Cloud using the link sent via Send instructions, an error "Installation package not found" may appear. This happens when the Operating System installed on the device is not recognized. Solution Remove KESM from the affected device. Open KES Cloud & browse to Users. Find the User with the device that cannot synchronize with KES Cloud. Send instructions to this User. User will get an email with new link. Download KESM via link from KES Cloud invitation email. If the installation fails install it from an application store (Galaxy Store, Huawei AppGallery, RuStore, or Xiaomi GetApps) or from Kaspersky website https://www.kaspersky.com/small-to-medium-business-security/downloads/endpoint When KESM will request server address, open the KES Cloud email then copy the whole link from the email and paste it to the Server field. Important Input KES Cloud address from the email when KESM will request a server address for the first time The copied link must look like: https://sXXX.cloud.kaspersky.com:8080/getPackage?vServerName=d8axxxxxxx0d7d2&packageID=CxxxczMzOC5jbG91ZC5rXXXXXXYUYYYYYYYYYFpbD1ZbTkxY21kdmRTNTZhV1ZrUUxxxxxU52YlE Provide all necessary permissions. Try to synchronize the device with KES Cloud.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI9735.tmp, Entrypoint: DisableWindowsDefender DisableWindowsDefender: Entering DisableWindowsDefender in C:\Windows\syswow64\MsiExec.exe, version 5.0.15063.0 DisableWindowsDefender: Failed to access local group policy. Error 0x80004005. DisableWindowsDefender: DisableWindowsDefender: finished. Return value 1603. CustomAction DisableWindowsDefender returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 11:27:28: InstallExecute. Return value 3. According to the log, something is preventing KES from disabling Windows Defender. The KES installer calls the MS API function OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY) https://msdn.microsoft.com/en-us/library/aa374275(v=vs.85).aspx, which returns an error. This problem is not related to KES, therefore only workarounds can be suggested. Most likely, the problem is related to Group Policy and is on the Microsoft Windows side. Solution Move the affected computer under default AD policy, then try to install KES once again. In case it will not help Here are some additional ways to solve the problem. No guarantee that they will work, and no responsibility for the effect, as they are not related to KL products. registry.pol related issues Delete C:\Windows\System32\GroupPolicy\Machine\registry.pol Restart the SMS Agent Host service to force ConfigMgr to reload the policies. Sometimes it is also necessary to reinstall the ConfigMgr client. gpt.ini related issues Replace C:\Windows\System32\GroupPolicy\gpt.ini with a copy from an unaffected computer.

Description and cautions The original scenario located on the page https://support.kaspersky.com/kes11mac/diagnostics/15299, requires a lot of efforts and manual manipulations. I am offering a bit easier and time-saving approach doing the same. Details All the commands from the original document are saved here, but placed together and being run one after another consequently; the old product logs are also wiped up in order to avoid mess: Login under root: sudo -i Enable KESMac KLnagent tracing: rm -rf /Library/Logs/Kaspersky\ Lab/* /Library/Logs/klnagent_trace.log && launchctl unload /Library/LaunchDaemons/com.kaspersky.klnagent.plist && cat /Library/LaunchDaemons/com.kaspersky.klnagent.plist > /Library/LaunchDaemons/com.kaspersky.klnagent.plist.backup && chmod ugo+w /Library/LaunchDaemons/com.kaspersky.klnagent.plist && curl -o klnagent_enabled_traces.zip -J -L https://media.kaspersky.com/utilities/CorporateUtilities/klnagent_enabled_traces.zip && unzip klnagent_enabled_traces.zip && cat klnagent_enabled_traces.plist > /Library/LaunchDaemons/com.kaspersky.klnagent.plist && chmod ugo-w /Library/LaunchDaemons/com.kaspersky.klnagent.plist && launchctl load /Library/LaunchDaemons/com.kaspersky.klnagent.plist Now you can check the log is being written: ls -lh /Library/Logs/klnagent_trace.log In case you need to enable KESMac tracing, refer to the specially dedicated article https://support.kaspersky.com/kes11mac/diagnostics/15041; It is time to reproduce the issue; When it is done, disable KESMac KLnagent tracing the same manner (ensure, you are still under root: sudo -i): launchctl unload /Library/LaunchDaemons/com.kaspersky.klnagent.plist && chmod ugo+w /Library/LaunchDaemons/com.kaspersky.klnagent.plist && cat /Library/LaunchDaemons/com.kaspersky.klnagent.plist.backup > /Library/LaunchDaemons/com.kaspersky.klnagent.plist && chmod ugo-w /Library/LaunchDaemons/com.kaspersky.klnagent.plist && launchctl load /Library/LaunchDaemons/com.kaspersky.klnagent.plist Upon finish, gather the collect package (https://support.kaspersky.com/collect) curl -o collect.tar.gz -L "https://box.kaspersky.com/f/00a1a6d8beb24554a72d/?dl=1" && tar -zxvf collect.tar.gz && chmod +x collect.sh && sudo ./collect.sh

