All Activity

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Klnagchk.exe is usually used to check if the connection between server and NAgent is OK. The expected result is the following: Attempting to connect to Administration Server...OK Attempting to connect to Network Agent...OK Network Agent is running. In case of problem with klnagent service, Kaspersky Network Agent should be re-installed and trace collected. If there is a problem with connection to Administration server, this should be investigated as a network issue. In case klnagent fails to connect to KSC Server over the ssl port 13000 (default), the following command can be used to switch to non-ssl port (run as admin): klmover -address administrationserveraddressorIP -pn 14000 -nossl. It is worth checking beforehand that ports 13000 and 14000 are available from the affected managed device with telnet or akconnect tool. In case of the "Transport level error while connecting to KSCServername: SSL connection error, possibly a non-SSL port was used", it is recommended to use openssl tool to check whether TLS connection can be stablished: openssl s_client -connect KSCServername:13000 -tls1 > tls1check.txt example of openssl output when there is a problem with TLSv1 traffic 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 CONNECTED(000001F4) write:errno=10054 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 137 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1694581538 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no openssl s_client -connect KSCServername:13000 -tls1_2 >tls1_2check.txt example of openssl output when there is a problem with TLSv1.2 traffic 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 CONNECTED(000001F4) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 227 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1694581395 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no This means that TLS traffic is blocked by some software/hardware in the network. It is not possible to connect managed hosts over the SSL to KSC Server until the problem is fixed by your network infrastructure team. There is a common misconception about Network Agent statistical data section and how to read it, though. klnagchk.log excerpt 1 2 3 4 5 6 7 ... Network Agent statistical data: Total number of synchronization requests: 184 The number of successful synchronization requests: 184 Total number of synchronizations: 1 The number of successful synchronizations: 1 ... Lines 3 and 4 show how many heartbeats were sent from the nagent service start. Lines 5 and 6 show how many non-group synchronizations took place. When analyzing connection between KSC and NAgent, usually only numbers on lines 3 and 4 matter. In other words, no synchronization of policy is performed if the policy is not changed. The policy is synchronized when KSC administrator makes some changes to the policy settings. To be noted that Total number of synchronizations counter is increased when the administrator opens the properties of a managed host→all tasks and forces the synchronization. Linux NAgent output: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 Starting klnagchk utility Checking command-line arguments...OK Initializing basic libraries...OK Current host is 'kesl11.ksc' Network agent version is '11.0.0.29' Reading settings...OK Checking settings...OK Administration Agent settings: Server address: '10.67.152.24' Use SSL: 1 Compress traffic: 1 Server SSL ports: '13000' Server ports: '14000' Use proxy: 0 Certificate: present Open UDP port: 1 UDP ports: '15000' Ping period, minutes: 15 Conn timeout, s: 30 RW timeout, s: 180 HostId: bb8e4bdf-0483-490c-a9fd-3654a319e259 Connecting to server...OK Connecting to the Administration Agent...OK Administration Agent is running Acquire Administration Agent statistics...OK Administration Agent statistics: Ping count: 1 Succ. pings: 1 Sync count: 1 Succ. syncs: 1 Last ping:04/16/2021 11:03:28 AM GMT (04/16/2021 02:03:28 PM) Deinitializing basic libraries...OK macOS NAgent output: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 Starting klnagchk utility Checking command-line arguments...OK Initializing basic libraries...OK Current host is 'kesmac-bigsur-11.0.shared' Network agent version is '12.0.0.77' Reading settings...OK Checking settings...OK Administration Agent settings: Server address: '10.211.55.34' Use SSL: 1 Compress traffic: 1 Server SSL ports: '13000' Server ports: '14000' Use proxy: 0 Certificate: present Open UDP port: 1 UDP ports: '15000' Ping period, minutes: 15 Conn timeout, s: 30 RW timeout, s: 180 HostId: 6c795a48-5217-4af7-9656-3e7d6d93ca3a Connecting to server...OK Connecting to the Administration Agent...OK Administration Agent is running Acquire Administration Agent statistics...OK Administration Agent statistics: Ping count: 0 Succ. pings: 0 Sync count: 0 Succ. syncs: 0 Last ping:04/06/21 08:41:24 GMT (04/06/21 11:41:24) Deinitializing basic libraries...OK

Sometimes you want to use Connection Gateway for roaming hosts, but you don't want to use the default connection port (13000). To achieve that you can use the following solution. Step-by-step guide Open NAgent policy. Network → Connection section. Open connection profile properties. Set necessary port after CG address (see screenshot).

