All Activity

То что создать пакет это понятно) запустить установку на группу и так далее, вопрос чуть в другом, то что обновления сторонних разработчиков работают по другому принципу. их одобряешь и средствами этой задачи назначаешь установку, когда же такую процедуру делаешь с KES любой версии то есть нажимаю одобрить он сам начинает установку везде, поэтому я создаю пакет как вы сказали и делаю задачу на установку программы и так обновляю, Интересно почему такое поведение при одобрении обновления

Пакет можно создать, причём даже не дожидаясь автопатчей. Вы такое у Себя не практикуете? Как создать инсталляционный пакет для программ «Лаборатории Касперского» А, стоп, возможно у Вас лицензия без системного администрирования?

Эта задача не даёт выбрать пакеты обновлений Касперского

Да, это понятно, данное действие можно считать как - "Разрешаю всё защитное ПО обновить до актуальной версии". Но, Вам никто не запрещает создать отдельную задачу "Установка требуемых обновлений и закрытие уязвимостей" и устанавливать защитное/ стороннее ПО выборочно.

Здравствуйте, 13.2 версия уже отжила своё. Рекомендуется переход на 15.1 версию, либо миграция на Linux KSC.

В этом окне когда выбираю одобрить установка запускается, задач нету

其实吧 卡巴的虚拟化只给安全支付用 你不用这个功能，完全可以不开启卡巴的虚拟化。 系统自带额credential guard 和VBS 还有内核隔离，更加值得开启。

Ну, можно предположить, что речь о распространении на "тестовую группу". Тогда не одобряйте, а используйте отдельную задачу для этой "тестовой группы" - "Установка требуемых обновлений и закрытие уязвимостей", где в укажите, что можно устанавливать без одобрения (кстати, в этой же задаче имеется и отложенная установка):

Почему же? Можно создать запрос в поддержку и попросить рассмотреть возможность добавить того или иного ПО для обновления с аргументами. А там рассмотрят и решат: добавить или нет, но процесс не быстрый и итог неизвестный. Пока только видел обратный процесс, некоторые разработчики софта попросили исключить их из этого списка, так как автообновление у них работает лучше, чем это делает антивирус.

Так и сделал. Спасибо

к примеру вышел KES 12.10 при одобрении этого обновления начинается установка на всех устройствах, как изменить это поведение

Что именно настроить? Сам использую отдельную задачу для обновления того или иного стороннего ПО. Т.е., не всё поддерживаемое "Kaspersky Lab" стороннее ПО одобряю, т.к. некоторое стороннее ПО поддерживаю/ обновляю отдельными задачами, с указанием параметров установки/ обновления.

Спасибо) Ещё такой вопрос, при одобрении обновлений KES запускается массовое обновление, это как то можно настроить?

Это результат работы задачи "Поиск уязвимостей и требуемых обновлений". Не возможно. Имеется некоторый список стороннего ПО поддерживаемого "Kaspersky". Просмотр информации о доступных обновлениях приложений сторонних производителей. О приложениях сторонних производителей

Как локализация операционной системы, сервера, консоли и плагинов управления влияет на язык интерфейса Консоли администрирования Kaspersky Security Center Как вариант используйте удалённую MMC-консоль с необходимой локализацией.

Sometimes, KATA Sandbox may suddenly stop functioning normally and throw a self-diagnostic error. This may be caused by snapshots corruption: as one of the troubleshooting steps, you may remove the latest VM snapshots, this is harmless procedure. Step-by-step guide Login to Sandbox via SSH and execute the following command: ls -l /vm/qemu/vms/ total 36 drwxrwx---+ 3 sandbox-core klusers 4096 Apr 19 16:42 Win10_x64-1555680939 //This is the folder with original VM image drwxrwxr--+ 6 sandbox-core klusers 4096 Apr 22 00:17 Win10_x64-1555680939_2019.04.22.1555880403 //This is a folder with VM snapshot drwxrwxr--+ 6 sandbox-core klusers 4096 Apr 23 00:18 Win10_x64-1555680939_2019.04.23.1555966815 //This is a folder with VM snapshot drwxrwx---+ 3 sandbox-core klusers 4096 Apr 19 16:34 Win7_x64-1555680478 //This is the folder with original VM image drwxrwxr--+ 6 sandbox-core klusers 4096 Apr 22 00:09 Win7_x64-1555680478_2019.04.22.1555880403 //This is a folder with VM snapshot drwxrwxr--+ 6 sandbox-core klusers 4096 Apr 23 00:11 Win7_x64-1555680478_2019.04.23.1555966815 //This is a folder with VM snapshot drwxrwx---+ 3 sandbox-core klusers 4096 Apr 19 16:27 WinXP-1555680293 //This is the folder with original VM image drwxrwxr--+ 5 sandbox-core klusers 4096 Apr 22 00:07 WinXP-1555680293_2019.04.22.1555880403 //This is a folder with VM snapshot drwxrwxr--+ 5 sandbox-core klusers 4096 Apr 23 00:08 WinXP-1555680293_2019.04.23.1555966815 //This is a folder with VM snapshot Remove the latest snapshots by date and restart the following services - KATA 3.7.2 : service sandbox-komilfo restart service sandbox-create-snapshot restart For KATA 4.0/4.1/5.0 - restart Sandbox

