ak01

We have several sites, divided into subgroups and for each subgroup a distribution point. We have one centralized KSC. All the laptops are divided into their site group so that they get updates locally. Now, we want to also manage the laptops when they are at home (home office and so on), therefore we would like to set up a connection gateway within the DMZ. According to https://support.kaspersky.com/13756#block3 a connection gateway also needs to be bound to a subgroup or a network location (“set of devices associated with this update agent”). However, do we need the same amount of connection gateways than distribution points (one for each site) or can we use one centralized CG for all of them? Is it possible to leave that CG subgroup binding blank and to create a new network connection profile in network agent policy to point external devices (when they are external) to that one new CG? Is this possible and how would this be possible?

maybe they are all acting as a distribution point?

on a (terminal) server, you should use KSWS (Kaspersky for WIndows Server). Normally, KES has local “Reports” (which means Logs), which component blocks something. In your case I would check for self defense (maybe a profile mechanism of citrix tries to sync certain registry entries of KES, which KES self defense blocks...).

We have several unknown (very specific, not publically used) 3rd party applications, which are trusted as low restricted and therefore Access to webcam/microphone and so on is blocked. So KSC and KSN does not have a categorization for them. However, the KSC administrator does not recognize that something is blocked because the message “Host Intrusion Prevention was triggered” is only shown on client reports. It would be nice if this message (with Reason blocked) would appear on KSC. I can understand that this message can occur many times so that KSC could be spammed with messages. My suggestion would be to do some kind of throttling on client side (e.g. send only the first message within 5 minutes) for this kind of message “Host Intrusion Prevention was triggered” (and Reason blocked), so that the KSC administrator sees that within the computer events (and can trigger an e- mail). The KSC administrator would be attentive that KES blocked something (now, the events do not show anything, however, the third party application does not work properly). Allowed Message: 11.09.2019 08:40:50 Host Intrusion Prevention was triggered Google Chrome DOMAIN\username Allowed: Access to webcam Access to webcam Access to webcam Application: Google Chrome User: DOMAIN\username (Active user) Component: Host Intrusion Prevention Result: Allowed: Access to webcam Action: Access to webcam Reason: Access to webcam Blocked Message: 22.08.2019 11:41:54 Host Intrusion Prevention was triggered 60.8.0; 20190719-0953 [950894abee] DOMAIN\username Blocked: Access to webcam Access to webcam Access to webcam Application: 60.8.0; 20190719-0953 [950894abee] User: DOMAIN\username (Active user) Component: Host Intrusion Prevention Result: Blocked: Access to webcam Action: Access to webcam Reason: Access to webcam

It would be nice if you would consider that suggestion in KSC 13/14/15… It is not mandatory for me, just a small improvement. In the past, I posted a few suggestions and some got implemented. Thank you very much for that because I work with other software manufactures, which do not really listen to customers.

Could you please change the System Message feature in KSC so that the text can be individually sized (it is a little bit too small). It would be interesting to be able to put html code as text so that font size/weight/color/... can be changed differently (no javascript!).

I have not had this problem yet however I do not have Win10 2004 PCs that often (just a few, less than 10). The KES upgrade on other Win10 versions (1909 and lower) works fine in our organization.

I am not aware of any problems with any ESX version (and Kaspersky). I would check the task manager on some of the VMs, which processes use up the memory.

Is “adding indexes to the KSC database” supported? The cpu is now under 20% (mostly) and the mmc reacts much faster.

KSC is able to list all entries and you can select and delete entries.

You need to install file encryption module (first one in the list).

I have ESX 6 and KSC12 and it works as expected. Which process(es) uses so much memory? Can it be pinned down to ksws process(es)? I checked one server where all kavfs*.exe and klnagent.exe processes use up all together about 150MB RAM (including 60 MB agent).

I had the issue that KSC MGMT Console (12.0.0.7734 and Patch A) was sometimes very slow. Sometimes, when I clicked through wizards, the wizard hang for a few seconds (but not always at the same position, it was always on different positions). I did some research on MSSQL Tuning and found a Maintenance Plan https://docs.microsoft.com/en-us/sql/relational-databases/maintenance-plans/use-the-maintenance-plan-wizard?view=sql-server-ver15 However, doing a Reindex (as explained) helped a bit but did not solve my issue. However, it seems that this Maintenance Plan cannot be used at MSSQL Express (but the SQL Transactions can be executed separately). In MSSQL Studio, I found a Performance Report, which states that there are about 100 missing indexes (by clicking on “Missing Indexes”, MSSQL Studio provides a list of suggested Indexes to add to improve performance): According to https://docs.microsoft.com/en-us/sql/relational-databases/performance/performance-dashboard?view=sql-server-ver15, when the score is above 100000, it could be sufficient to add these Indexes. I added about 25 Indexes, which had the highest score values and this significantly improved KSC Console performance. It also decreased CPU consumption. It would be interesting for me, if this is supported? For me, that improved the performance. Maybe Kaspersky could add such features to the next KSC version (adding more indexes than already automatically applied). What does the KSC database maintenance task do exactly? Does it do a Reindex anyway?

Can anyone answer my question?

We noticed that our clients now have KlNagSvc and ksnproxy Profile Folders (in C:\Users). Is that normal (I guess that this is caused by KSC agent and/or distribution point)? If yes, could you please explain the background (what is the reason for that)? I only found this concerning distribution point: https://help.kaspersky.com/KSC/11/en-us/188662.htm I have KSC12 and KES11.3.

I tried everything mentioned (clear update repository, delete an recreate global update task again, …), but nothing helped (update task ran for hours, almost every time “not all components were updated”. I ended up in updating mit KSC to v12 and that solved the issue. KES11.3 uses another (new) update mechanism, which (I guess) KSC also needs to support.

I tried everything mentioned (clear update repository, delete an recreate global update task again, …), but nothing helped (update task ran for hours, almost every time “not all components were updated”. I ended up in updating mit KSC to v12 and that solved the issue. KES11.3 uses another (new) update mechanism, which (I guess) KSC also needs to support.

I tried everything mentioned (clear update repository, delete an recreate global update task again, …), but nothing helped (update task ran for hours, almost every time “not all components were updated”. I ended up in updating mit KSC to v12 and that solved the issue. KES11.3 uses another (new) update mechanism, which (I guess) KSC also needs to support.

I put some domains into trusted addresses but it does not work (it only works when an exact hostname or IP address is added). How does an entry include subdomains (e.g. put company.com, should also cover www.company.com)? How about wildcards? I tested it and it seems that *.company.com does also not work. How can I achieve that?

You can either allow the exe file globally (do not scan network traffic) or allow all the destination addresses the program needs in Webcontrol. I do not know anything else.

You can add that executable to trusted programs exclusions (I don’t know how this is exactly called in the english policy) and tick “do not inspect traffic”. This should allow every traffic of that program (if you want that...). This setting shoud be in “general setting” → exclusions...

MSSQL communication can also be encrypted with SSL/TLS… Or you have a database problem (is it running?).

does the service start up well and keep running? What is the state of the service? Maybe the eventlog of Kaspersky (own category) tells you something interesting…

when you restart the ksc service, it takes a while (a few minutes) in order to be able to connect to it again. Maybe the service was not started yet? I have not tried to change that setting, I cannot tell you if this works.

You can put the executable into global exclusions so that traffic of this process does not get scanned...