Problem You may run into differences between Application Registry and Incompatible Applications Report when trying to find computers with incompatible applications. For example, you created Device selection based on an Applications registry criteria, where you specified incompatible application name in Application name field and got a device selection of 12 computers. After that, you open Incompatible Applications Report and only get 3 computers with that software. It is expected, and here is why. Solution Application Registry and Incompatible Applications Report use different subsystems to build their lists upon. Incompatible Applications Report uses Cleaner component which has a number of predefined entries (similar to what KES uses to detect incompatible applications), which are strictly defined by the product code. Cleaner database is constantly updated, but it is common when we do not have required entries in it. So Incompatible Applications Report will not show computers where software differs from what we have in our Cleaner. Different language, different version, basically everything may affect it. Device selection that is based on application registry Application name criteria will perform search based on name and version, which may have broader results, thus returning more computers. Computers that are not on Incompatible Applications Report have software version which is not yet in our Cleaner. There is another way to build a selection. There is Incompatible security application name dropdown menu. Device selection based on this criteria will be the same as in the Incompatible Applications Report.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI9735.tmp, Entrypoint: DisableWindowsDefender DisableWindowsDefender: Entering DisableWindowsDefender in C:\Windows\syswow64\MsiExec.exe, version 5.0.15063.0 DisableWindowsDefender: Failed to access local group policy. Error 0x80004005. DisableWindowsDefender: DisableWindowsDefender: finished. Return value 1603. CustomAction DisableWindowsDefender returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 11:27:28: InstallExecute. Return value 3. According to the log, something is preventing KES from disabling Windows Defender. The KES installer calls the MS API function OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY) https://msdn.microsoft.com/en-us/library/aa374275(v=vs.85).aspx, which returns an error. This problem is not related to KES, therefore only workarounds can be suggested. Most likely, the problem is related to Group Policy and is on the Microsoft Windows side. Solution Move the affected computer under default AD policy, then try to install KES once again. In case it will not help Here are some additional ways to solve the problem. No guarantee that they will work, and no responsibility for the effect, as they are not related to KL products. registry.pol related issues Delete C:\Windows\System32\GroupPolicy\Machine\registry.pol Restart the SMS Agent Host service to force ConfigMgr to reload the policies. Sometimes it is also necessary to reinstall the ConfigMgr client. gpt.ini related issues Replace C:\Windows\System32\GroupPolicy\gpt.ini with a copy from an unaffected computer.

Security administrator can create KSWS Application Control rules based on Digital Certificate. What does product actually checks and how it is related to the file itself? First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa. If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed? Altering the file signed by the certificate will cause its certificate to no longer confirm the integrity of this file. As a result "Allowing" rule will no longer be applied to the file. How the control of the revoked certificates operates, if such a control exist? Certificates revocation in the operation system is implemented through OS updates. When a certificate becomes revoked, it can no longer pass validation checks. Thus file execution will be blocked. When both the subject of the certificate and its thumbprint verifications are selected, then product checks that the file is signed by an exact "version" of certificate. In other words, it will not be enough to make a self-signed certificate with the Subject field equal to "Redmont, Microsoft" - such a certificate does not coincide with the real thumbprint of Microsoft.

