All Activity

Dear Community Clients have requested that we block all applications on an embedded system except for trusted applications or applications that are already running. So, we need help with the following: -- How to configure trusted applications so that Kaspersky doesn't block them. -- Share how to configure application control , which will not allow any application to be run except the application which are only trusted. Please let me know if you are unable to understand the questions.

之前用的火绒有这个这样的功能，需要用来拦截一些PCDN用户和部分游戏里面的引流RPG服务器 防火墙里面能看到但是不清楚要怎么导入

Reported!

Please drop a message in here Chat Follow this guide https://support.kaspersky.com/ksec-for-windows/5.20/232827

It´s me again.... 😄 The same problem.... naturlichpharma.shop thank youuu

Предложил разработчикам данную ссылку на github. Не знаю регались они или нет до этого. Насчет улучшения анти-баннера конкретики на бета форуме нет. Обтекаемо написал представитель, мол в планах есть что-то. А будет или нет - бабушка на двое сказала. Да и конкуренты дальше уже уйдут за это время. У Adguard уже 8-я версия готовится с улучшениями и ночные сборки уже есть. Но суть именно в том, что тут пока не известно будет ли улучшение, на данный момент часто рекламу пропускает и хвосты оставляет от баннеров, да и фильтров мало.

Именно что действие по умолчанию предлагают удалить, думаю большинство не особо разбирающихся при таком сообщении, когда жути нагнали выберут удалить. Именно что настойчиво, плюс сообщение с текстом, что функционала иначе определенного лишитесь и антивирус не сможет нормально работать и кнопка по умолчанию выбрана удалить.

Thank you very much so helpful it worked

卡巴安全軟件2021（可否免費升級至卡巴斯基优选版 ？

Ну все, теперь, значит, вся яндекс-реклама будет отдыхать.😄

На этой ноте закрываю тему.

Как? Там речь о других антивирусных продуктах 😉 и на форуме бета-тестирование обещали улучшения Анти-баннера. Может стоит им принять участие в программе Allowlist, если они ранее не участвовали. Так проще, так легче, чем связываться и пытаться решить проблему с разработчиком. Просто очень настойчиво и почти ежедневно будет об этом предупреждать.

В конфиге ровно то что в инструкции написал, ничего больше. Когда пытаюсь его сюда вставить пишет forbidden https://support.kaspersky.ru/ksc-linux/15.4/241223 https://support.kaspersky.ru/ksc-linux/15.4/242538 Вот этими статьями пользовался

Ну да, о том и речь, что не видят они особой проблемы.) Но если будет шквал недовольств пользователей, придется все же как-то решать - дать возможность хотя бы скрывать уведомление.) Попробую уточнить насчет невозможности скрывать уведомление, сообщу потом, если получится.

This error may be caused by non-Latin characters in the policy name. To fix this issue, check existing policy and place it with a new one, if it has non-Latin characters in its name: 1. In the NSX web console: Navigate to Security → Endpoint Protection Policies. 2. Delete the existing policy with Non-Latin characters in its name. 3. Create a new policy using English-only naming conventions.

Scenario Enable Network Threat Protection Connect another Mac via a thunderbolt cable Try to send any data from one computer to another Connection times out Workaround & Solution Connect computers by other means or disable NTP when using Thunderbolt bridge. RCA This issue is caused by a bug in macOS' built-in packet filter and was reported to apple.

