[KAVFSWP consuming 99% of CPU [MOVED]]

This is now occurring on KAV 11.0.0.480 servers.

I attempt to do a GetSystemInfo but the server is so busy the command cannot be ran without killing the KAVFSWP process.

I modified the “Application Settings”, “Scalability,Interface and scan settings”,  “Scan settings Tab”, Limit CPU usage for scanning threads is checked and set to 50%.

Suggestions anyone? this is occurring at least 4 or 5 times per week on random servers.

 

Help Please!

[upgrade Kaspersky network agent from old version to version 12 from command line [MOVED]]

We use a Kaspersky Security Center Task to overwrite the Existing agent to the latest version.

Example upgrading Klnagent from 11.0.0.1131 to 12.2.0.4376

unselect the Task Settings “Do not re-install application if it is already installed”.

 

[network agent]

Go to your Install Task.

Select Settings

Remove the Check from the Box “Do not re-install application if it is already installed”

 

[Blocking applications by hash [moved]]

The Only way I am aware of is if you select “Add”, then “From File Properties” then in the Metadata section add a check to the Filename, and add the filename.

But….

I have always assumed if that is done, it would white list that file and if a malicious file of that name was used it would be allowed to run. So evaluate your situation with caution using filename Only. Add other info or at least vendor.

[KAVFSWP consuming 99% of CPU [MOVED]]

Anyone?

[Does anybody really use KES for Mac/Linux?]

We keep attempting to Nurse KES for MAC but not very good luck.

Example: when a MACBook goes to sleep, then is awakened, KES works but KLNAgent dos NOT.

So from the perspective of the Security center it acts like KES is Dead, but it is actually only the KLNAgent not talking. 

A restart of the Agent or a restart of the OS does fix it for a short time.

But MAC people believe that a restart does Not need to occur.

 

[KAVFSWP consuming 99% of CPU [MOVED]]

Occasionally a Server will be unresponsive and when we look at it, the kavfswp.exe is running Multiple times and the combination of them is 99% of the CPU. The Processes also shows “Kaspersky Anti-Virus worker process (32bit)” shows all the CPU being utilized.

This occurs on KAV 10.1.1.746 and 10.1.2.996 versions.

Why would this occur?

What can I do to avoid it? 

 

[Scan on Battery]

Can someone explain the Option in the MAC Policy:

• Disable or enable the start of scheduled tasks when the computer is running on battery power.

If the Scan task is running and the User removes the Power to his MAC, Should the Scan Pause?

David

[KSN Servers unavailable]

The Security Center KSN Proxy settings are like this:

 

The Workstation Policy is this:

The server only gets restarted once a month. the errors occur frequently on at least half of our workstations frequently.

David

[KSN Servers unavailable]

Random Machine get errors KSN Servers unavailable in the security Center.

The Client end gets message in OS Event log: 

Source:    klsecuritycenter
Event ID:    1
Level:    Warning
User:    
OpCode:    Info
Process ID:    0
Logged:    1/14/2021 2:42:29 PM
Category:    None
Keywords:    Classic
Computer:    HXTREAT-2.xxx.domain.org
Thread ID:    0
Description:
>>> Update & retranslation task: ^^^ Could not get PRCP-proxy to component (KSN). #1195 Resource is unavailable
 

Security Center is 11.0.0.1131

Workstation Client is Version 11.2.0.2254 with pf6090

Most show an Error then within a minute or two show KSN available.

David

[Security Center Device selection search]

I was attempting to create a Device selection to Identify what KES 11.2 devices have the firewall module installed.  I create a new selection, go to properties, select “applications components” then put a check in firewall. save it.

My Search criteria is:

(Device name or IP address = “*” and Application component = “Firewall” )

it does not work because it returns with every device in our managed devices.

I have a few I changed components and removed firewall and they are in the results.

Can this search be done?

David

[KES won't start, etc., Mac Mojave. [split and moved]]

We also have these same symptoms on different versions of OS, different versions of Agent and Program. The symptoms remain the same.

Trace files were submitted and ticket eventually closed because I could not get access to another MAC to get more trace files.  If the Trace is ran continuously the trace files are too large when the lockup reoccurs.