To minimize network load, stop receiving error messages related to SNMP scan or to comply with security standards, you can disable SNMP scan completely. Step-by-step guide On KSC server: Execute: klscflag.exe -pv klserver -fset -n KLSRV_NETSVAN_MAY_USE_SNMP -v 0 -t d Restart network agent service net stop klnagent net start klnagent In case if you need to disable SNMP scan made by UA/DP, then the command will be slightly different: klscflag.exe -pv klnagent -fset -n KLSRV_NETSVAN_MAY_USE_SNMP -v 0 -t d

Step-by-step guide Install KSWS and make sure the Anti-Cryptor protection component running and its Work Mode is Active. Install AESCrypt on a remote host. Try to encrypt the files on a network share protected by KSWS. Enter a password. As encryption starts, Anti-Cryptor detects it and blocks remote user's session. In KSWS 11, by default, the application blocks a host's access to network file resources for 30 minutes. The following attempts to access shared folder will fail. KSWS logs attempts to encrypt the data. The attacker host appears in the Blocked host storage now.

Добрый день, подскажите откуда попадают в список данные обновления? И можно как то влиять на этот перечень приложений? Добавить приложения к примеру которых нету в списке на сервере

Problem Computer description may stop updating on KSC console. It may be different from what is set on managed PC in computer properties. Solution If computer description field was changed on KSC side manually it will no be updated again. To enable synchronization with local description you have to delete the computer from managed computers group, then from unassigned, and add it back. In case it did not help check that the following services are enabled (set to automatic startup) on the managed computers and UDP 137, 138 TCP 139 ports are open Computer browser Server DNS Client Function Discovery Resource Publication SSDP Discovery UPnP Device Host services Computer browser service should also be enabled on the KSC server and on scanning the host side (Distribution Point in the subnet).

KSWS/KESS use * as a wildcard character. There are multiple ways to use it. Examples Masks without paths *.exe - all files with extension *.exe test - all files with name test Masks with absolute paths C:\dir\*.* - all files in folder C:\dir\ and its subfolders C:\dir\*.exe - all files with mask *.exe in folder C:\dir\ and its subfolders C:\dir\test - all files named test in folder C:\dir\ and its subfolders C:\dir\ - all files in folder C:\dir\ and its subfolders Masks with relative paths dir\*.* - all files in all folders named dir and their subfolders dir\*.exe - all files with mask *.exe in all folders named dir and their subfolders dir\test - all files named test in all folders named dir and their subfolders dir\test*.* - all files which name begins with test and has extention in all folders named dir and their subfolders (for example, C:temp\dir\sub\test2.exe will be excluded ) dir\ - all files in all folders named dir and their subfolders Masks with absolute and relative paths will be applied to subfolders only in case if in TZ rule settings option «Use in subfolders» was enabled. Otherwise rule will be applied to the specified folder only. dir\ and dir\* have the same result. Combinations such as dir\*\ can be used. "*" will be interpreted by the product as any number of folders with any names. For example below paths will be excluded: c:\abc\dir\cde\fgh\file.exe c:\abc\dir\cde\fgh\file2.exe etc Combinations such as dir\*\dir1\*\dir2\ can also be used. Usage example: c:\abc\dir\cde\dir1\fgh\ijk\dir2\file.exe Subfolders in above mentioned examples will also be excluded in case if «Use in subfolders» option was enabled. Masks acceptable while adding trusted processes: c:\dir1\dir2\fil?.exe c:\dir1\dir?\fil?.exe c:\dir1\dir2\*.exe c:\dir1\*\some_file.exe