Problem There are several problems with similar causes: 1) KESL postinstall script produces error. Warning: Failed to set up KSN 2) KESL is installed and running. However, the kesl-control command outputs something like that: kesl-control --app-info Connection refused. Invalid user permissions for /var. Only root user should have write access to this path. kesl-control --app-info Could not connect to Kaspersky Endpoint Security 11.2.2 for Linux 3) KESL is installed and running, kesl-control indicates no problems. However, kesl-gui shows the Application is currently unavailable error. 4) KESL is installed and running, nagent indicates no connectivity problems. However, KSC shows that KESL is stopped and can't be started. 5) (Starting from 11.3) KESL journal errors "RemoteConnectionRejected" EventType=RemoteConnectionRejected EventId=4385 Initiator=Product Date=2024-04-09 16:28:59 DangerLevel=Critical Reason=InvalidPermissions Path=/var Process=/var/opt/kaspersky/kesl/11.4.0.1096_1684141407/opt/kaspersky/kesl/bin/kesl-control 6) (Starting from 11.3) Nagent errors "Remote Connection Rejected" Note that in case the problem is with nagent itself (i.e not kesl-control or kesl-gui), nagent actually will not send these events to KSC due to very same issue. Root cause KESL service implements defensive internal logic which denies connections from not "trusted" processes. One of the causes is that the process executable file or some library it loads can be overwritten by a non-root user: 1) The Owner is not "root". 2) FS write permission is granted to "Group" or "Other". Such errors often serve as indication of some erratic configuration. For example: Some system administrators change ACL for /opt or other folder (which is supposed to not be widely accessible) to 777 because they don't want to work via sudo; In Astra Linux, the owner of the /var directory is sometimes changed to the fly-dm service user due to an error in the fly-dm package. Astra developers confirmed this bug and released fix. If the issue reproduces with new fly-dm versions, address Astra support. LD_PRELOAD variable may be used to load arbitrary libraries for any given process including KESL. This is usually the case when you see non-root permissions errors for some third-party libraries. Solution To restore proper permissions, use the chown and/or chmod commands: chown root:root /path/to/folder chmod g-w,o-w /path/to/folder Please exercise caution and rely upon common sense when changing permissions for / and folders straight under /. It depends on the environment which files/folders are checked, thus a complete list cannot be provided. 1) # ls -ld / /var /var/opt /opt /opt/kaspersky /bin /usr /usr/lib /usr/lib64 | egrep -v '^d.{4}-.{2}-.*root root' drwxr-xr-x. 20 x root 279 Apr 5 14:30 /var 2) (kesl 11.3+) check for RemoteConnectionRejected events. Path parameter should contain faulty directory. Check for events by directly querying events.db, or querying event database via kesl-control, or kesl-control errors depending on scenario. See examples Broken permissions for kesl, kesl-control errors root@dc-ubuntu:~# chmod 777 /var/opt/kaspersky/kesl/ root@dc-ubuntu:~# kesl-control --app-info Connection refused. Invalid user permissions for '/var/opt/kaspersky/kesl'. Only root user should have write access to this path. Broken permissions for klnagent, events.db query via kesl-control root@dc-ubuntu:~# chmod 777 /opt/kaspersky/klnagent64 root@dc-ubuntu:~# systemctl restart klnagent64 root@dc-ubuntu:~# kesl-control -E --query 'EventType=="RemoteConnectionRejected"' | tail -n 20 Process=/opt/kaspersky/klnagent64/sbin/klnagent EventType=RemoteConnectionRejected EventId=11301 Initiator=Product Date=2024-04-10 18:01:53 DangerLevel=Critical Reason=InvalidPermissions Path=/opt/kaspersky/klnagent64 Process=/opt/kaspersky/klnagent64/sbin/klnagent EventType=RemoteConnectionRejected EventId=11302 Initiator=Product Date=2024-04-10 18:02:04 DangerLevel=Critical Reason=InvalidPermissions Path=/opt/kaspersky/klnagent64 Process=/opt/kaspersky/klnagent64/sbin/klnagent events.db query via 3rd party tool (sqlite3 utility) root@dc-ubuntu:~# sqlite3 /var/opt/kaspersky/kesl/private/storage/events.db 'SELECT date,process,path FROM events WHERE eventtype=134 ORDER BY date DESC LIMIT 3' 2024-04-10 16:17:16|/var/opt/kaspersky/kesl/11.4.0.1096_1684141407/opt/kaspersky/kesl/bin/kesl-control|/var 2024-04-10 15:09:04|/opt/kaspersky/klnagent64/sbin/klnagent|/opt/kaspersky/klnagent64 2024-04-10 15:08:49|/opt/kaspersky/klnagent64/sbin/klnagent|/opt/kaspersky/klnagent64 3) To get a full list of files loaded by KESL or klnagent, you can read /proc/<pid>/maps. Use commands in the example below to filter out all application-specific files that are located in the folders listed above and to see what other files are used: # cat /proc/$(pidof -s klnagent)/maps | awk '{print $6}' | grep ^/ | grep -v 'kaspersky' | sort | uniq /usr/lib64/gconv/gconv-modules.cache /usr/lib64/ld-2.17.so /usr/lib64/libattr.so.1.1.0 /usr/lib64/libbz2.so.1.0.6 /usr/lib64/libc-2.17.so /usr/lib64/libcap.so.2.22 /usr/lib64/libdl-2.17.so /usr/lib64/libdw-0.176.so /usr/lib64/libelf-0.176.so /usr/lib64/liblzma.so.5.2.2 /usr/lib64/libm-2.17.so /usr/lib64/libnss_dns-2.17.so /usr/lib64/libnss_files-2.17.so /usr/lib64/libnss_myhostname.so.2 /usr/lib64/libpthread-2.17.so /usr/lib64/libresolv-2.17.so /usr/lib64/librt-2.17.so /usr/lib64/libz.so.1.2.7 /usr/lib/locale/locale-archive # cat /proc/$(pidof kesl)/maps | awk '{print $6}' | grep ^/ | grep -v 'kaspersky' | sort | uniq /usr/lib64/gconv/gconv-modules.cache /usr/lib64/ld-2.17.so /usr/lib64/libc-2.17.so /usr/lib64/libdl-2.17.so /usr/lib64/libm-2.17.so /usr/lib64/libnss_dns-2.17.so /usr/lib64/libnss_files-2.17.so /usr/lib64/libpthread-2.17.so /usr/lib64/libresolv-2.17.so /usr/lib64/librt-2.17.so /usr/lib64/libz.so.1.2.7 /usr/lib/locale/locale-archive