David

[Perimeter Firewall Exception]

I found this article: 15052

at this URL:  https://support.kaspersky.co.uk/15052?

 

Are the Listed sites the ONLY sites we need to allow?

[Perimeter Firewall Exception]

I was asked by our Firewall security to give them a list of URL’s or IP addresses that Kaspersky needs.  Example: what is the URL for Updates, KSN, Patches that the security center needs to get to.

Our Perimeter firewall now blocks all out of country IP Addresses. I need a list so that I can make sure the KSC can gets needed files and updates.

I know a Port list exists, but does a Destination list exist?

David 

[Connecting to kaspersky Administration Console failed]

Check you OS Event Log and Free space where the KAV.DB is located.

[Kaspersky Security Center 10 data Backup and restore]

I had to give “Everyone” Full access to the Backup folder to get the Backup to run.

 

[issue in kasper security center 11 after upgrade]

After I upgraded I discovered that the Database filled the Hard disk.

Check your OS Event Log (Applications and Services Log/Kaspersky Event Log) find the Event related to your Administration Server. If will not load the reason should be listed.

According to Kaspersky Support,  with KSC 11 the Application Control will grab 30 GB per 1000 hosts. (10.5.1781 my entire KAV.DB was 9GB now with KSC 11, it is 51 GB and growing...)

[Device Control Question]

Silence is not a value to me.

I opened a Ticket with support and they also cannot resolve it.

 

[Threat Reports completely empty...]

I have that Problem and Support was able to get it working after applying “Patch a”.

But most devices that have a viruses detected” will NOT show  any results.

Sometimes it does show in the  Repositories Quarantine or Unprocessed files, but mostly No. You have to go to the Reports on the local machine to find out. Support claims that the Event log or Event Database is too full or cannot handle the traffic for 5000 Devices on One Security Center.

[Linux Policy "Enforcement Failed"]

I forgot to mention that I am using Security Center 11.0.0.1131

David

[Linux Policy "Enforcement Failed"]

Running: Linux CentOS 7 (64Bit), Agent 11.0.0.29, KES 10.1.1.6421

I am beginning to use KES on Linux. After installing the Agent and KES, I created a Policy for the server. (KES 10 SP1 MR1 for Linux) the Policy is RED, a note states that “Enforcement failed”. I deactivated the Policy and created a Fresh Policy it also Fails. 

When I select Devices the Server seems to be OK and is in GREEN status. Realtime is running.

When I select Tasks my Update and Scan Task do not show any device assignments (There should be the One test server.

What should I focus on as a potential fix?

David

[Device Control Question]

How would I know if the USB HDD is detected by the OS as MTP?

When I plug in the USB HDD and Go to Control Panel, Devices and Printers, I see the Drive and the properties on the General Tab say “Categories: Storage Device”

The Hardware Tab Shows the Name of the Drive as “Portable Devices”, and the WD 50000AAV External USB Device as a Type of “Disk drives”.

Does that answer what you were seeking?

David

 

[Device Control Question]

I can control the USB Memory sticks without any issues.

When I plug in an iPhone or External Hard disk they are both identified as “Portable devices (MTP)”

In the “Portable devices (MTP)” access I removed the check for Read and Write for the Everyone account. the Added System (NT Authority\SYSTEM) added a check for Default Schedule and Read, Write. Then added my UserID with adding a check for Default Schedule and Read, Write.

I get the message that it has been Blocked.

[Device Control Question]

Using KSC 11.0.0.1131 and KES 11.0.0.6499

Using Device Control, I am trying to control access to USB Ports. My Goal is to Deny USB Removable Drives, and Cell Phone storage. When I turn on Removable Drives Access to limit Except for a Support group, It works But…. When we access a USB External Hard Disk it is denied access.

If I do Not have “Portable devices (MTP) Blocked, I can use as desired except that cell phone storage can be accessed. Why would a External USB Hard disk be Blocked using the MTP item?

I attempted to allow a trusted device and could not get that to work properly.

[Best Practice KES 11]

One Method I found.... Edit the Policy, go to Device Control, Select Removable drives, Select Edit, Add the AD Group that you want to allow access to Removable drives. Remove the Everyone Group, Add a Check in the Box for Default schedule. Still testing for actual results.