As stressed in the product documentation, Sandbox, which is deployed as a Virtual Machine, should have an exact sizing, violation of which may lead to various issues. The only parameter that can be varied is a CPU clock rate. Common mistake The most notable mistake regarding scaling up VM sandboxes is an attempt to make one huge Sandbox VM with two to four times the required RAM/CPU as dedicated resources. Correct approach is to create a respective number of additional VMs and distribute these resources between them. For example, if you want to double the performance of a KATA Sandbox VM instead of adding 15 more CPU cores and 32 more gigabytes of RAM to an existing Sandbox, you need to deploy a new Sandbox VM with the following resources: CPU: 15 cores, 2.1 GHz or higher RAM: 32 GB HDD volume: 300 GB Two network adapters with 1 Gbit/s data transfer rate Virtual machine settings: Only VMware ESXi hypervisor is fully supported. Nested virtualization is enabled Supported VMware ESXi versions 6.5, 6.7U3 or 7.0 hypervisor. Entire CPU clock rate reserved. For a minimum CPU clock this means 12*2100=25200 MHz reserved. For a clock rate higher than 2.21Hz, use the following formula to calculate the entire CPU clock rate: 12 * <clock rate in MHz>. Entire RAM reserved (32 GB). Expose hardware assisted virtualization to the guest OS check box selected. Latency Sensitivity option set to High. No Secure Boot. The maximum number of simultaneously running virtual machines set to 12. Please note, these cannot be checked from a debug report or from inside of the VM, as these settings are configured in a hypervisor. Checking VMX file Obtain a .vmx file of the respective sandbox VM. Demo video showing how to locate a .vmx file. Note, that in this video the goal is to modify the .vmx, and we only need to access it for reading, therefore, there is no need to unregister a VM from inventory as done in video. All the following lines in .vmx file must match exactly with the following two exceptions: For sched.cpu.min, the value can be higher than 25200, see formula above. Line uefi.secureBoot.enabled might be absent, which is OK. Correct .vmx settings numvcpus = "15" sched.cpu.units = "mhz" sched.cpu.min = "26400" memSize = "32768" sched.mem.min = "32768" vhv.enable = "TRUE" sched.cpu.latencySensitivity = "high" uefi.secureBoot.enabled = "FALSE" ethernet0.present = "TRUE" ethernet1.present = "TRUE" Checking number of slots In the Sandbox web interface window, select the Administration section. In the Guest virtual machines group of settings, in the Maximum simultaneous VMs field, number of simultaneously running virtual machines must equal 12.

Symptoms OS hang, sometimes with open file errors in journals Customer application degrades with errors "unable to open file", "too many open files" Hangs and third-party (compatibility) issues often require advanced data collection and are sophisticated to investigate. However, a quick check is possible: On a system where KESL has worked for some time (not immediately after reboot/restart), validate the output of the following command, ran as root, for numerous records of /usr/bin or /usr/sbin folders lsof | grep -E 'kesl.+DIR.+\/usr\/s?bin' Root Cause Under heavy load, KESL may display linear increase in file descriptors usage (sysctl - fs.file-nr) up to system-wide limit (sysctl - fs.file-max) and eventually degradation. Workaround Schedule restart of KESL service every week/day, depending on intensity of descriptors growth. NB: KESL restart will also reset progress of certain tasks like "malware scan" and "database update". Schedule KESL restart outside of tasks timeframes. Solution This issue was fixed in KESL 12.1.0.1274, so an update to that or newer version should fix it.