так их продукт не удаляют принудительно, просто предупреждают )

Don't apply to PCN, it will lead to the disconnection of all SCNs attached and will not restore automatically Problem Description A PCN connection request got stuck in the "Waiting" status and doesn't result in failure. The reboot doesn't help. It can happen if, for example, a SCN IP was specified instead of PCN. Solution Run the following commands as root: Cancel PCN connection request # console-settings-updater get /ipsec > /home/admin/ipsec.orig.json && chmod 777 /home/admin/ipsec.orig.json # console-settings-updater set /ipsec "{}" Clear the browser cache. Reload the page. Alternatively, force the reload (Ctrl+F5 in FF). The server status will revert to the Standalone solution. Select the Distributed solution, specify the correct IP of PCN and retry to connect. To restore config in case of error: Cancel PCN connection request # console-settings-updater set /ipsec @/home/admin/ipsec.orig.json

Issue An attempt to send POST request via KPSN API from a Windows client.: curl --cert C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem --key C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_key.pem -k -X POST -d "{\\"action ": \\"check_url\\",\\"data ": {\\"urls ": [\\"website1.com "]}}" https://10.90.116.27:80/api/ Fails with the following error: curl: (58) schannel: Failed to import cert file C:\\Users\\user_A\\Desktop\\kpsn_api kpsn_api_crt.pem, last error is 0x80092002 There is no such issue when using curl on a Linux client. Cause The used version of curl.exe on Windows is not configured to work with OpenSSL. Solution Use other tools to send requests, e.g Insomnia or curl from Git for Windows.