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. There are multiple settings in both KES and KSC that allow to set notifications about various events. This article is based on example of setting complaint notification (message send to administrator if the users considers the blocking of the page to be mistaken). Let's review three main scenarios, when KES is connected to KSC (either constantly or intermittently) and when it is not connected. KES is always connected to KSC How to set To set address for email notifications go to Administration Server properties -> Notification delivery settings -> Notification and input email into Recipients filed. To enable email notifications do the following Open KES policy Navigate to KES policy -> Event notification -> Warning -> Web page access blockage message to administrator Press Properties Mark Notify by email checkbox What to expect Once the user will fill the form (way to change default complaint message will be covered later in this article) and press Send, Network agent will send event to KSC. Once KSC will receive it, email notification will be send to administrator. The default email will look like this: Event "%EVENT%" happened on computer %COMPUTER% in the domain %DOMAIN% on %RISE_TIME% %DESCR% %EVENT%, %COMPUTER%, %DOMAIN%, %RISE_TIME% are self explanatory, while %DESCR% may rise some questions. This part will be substituted the whole message that the user put in to the complaint form. You can change format of the email at Administration Server properties -> Notification delivery settings -> Notification. Note that it will affect all email notifications KES in not connected to KSC How to set Open KES GUI Navigate to Settings -> Endpoint control -> Web Control and press Templates Switch to Message to administrator tab Input address for notifications into To field Change Subject of the email and notification text if required. Open General Settings -> Interface -> Notifications Settings configure SMTP client connection settings in "Email notification settings" menu of Notifications. What to expect Once the user will fill the form (way to change default complaint message will be covered later in this article) and press Send, KES will send email to specified address. It will contain everything user put into the form. KES is connected to KSC from time to time How to set Follow the steps described in KES is always connected to KSC section. This will set KES for the time it has connection to KSC Do the same as described in KES is not connected to KSC with only difference – make changes to policy not KES local settings. This will set KES for the time when it is not connected to KSC: Open KES policy Navigate to Endpoint control -> Web Control and press Templates Set email address that will receive notifications when KES is not connected to KSC Change Subject of the email and notification text if required. What to expect When KES has connection to KSC you will receive message from KSC described in KES is always connected to KSC section. When KES has no connection to KSC you will receive email from KES described in KES is not connected to KSC section. The same goes for cases when out-of-policy is used. How it works As noted earlier, when you manage KES using Kaspersky Security Center you can specify two methods of email notification delivery, both of them could be configured in KES policy. KSC settings Open KES policy properties navigate to “Event configuration”, select event that you are interested in, mark “Notify by email” In this case, network agent transport will be used to deliver notification to KSC, then KSC will send an email to specified recipients. If you tracing KES activity, specialized information will be recorded in KES.version.date.time.PID.connector.log and KES.version.date.time.PID.SRV.log for each event sent by Nagent transport. KES settings Open KES policy, General Settings -> Interface -> Notifications Settings, leave tick marks in column "Notify by email" next to events that you are interested. Also you will have to configure SMTP client connection settings in "Email notification settings" menu of Notifications. In this case, KES will send emails using it’s own mail client, from computer where event was registered. KES actions will be recorded in KES.version.date.time.PID.SRV.log

This instruction is relevant only in case of troubleshooting incorrect loading or rendering of a web page. In order to troubleshoot issues KES network traffic related issues traffic dump is required. It is easier to analyze and does not require third-party software installation. If reproduction of the issue requires the web browser to open web pages(such as web control non-working as expected, web page not loading, and so on), the tests should be performed in Incognito mode(also known as private browsing). Chrome browser: Ctrl+Shift+N or you can start browser from terminal: & "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -incognito . Starting application from terminal will make launch key visible in traces and make diagnostic easier. Firefox browser: Ctrl+Shift+P or you can start browser from terminal: & "C:\Program Files\Mozilla Firefox\firefox.exe" -private-window . Starting application from terminal will make launch key visible in traces and make diagnostic easier. Microsoft Edge: Ctrl+Shift+P Opera browser: Ctrl+Shift+N KES11/12 Instructions Disable KES11/12 Self-defense Navigate to the following registry key: x86: HKLM\SOFTWARE\KasperskyLab\protected\KES<Build version>\environment\ x64: HKLM\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES<Build version>\environment\ Create a string type value named DumpNetworkTraffic : DumpNetworkTraffic = (REG_SZ)"1" Restart the product or reboot the host Traffic dump files will be saved to %ProgramData%\Kaspersky Lab\KES<Build version>\Data\traffic Once the issue is reproduced compress the whole traffic directory Do not forget to disable traffic dump collection. To do so delete DumpNetworkTraffic value.Then restart the product or reboot the host.