Security officers may need raw alerts data from KATA for further processing in Excel/etc. Here's how to export all alerts from KATA database to .csv file: KATA 3.7.2 sudo -u postgres bash -c "psql -d antiapt -c \"COPY (SELECT * FROM all_alerts) TO '/tmp/kata_alerts.csv' (format csv, delimiter ';', header, encoding 'UTF8');\"" Instead of simply copying all alerts, administrator may export only last N alerts, or play around with SQL queries: sudo -u postgres psql antiapt -c "copy (select * from all_alerts limit N) to '/tmp/test_oneliner1.csv' (format csv, header, encoding 'UTF8');" For example, if a specific time interval is required, it can be done like this: sudo -u postgres bash -c "psql -d antiapt -c \"COPY (SELECT * FROM all_alerts WHERE update_time BETWEEN '2021-04-19 21:36:11'::timestamp AND '2021-05-01 13:29:57'::timestamp) TO '/tmp/kata_alerts.csv' (format csv, delimiter ';', header, encoding 'UTF8');\"" NB! Sometimes, filenames may have \r\n EOL symbols, which may affect CSV import to Excel. You can change \r\n to \n via Notepad++ or any other text processor. P.S. To export all connected/not connected endpoints you can execute: sudo -u postgres bash -c "psql -d antiapt -c \"COPY (SELECT * FROM agent_status) TO '/tmp/agent_status.csv' (format csv, delimiter ';', header, encoding 'UTF8');\"" KATA 4+/5+/6+ If the command above doesn't work or hangs, use the command below: psql -U kluser -h 127.0.0.1 antiapt -c "select * from all_alerts;" > /tmp/all_alerts Similar to previous, you can spice up the query to your taste, for example, to get time interval between now and then, execute: psql -U kluser -h 127.0.0.1 antiapt -c "select * from all_alerts where update_time between '2021-04-19 21:36:11'::timestamp and now()::timestamp;" > /tmp/all_alerts Then just open Excel and make import from Data -> From Text/CSV from /tmp/all_alerts (download it to local computer first).

Problem The error message Downloading the distribution package of the device security application. Failed to download the distribution package of the device security application is displayed in the browser after following a new invitation link on the iOS device. Solution Make sure that The new invitation link is used. KESCloud invitation links are one-time-use only on mobile devices. Send the new link. The APNs certificate is added to KESCloud console. Login to KESCloud and open the workspace. Switch to the Getting started tab and scroll down to the Recommended section. See if APNs certificate is added and valid. Create or Renew certificate if needed.

Scenario In certain cases one may need to move an SQL database that stores KSE operational data to another SQL server/instance. The following procedure can be used to achieve that: Step-by-step guide Change the startup type of KSE services to Manual. Stop the KSE services which use this database (may be located on several hosts in case of DAG, for example). Create a backup of the KSE database using MS SQL tools. Restore the database on a new SQL server/instance using MS SQL tools. Assign the required rights for this database according to this article. Manually edit the file BackendDatabaseConfiguration*.config on every KSE server that will use this database. See this article for instructions. In the scenario when KSE doesn't use the DB default port, we must edit the BackendDatabaseConfiguration*.config file properly, here is an example when custom port is 1435: <SqlServerName>sqlag02ls,1435</SqlServerName> Manually change the values of BackendDatabaseName and BackendSqlServerName with the new ones in the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Kaspersky Lab\Kaspersky Security for Microsoft Exchange Server" on every KSE server that will use this new database. Return the startup type for the KSE services back to original values. Start the KSE services. Verify that there are no errors in event logs after the service will be started.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Problem HIPS (Host Intrusion Prevention System) unexpectedly blocks data stream (audio, video) in trusted communication software such as MS Teams, Skype, Skype for Business etc. Solution The root cause is in KUsrInit.exe (parent process for many processes in the OS where it exists) which in some cases can be found on pre-installed OS on Dell computers. KUsrInit.exe process must be added to HIPS trusted as well to avoid such issue.