Problem Description, Symptoms & Impact Local installation from a standalone package fails Diagnostics Check installation logs of the product. We are looking for the following string: 09.02.2022 17:06:19.453 00000374.000028B4 L1 KLSTD: #1, Error was caught in KLERR_throwError, c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061. Error params: (1187/0x0 ("Bad parameter "VerifyCertDate""), "KLSTD", c:\a\b\a_6vlf7p9h\s\csadminkit\development2\klri\pkginst\klpkinst.cpp@1061) Error loc: ''. This string means that a certificate in the package is out of date Workaround & Solution In order to fix the problem you should: Log in to your KESCloud console Change a language \ proxy settings of the existing installation package Save changes Return needed language \ proxy settings Save changes Download a new standalone package and install products

Problem When you install Kaspersky Security for Mobile on Android from Kaspersky Endpoint Security Cloud using the link sent via Send instructions, an error "Installation package not found" may appear. This happens when the Operating System installed on the device is not recognized. Solution Remove KESM from the affected device. Open KES Cloud & browse to Users. Find the User with the device that cannot synchronize with KES Cloud. Send instructions to this User. User will get an email with new link. Download KESM via link from KES Cloud invitation email. If the installation fails install it from an application store (Galaxy Store, Huawei AppGallery, RuStore, or Xiaomi GetApps) or from Kaspersky website https://www.kaspersky.com/small-to-medium-business-security/downloads/endpoint When KESM will request server address, open the KES Cloud email then copy the whole link from the email and paste it to the Server field. Important Input KES Cloud address from the email when KESM will request a server address for the first time The copied link must look like: https://sXXX.cloud.kaspersky.com:8080/getPackage?vServerName=d8axxxxxxx0d7d2&packageID=CxxxczMzOC5jbG91ZC5rXXXXXXYUYYYYYYYYYFpbD1ZbTkxY21kdmRTNTZhV1ZrUUxxxxxU52YlE Provide all necessary permissions. Try to synchronize the device with KES Cloud.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Problem When KES installation fails with error message "Failed to access local group policy. Error 0x80004005", installation log should be checked. If it contains something similar, follow the steps below. MSI (s) (F4:94) [11:27:28:103]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI9735.tmp, Entrypoint: DisableWindowsDefender DisableWindowsDefender: Entering DisableWindowsDefender in C:\Windows\syswow64\MsiExec.exe, version 5.0.15063.0 DisableWindowsDefender: Failed to access local group policy. Error 0x80004005. DisableWindowsDefender: DisableWindowsDefender: finished. Return value 1603. CustomAction DisableWindowsDefender returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 11:27:28: InstallExecute. Return value 3. According to the log, something is preventing KES from disabling Windows Defender. The KES installer calls the MS API function OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY) https://msdn.microsoft.com/en-us/library/aa374275(v=vs.85).aspx, which returns an error. This problem is not related to KES, therefore only workarounds can be suggested. Most likely, the problem is related to Group Policy and is on the Microsoft Windows side. Solution Move the affected computer under default AD policy, then try to install KES once again. In case it will not help Here are some additional ways to solve the problem. No guarantee that they will work, and no responsibility for the effect, as they are not related to KL products. registry.pol related issues Delete C:\Windows\System32\GroupPolicy\Machine\registry.pol Restart the SMS Agent Host service to force ConfigMgr to reload the policies. Sometimes it is also necessary to reinstall the ConfigMgr client. gpt.ini related issues Replace C:\Windows\System32\GroupPolicy\gpt.ini with a copy from an unaffected computer.