Problem Error Failed to get IP addresses for connecting to SVM appears during SVM deployment. Solution To troubleshoot this problem, you need to follow our step-by-step guide: I. Disable SVM rollback Go to C:\Program Files (x86)\Kaspersky Lab\Kaspersky VIIS Console\ for KSV LA 5.1 or to C:\Program Files (x86)\Kaspersky Lab\Kaspersky VIISLA Console for KSV LA 5.2 Edit the Kaspersky.VIISConsole.UI.exe.config file Uncomment <!--<add key="disableRollback" value="1" />--> (delete <!-- and-->) Save changes II. Enable VIIS traces Go to C:\Program Files (x86)\Kaspersky Lab\Kaspersky VIIS\ for KSV LA 5.1 or to C:\Program Files (x86)\Kaspersky Lab\Kaspersky VIISLA for KSV LA 5.2 Open NLog.config file in a text editor Find the line <logger name="*" minlevel="Info" writeTo="file"/> and change minlevel value from Info to Trace Save changes III. Enable extended logging of deployment wizard Go to C:\Program Files (x86)\Kaspersky Lab\Kaspersky VIIS Console\ for KSV LA 5.1 or to C:\Program Files (x86)\Kaspersky Lab\Kaspersky VIISLA Console for KSV LA 5.2 Open NLog.config file in a text editor Find the line <logger name="Kaspersky.Virtualization*" minlevel="Info" writeTo="DeployWizardLog" final="true"/> and change minlevel value from Info to Trace for KSV LA 5.1 and <logger name="DeployWizardFileLogger" minlevel="trace" writeTo="DeployWizardLog" final="true"/> and change minlevel value from off to Trace for KSV LA 5.2 Save changes IV. Start troubleshooting Start SVM deploying wizard and don’t forget to enable option Allow remote access via SSH for root account. Wait for the error and then, make sure that deployment wizard skipped rollback step. Disable all traces returning to the previous values. Connect to SVM directly, using hypervisor. Login to SVM OS under the root account, using default password 7czWtTKhCgrvEYBHb3rE This password can be applied only during troubleshooting process with disabling SVM rollback and it wouldn't work with normally deployed SVMs. Use command ifconfig to check if the SVM received network adapter settings, specified at the beginning of installation. Try to establish connection by SSH from KSC (where VIIS installed) to the SVM. If SSH connection fails, then there are no issues with Kaspersky product. You should configure the environment according to our system requirements. Especially, at the side of ports accessibility. Configuring ports used by the application If the SSH connection established successfully, please collect the following data and send it to Kaspersky Support: Data to be collected Screenshot of network settings that has been applied to the SVM VIIS log from - C:\ProgramData\Kaspersky Lab\VIIS\logs for LA 5.1 and C:\ProgramData\Kaspersky Lab\VIISLA\logs\ for LA 5.2 Deployment wizard detailed log from - C:\Users\<Account>\AppData\Local\Kaspersky_Lab\ViisConsole for LA 5.1 and C:\Users\<Account>\AppData\Local\Kaspersky Lab\Kaspersky VIISLA Console\logs\ for LA 5.2 /var/log/ – from SVM /var/opt/– from SVM