You can set and run PLC Project Integrity Check task in KICS4Nodes console. But it is not clear how to add PLC projects into the task settings in the KSC Console. Before PLC Project Integrity Check task setting the PLC Project Investigation task should be successfully executed. Step-by-step guide Go to the KICS4Nodes policy -> Properties -> Logs and Notifications -> Interaction with Administration Server | Settings. Enable Versions of PLC projects option (disabled by default). Lock the padlock. Save and apply the policy. (Data of investigated PLC projects will be transferred to the KCS as Network lists). Go to the Properties of the target host, which will have PLC project checker role. Go to Tasks section-> Select "PLC Project Integrity Check" task -> Properties -> Settings section Click the ADD button -> You will see the list of PLC projects, which were collected by the PLC Project Investigation task. Check the projects that you want to check. Add them to the list. Enable checkbox of the PLC configurations. Apply task properties. Run the task. PLC Project Integrity Check task does not start automatically after the application reboot. You should set the schedule in the task properties. We recommend to run task by schedule at the application launch.

Also, I get this when visiting that URL: Are You sure, are typing correctly the URL You want? -> https://www.annsummers.com/

Доброго дня. Вынужден был переустановить KSC 13.2. Был только eng-дистрибутив. Можно ли как-нибудь русифицировать консоль управления?

This error message means that KSWS KSN-Client was unable to reach KSN Cloud servers (in most cases if KSN Proxy is used). Possible causes of the issue: Various transport-level issues KSC Server has been moved to another host with new DNS-name and IP-address Troubleshooting steps: Check that KSC is accessible via both its IP address and its hostname Check that option "Bypass proxy for local addresses" is enabled (KSC server properties > Advanced > Configure Internet access) Check that option "Use UDP port 15111" is disabled: 3.1 Administration server properties -> KSN Proxy -> KSN Proxy settings 3.2 Network Agent policy properties -> Distribution points -> KSN Proxy Check that KSC server could successfully establish connection to KSN KSN Proxy server statistics is updated Check that in KES policy option "Use KSN servers when KSN Proxy is not available" is disabled. And KES is able to successfully establish connection with KSN and KSN statistic is populated correctly. Otherwise, KES might establish a direct connection to KSN, bypassing KSN Proxy. Check that port 443, 13111 TCP used by KSN proxy are available on proxy or company's firewall. For more information about ports which KSC uses please use KB article. Check that Port Control or Detect Protocol features are disabled on the corporate proxy servers, firewalls. Non-SSL traffic should be allowed on 443 port. If you use Squid, upgrade to the latest version. We have a confirmation that older versions of Squid have some issues, which might lead to this problem. On KSC open Advanced -> Remote installation -> right click on 'Installation packages' node -> Properties. Make sure that correct server address is specified. In the address is incorrect then specify the right one -> recreate Nagent package -> reinstall Nagent on client hosts using the new package.

Welcome to Kaspersky Community. Please provide versions of Kaspersky product installed.

When I try to browse/ope this website www.ansummers.com. I get this error message This site can’t be reached The connection was reset.

This is a legacy issue; the protected objects include Exchange servers.Does it matter?

Помогли с решением

Hallo @Schulte Danke für die Info gut zu wissen daran hatte ich dabei gar nicht gedacht Gruß Frank

En cuanto a la salud del disco, te pone que está a un 54%, calcula cuándo lo compraste, y así podrás saber más o menos lo que le queda de vida 🙂

Hi @astor, wenn Du es bisher immer so gemacht hast (wie ich es mir gerade vorstelle), hast Du Glück gehabt. Aktivierst Du die neue Version mit dem Key, kann Kaspersky nicht wissen, mit welchem Konto Du die Installation verbinden wirst und dass es der bereits auf Dich registrierte Key ist. Der Installationszähler ist unabhängig von My Kaspersky und reagiert nur auf die Eingabe des Lizenzcodes. Es ist eine neue Installation, auch wenn Du sie später mit Deinem Konto verbindest.

Обратитесь в техподдержку.

Kaspersky Secure Connection не подключается на телефоне. Версия Android: 16 KSC в составе Kaspersky Standart: 11.122.4.13875