Jump to content


  • Content Count

  • Joined

  • Last visited

About lubyou

  • Rank

Recent Profile Visitors

339 profile views
  1. Hi Konstantin, I provided GSI report and additional log files in INC000009388953. Thanks!
  2. Hi, Somebody replied to the ticket and closed it. I was told that "The fastest and most convenient way to fix the issue will be to back up all sensitive data from the host and reinstall OS". I am not looking for the fastest and most convenient way to fix the issue, I am just looking for a way to fix the issue WITHOUT reinstalling the machine or WITHOUT the machine ending up in an unbootable state. The machine is on a different continent, reinstalling is not an option. If I were to disable all the services and drivers and manually remove them, will I end up with a bootable machine? Please advise. Thank you very much
  3. Hi, We tried to encrypt a computer via KES in 2016, which failed: Event type: Error encrypting/decrypting device Action: Encryption Reason: Device is incompatible with authentication agent Device\Device name: SAMSUNG SSD PM851 mSATA SCSI Disk Device Device\Device ID: 1SVESNFA291486 Device\Device type: Hard drive We accepted the failure and let it go, but we also forgot to mark the computer for decryption. It is marked for decryption in KSC now. Fast forward two years. We want to remove KES from that computer, however uninstallation of the AES module or KES ends with "Artifacts of authentication agent operation in test mode have been detected on the system hard drive. Consult the manual before removing AES Encryption Module (256 bit).". We followed the instructions on https://help.kaspersky.com/KESWin/10SP2/en-US/128199.htm (run fdert.exe, select drive, scan, delete AA objects and data, run "avp.com pbatestreset" afterwards), but we are still unable to remove KES. We also tried to remove KES via kavremover, which also failed: 768:09a4 10:56:20.021 KAVRemover tool version 1.0.1319 768:09a4 10:56:20.021 System language detected: langID=12, sublangID=1 768:09a4 10:56:20.021 User language detected: langID=12, sublangID=1 768:09a4 10:56:20.021 Setting UI language: langID=12, sublangID=0 768:09a4 10:56:20.021 Locale successfully set 768:09a4 10:56:20.021 dbghelp.dll dumped OK 768:09a4 10:56:21.592 Binary file dumped 768:09a4 10:56:21.623 handle does init 768:09a4 10:56:21.623 Still waiting for connect to server 768:09a4 10:56:21.889 Still waiting for connect to server 768:02d4 10:56:22.154 Searching for installed products... 768:02d4 10:56:22.154 Try to call some func on server... 768:02d4 10:56:22.154 Client malloc 768:02d4 10:56:22.154 After call, error = 0, ret code = 0) 768:02d4 10:56:22.154 Client free 768:02d4 10:56:22.154 Try to call detection... 768:02d4 10:56:22.506 Client malloc 768:02d4 10:56:22.506 After call detection, error = 0, ret code = 0) 768:02d4 10:56:22.506 Client free 768:02d4 10:56:22.506 Processing additional info... 768:02d4 10:56:22.506 Post message about detected products 768:09a4 10:56:29.476 Try to validate user input... 768:09a4 10:56:29.476 After call, error = 0, ret code = 0) 768:05fc 10:56:29.476 Client malloc 768:05fc 10:56:29.476 Client malloc 768:05fc 10:56:29.476 Client malloc 768:05fc 10:56:29.476 Client malloc 768:05fc 10:56:29.476 Try to call removing... 768:05fc 10:56:29.819 After call removing, error = 0, ret code = 0) 768:05fc 10:56:29.819 Client free 768:05fc 10:56:29.819 Client free 768:05fc 10:56:29.819 Client free 768:05fc 10:56:29.819 Client free 768:05fc 10:56:29.819 Removing cancelled INC000009388953 What should we try next? Thank you very much
  4. Hi, We are having the same issue for one of our customers. Disabling Kaspersky or individual components does not thing for us, however, disabling the Outlook add-ins seems to fix it. Is there a private patch available that fixes this issue? Thank you
  5. Hi, That is %PROGRAMDATA%\KasperskyLab\adminkit\1103\klserver.cer, correct? Replacing that certificate and restarting network agent would work, or is there another place where you save the serial/thumb? Thanks
  6. The MITM attack can be mitigated by distributing the certificate with the network agent, instead of pulling it from KSC upon first connection. See parameters https://support.kaspersky.com/12396#block1 Overall it would be nice if there would be a fully functional PKI, including the possibility to use client certificate authentication and integration with the Windows certificate store.
  7. Hi, So basically using a certificate with a "short" lifetime (1-3y) is not really feasible, unless we have a way to reinstall network agents by means other than KSC (with the new/renewed certificate), and there are no plans to add the possibility to let the network agents trust more than one public key/certificate, correct? Thank you
  8. Hi, I think there is a misunderstanding here. I want to know whether there is any way to change the server certificate, while avoiding that "all Network Agents connected through SSL will no longer connect to the Server returning the Administration Server authentication error." The real question is whether you provide a way to distribute an additional (the new) certificate to network agents, and if not, do you have that on your roadmap?
  9. Hi, The question is about a new server that has yet to be installed, I guess we would pick 10.3.434 + patch A for KSC/nagent.
  10. Hi, We are considering to use a certificate from a public CA for KSC, however, in all the guides it says 'When replacing the certificate, all Network Agents that were previously connected to Administration Server through SSL will lose their connection and will return "Administration Server authentication error".'. How can renewal be handled? Is this not supported at all at this point? Where does the network agent store the certificate? Thank you
  11. Hi, You can mark it as solved. Thanks for the help!
  12. Hi, Installing the patch from KB13806 fixed things. Are there any plans to release an updated KS4WS that contains the various fixes? Thank you
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.