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. You need a Mac device with macOS 14+ to supervise iOS device log via Apple Configurator Your iOS device will be reset to factory settings during supervising Download Apple configurator via App Store. Run Apple Configurator. Connect your iOS device. Unlock the device and tap Trust. Select your device and click on the Prepare button Select 'Manual Configuration'. Check 'Supervise devices' and 'Allow devices to pair with other computers' (if you want to allow it). Click on the Next button. Leave it on "Do not enroll in MDM" and click on the Next button Click on the Skip button Enter information about your organization (only 'Name' filed is mandatory'). Click on the Next button. Select 'Generate a new supervision identity'. Click on the Next button. In the next window you should choose which steps will be presented to the user in Setup Assistant. You can choose 'Show all steps', 'Do not show any of these steps' and 'Show only some' steps - in this options you must select the steps. Click on Prepare button. Enter password for your macOS account Click on Erase button. Your device will be reset to factory settings. Wait while your device will be prepared When your device will be turned on, you should see that your device is supervised and managed by your organization in device settings Now you can install iOS MDM profile to this device and apply iOS MDM policy with options for supervised devices.

Description Error looks like this: You can't download trace log. But there is free space on the disk: Cause You will see this error if free disk space less than 10G. KWTS is not in sizing 200 GB of hard drive space, which includes: 25 GB for temporary file storage 25 GB for log file storage How to solve a problem Bring disk sizing to minimum hardware requirements

Description After generating a trace log and then attempting to download it via the KWTS 6.1 web interface, it fails with an error if the trace log is more than 1GB (one gigabyte). The error is duplicated on different devices in different browsers: Mozilla, Chrome, Edge. In Mozilla, the download stops with "Failed to download file" Chrome goes into an endless download attempt, the download is interrupted at 1GB, after which the speed drops to 0kb/s and the download starts all over again. How to solve To resolve the problem with downloading a large trace log, follow this procedure: 1) Connect to the Kaspersky Web Traffic Security node via SSH to access the technical support mode. If SSH access has not been previously configured, you must first log into the web interface as a local administrator and configure access by uploading the SSH public key. 2) Go to the /etc/nginx/conf.d directory, make a backup copy of the kwts_webapi.conf and kwts_controlapi.conf files if you have not done so before: cd /etc/nginx/conf.d cp -p kwts_webapi.conf kwts_webapi.conf.backup cp -p kwts_controlapi.conf kwts_controlapi.conf.backup 3) Open the /etc/nginx/conf.d/kwts_webapi.conf file for editing and add the line marked below in green to the location /web/api block: location /web/api { ... uwsgi_max_temp_file_size 0; include uwsgi_params; ... } 4) Open the /etc/nginx/conf.d/kwts_controlapi.conf file for editing and add the line marked below in green to the location /ctl/v1 block: location /ctl/v1 { ... uwsgi_max_temp_file_size 0; include uwsgi_params; } 5) Restart nginx using the command systemctl restart nginx 6) Check the status of the nginx service, it should be running. systemctl status nginx The described steps must be repeated on each node of the Kaspersky Web Traffic Security cluster. After completing the procedure, restart your web browser and reconnect to the Kaspersky Web Traffic Security 6.1 web interface.

To create a Certificate Signing Request file using the openssl utility: 1. Prepare a file named sandbox.config with the following contents: [req] default_bits=2048 prompt=no default_md=sha256 req_extensions=req_ext distinguished_name=dn [dn] C=AE ST=North L=Dubai O=ABC LAB OU=IT Security emailAddress=security@abc.lab CN=katasb.abc.lab [req_ext] subjectAltName=@alt_names [alt_names] DNS.1=katasb.abc.lab 2. Create a private RSA key with the PEM extension (without a passphrase): #openssl genrsa -out sandbox.key 2048 3. Create a Certificate Signing Request using the following command: #openssl req -new -sha256 -key sandbox.key -out sandbox.csr -config sandbox.config 4. Generate the certificate (as Web Server certificate) from Internal CA in Base 64 encoded and copy the certificate and key to the KATA SB Server Note: you might need to allow the connection using WinSCP (https://forum.kaspersky.com/topic/how-to-copy-files-tofrom-kata-katakedre-37146/ section 1.2). Access your internal CA from Domain Controller using https://dc.abc.lab/certsrv and follow the instructions as below screenshots. 5. To convert the DER encoded PKCS#7 file, use the following command: #openssl x509 -inform PEM -in sandbox.cer -out sandbox.crt 6. On the Sandbox server in SSH mode, Create a backup of original files both the private key and the certificate with same rights as it was before. #cp -p /etc/nginx/ssl/server.crt /etc/nginx/ssl/server.crt.orig #cp -p /etc/nginx/ssl/server.key /etc/nginx/ssl/server.key.orig 7. Replace the original files with your files #cat my_cert.crt > /etc/nginx/ssl/server.crt #cat my_cert.key > /etc/nginx/ssl/server.key 8. Rights and owner of the files should be same #ll /etc/nginx/ssl -rw-r----- 1 root klusers 2008 Feb 8 15:51 server.crt -rw------- 1 root root 1732 Feb 8 15:51 server.key 9. If the rights are different for the new files, then use the below command to change the rights and ownership #chmod 640 server.crt #chown root:klusers server.crt #chmod 600 server.key #chown root:root server.key 10. Restart nginx service #systemctl restart nginx.service 11. Open the KATA SB Web UI using the hostname and verify the certificate.