There is a known limitation in KSC. When hosts are managed from different domains and there are hosts with the similar names in these domains then 'doubles' will appear. To avoid this, use FQDN (fully qualified domain name) as a display name instead of NETBIOS name. Step-by-step guide Set up the following server flag: SrvUseFqdnAsDisplayNames [HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\1093\1.0.0.0\ServerFlags] "SrvUseFqdnAsDisplayNames"=dword:00000001 2. Delete duplicated hosts from managed group and from unassigned devices. 3. Run polling so that hosts reappear on KSC. In order for hosts to reappear with an FQDN name, the KSC must know their DNS domain. This information appears on the KSC from an installed network agent or AD scan. Therefore, a network agent must be installed on these hosts or AD polling must be used.

Problem You install latest Windows Assessment and Deployment Kit (Windows ADK) on the server where KSC is installed, but KSC console still shows message "to deploy OS images, you must install the Windows Assessment and Deployment Kit (Windows ADK) on the device that has KSC installed". Solution KSC doesn't see all the needed WADK components being installed. Because Microsoft is always changing components within their installation packages, we recommend to install all utilities from the Microsoft's official article. Go to https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install Download all utilities under "The Windows ADK includes:" including WinPE and WSIM.

The ability to modify the ciphers used by the product to communicate with port 13292 published on the Internet is required. Step-by-step guide You cannot change the ciphers used on a particular port, but you can change the cipher modes used by the MDM server on all listening ports.To do so, you will need to create a global variable KLTR_ENV_SSL_CIPHER_SUITE and restart Kaspersky Security Center server. You can familiarize yourself with the format of the values at this link https://www.openssl.org/docs/man1.0.2/man1/openssl-ciphers.html For example, a variable might look like the following: KLTR_ENV_SSL_CIPHER_SUITE=HIGH:!MD5:!DSS

Sometimes, you may need to check KSN servers availability and operation on KATA CN. This method is not applicable to KATA 6.0. The tool is still present, but it returns error 0x80000001 (Interface not supported). For KSN issues, there's a way to check specific hash for reputation: Become root sudo -i Check specific hash for reputation by running the following command: for KATA 4.+ and 5.0: docker exec -it "$(docker ps | grep ksn_proxy| awk '{print $1}')" /opt/kaspersky/apt-ksn_proxy/sbin/ksn_client --ip 127.0.0.1 --hash 9C642C5B111EE85A6BCCFFC7AF896A51 for KATA 5.1 and 6.1: docker exec -it "$(docker ps | grep ksn_proxy| awk '{print $1}')" /opt/kaspersky/apt-ksn_proxy/sbin/ksn_client --ip 127.0.0.1 --hash 9C642C5B111EE85A6BCCFFC7AF896A51 UnTrusted - means that KSN working properly.

Scenario Backup task fails indicating corrupted files. Specific file names may vary. The following error appears in Kaspersky Event Log (file name may vary): Database is corrupted. At least one repository corrupted C:\ProgramData\Application Data\KasperskyLab\adminkit\1093\gsyn\klsdata.dat has been corrupted and will not be recovered. Hardware fixing and application reinstallation are required. Possible root causes The most common reasons are OS crash and unexpected reboot (for example due to power loss) of the system with disk caching is enabled. It leads to corruption of KSC repositories. Solution Uninstall KSC Install KSC Restore from the latest backup How to avoid the issue Ensure the system is stable, prevent power outages. You may also check System event log for the large number of any warnings, such as events 50 or 140. These events may be a sign of a file system problem. If NTFS events such as Event ID 55, 50, 140, and 98 are logged, Microsoft suggests running the "chkdsk" utility. Because NTFS couldn't write data to the transaction log, this could affect the ability of NTFS to stop or roll back the operations in which the transaction data couldn't be written: https://learn.microsoft.com/en-us/troubleshoot/windows-server/backup-and-storage/troubleshoot-data-corruption-and-disk-errors#troubleshooting-event-id-55-and-98.