Description and cautions The original scenario located on the page https://support.kaspersky.com/kes11mac/diagnostics/15299, requires a lot of efforts and manual manipulations. I am offering a bit easier and time-saving approach doing the same. Details All the commands from the original document are saved here, but placed together and being run one after another consequently; the old product logs are also wiped up in order to avoid mess: Login under root: sudo -i Enable KESMac KLnagent tracing: rm -rf /Library/Logs/Kaspersky\ Lab/* /Library/Logs/klnagent_trace.log && launchctl unload /Library/LaunchDaemons/com.kaspersky.klnagent.plist && cat /Library/LaunchDaemons/com.kaspersky.klnagent.plist > /Library/LaunchDaemons/com.kaspersky.klnagent.plist.backup && chmod ugo+w /Library/LaunchDaemons/com.kaspersky.klnagent.plist && curl -o klnagent_enabled_traces.zip -J -L https://media.kaspersky.com/utilities/CorporateUtilities/klnagent_enabled_traces.zip && unzip klnagent_enabled_traces.zip && cat klnagent_enabled_traces.plist > /Library/LaunchDaemons/com.kaspersky.klnagent.plist && chmod ugo-w /Library/LaunchDaemons/com.kaspersky.klnagent.plist && launchctl load /Library/LaunchDaemons/com.kaspersky.klnagent.plist Now you can check the log is being written: ls -lh /Library/Logs/klnagent_trace.log In case you need to enable KESMac tracing, refer to the specially dedicated article https://support.kaspersky.com/kes11mac/diagnostics/15041; It is time to reproduce the issue; When it is done, disable KESMac KLnagent tracing the same manner (ensure, you are still under root: sudo -i): launchctl unload /Library/LaunchDaemons/com.kaspersky.klnagent.plist && chmod ugo+w /Library/LaunchDaemons/com.kaspersky.klnagent.plist && cat /Library/LaunchDaemons/com.kaspersky.klnagent.plist.backup > /Library/LaunchDaemons/com.kaspersky.klnagent.plist && chmod ugo-w /Library/LaunchDaemons/com.kaspersky.klnagent.plist && launchctl load /Library/LaunchDaemons/com.kaspersky.klnagent.plist Upon finish, gather the collect package (https://support.kaspersky.com/collect) curl -o collect.tar.gz -L "https://box.kaspersky.com/f/00a1a6d8beb24554a72d/?dl=1" && tar -zxvf collect.tar.gz && chmod +x collect.sh && sudo ./collect.sh

As stressed in the product documentation, Sandbox, which is deployed as a Virtual Machine, should have an exact sizing, violation of which may lead to various issues. The only parameter that can be varied is a CPU clock rate. Common mistake The most notable mistake regarding scaling up VM sandboxes is an attempt to make one huge Sandbox VM with two to four times the required RAM/CPU as dedicated resources. Correct approach is to create a respective number of additional VMs and distribute these resources between them. For example, if you want to double the performance of a KATA Sandbox VM instead of adding 15 more CPU cores and 32 more gigabytes of RAM to an existing Sandbox, you need to deploy a new Sandbox VM with the following resources: CPU: 15 cores, 2.1 GHz or higher RAM: 32 GB HDD volume: 300 GB Two network adapters with 1 Gbit/s data transfer rate Virtual machine settings: Only VMware ESXi hypervisor is fully supported. Nested virtualization is enabled Supported VMware ESXi versions 6.5, 6.7U3 or 7.0 hypervisor. Entire CPU clock rate reserved. For a minimum CPU clock this means 12*2100=25200 MHz reserved. For a clock rate higher than 2.21Hz, use the following formula to calculate the entire CPU clock rate: 12 * <clock rate in MHz>. Entire RAM reserved (32 GB). Expose hardware assisted virtualization to the guest OS check box selected. Latency Sensitivity option set to High. No Secure Boot. The maximum number of simultaneously running virtual machines set to 12. Please note, these cannot be checked from a debug report or from inside of the VM, as these settings are configured in a hypervisor. Checking VMX file Obtain a .vmx file of the respective sandbox VM. Demo video showing how to locate a .vmx file. Note, that in this video the goal is to modify the .vmx, and we only need to access it for reading, therefore, there is no need to unregister a VM from inventory as done in video. All the following lines in .vmx file must match exactly with the following two exceptions: For sched.cpu.min, the value can be higher than 25200, see formula above. Line uefi.secureBoot.enabled might be absent, which is OK. Correct .vmx settings numvcpus = "15" sched.cpu.units = "mhz" sched.cpu.min = "26400" memSize = "32768" sched.mem.min = "32768" vhv.enable = "TRUE" sched.cpu.latencySensitivity = "high" uefi.secureBoot.enabled = "FALSE" ethernet0.present = "TRUE" ethernet1.present = "TRUE" Checking number of slots In the Sandbox web interface window, select the Administration section. In the Guest virtual machines group of settings, in the Maximum simultaneous VMs field, number of simultaneously running virtual machines must equal 12.