Descriptrion You can see an issue like this: You can also find log entries like this in diagnostic_info\logs\var\log\kwts-traces.log Line 1538367: Jan 11 18:12:33 kwts2 KWTS Licenser[1154]: 1241 INF httpcli#011Req 0x7fecd003b9d0 CURL: Could not resolve host: activate.activation-v2.kaspersky.com Line 1538460: Jan 11 18:12:33 kwts2 KWTS EventLogger[1062]: 1102 DBG APP: void lms::event_logger::LoggerHelperProcFrontend::SendCommand(const lms::event_logger::HelperProcCommand&, const string&)message is: license error: Could not resolve host Or like this Line 4667143: Nov 18 16:02:12 32-vs-kwts02 KWTS Licenser[1675]: 35735 DBG APP: virtual result_t lms::licenser::utils::RequestCompleteEvent::OnRequestComplete(licensing::facade::product::ILicensing*, licensing::facade::product::activation_action::Type, const ActivationCode&, result_t, licensing::facade::product::IActivationContent*) actionType = 0, activationCode = AW65R-BZ8CG-KBQ18-ANNZ2, result = 0xa0430005 Line 4667349: Nov 18 16:02:12 32-vs-kwts02 KWTS EventLogger[1552]: 1592 DBG APP: void lms::event_logger::Journalist::Write(const lms::event_logger::JournalRecord&) JournalRecordData(dateTime.dt: 133132501328539280, type: 9, person: kluser, result: 1, description: license error: Could not resolve host, details: { "name": "LicenseErrorEvent", "data": {#012 "reason": -1608777683#012} }) How to solve a problem It means that the problematic node could not resolve activation service. Check an access to activation services from the problematic node curl -v https://activation-v2.kaspersky.com/ --cacert activation-v2.kaspersky.crt And if there is no success connection, open an access to https://activation-v2.kaspersky.com https://activation-v2.kaspersky.com/ActivationService/ActivationService.svc And check a page with configuring network access - https://support.kaspersky.com/KWTS/6.1/en-US/189764.htm

Да, наверное. Ну и в главном окне продукта висит. В ветке репорта проблеме выставлен приоритет 4 (самый низкий), и вообще она закрыта для обсуждения. Так что ничего тут такого особенного разрабы AG не видят. Это больше пользователи возмущаются.)

Description You can face an issue like this on Events page in KWTS: Sometimes the search on the Events page works correctly. Sometimes not.. If you collect har-file (HOW TO) from Events page with reproduced issue you will see an error also in it: Also you can find an error in diagnostic_info\logs\var\log\kaspersky\kwts\extra\webapi.log: celery.backends.base.SoftTimeLimitExceeded: SoftTimeLimitExceeded(True,) Then you should check Maximum event log size (https://support.kaspersky.com/KWTS/6.1/en-US/174773.htm) in settings here: diagnostic_info\klinfo\worker_settings.xml Maximum event log size set to 10 GB. How to solve a problem You should set it to 9 GB. The KWTS architecture is not designed for a large event database size.