[Восстановление подключения агента к серверу управления]

Скрипт:

$klnagent_status = (Get-Service klnagent -ErrorAction Ignore).Status
if( -not [string]::IsNullOrEmpty($klnagent_status) )
{
    Try {
        [string]$KLMoveTo = ""

        if($env:PROCESSOR_ARCHITECTURE -eq "AMD64")
        {
            $Target_Protection_AdmServer = [string](Get-ItemProperty 'HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\' -ErrorAction Ignore).Target_Protection_AdmServer
            $Protection_AdmServer = [string](Get-ItemProperty 'HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState' -ErrorAction Ignore).Protection_AdmServer
            $Agent_InstallDir = [string](Get-ItemProperty "HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\1103\1.0.0.0"-ErrorAction Ignore).InstallDir
        }
        else
        {
            $Target_Protection_AdmServer = [string](Get-ItemProperty 'HKLM:\SOFTWARE\KasperskyLab\' -ErrorAction Ignore).Target_Protection_AdmServer
            $Protection_AdmServer = [string](Get-ItemProperty 'HKLM:\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0\Statistics\AVState' -ErrorAction Ignore).Protection_AdmServer
            $Agent_InstallDir = [string](Get-ItemProperty "HKLM:\SOFTWARE\KasperskyLab\Components\34\1103\1.0.0.0"-ErrorAction Ignore).InstallDir
        }

        if(-not [string]::IsNullOrEmpty($Target_Protection_AdmServer) -and ($Target_Protection_AdmServer -ne $Protection_AdmServer) )
        {
            if ( $(Test-NetConnection -ComputerName $Target_Protection_AdmServer -Port 13000 -WarningAction SilentlyContinue -InformationLevel Quiet ) )
            {
                $KLMoveTo = $Target_Protection_AdmServer
            }
        }

        if( -not [string]::IsNullOrEmpty($Protection_AdmServer))
        {
            if ( $(Test-NetConnection -ComputerName $Protection_AdmServer -Port 13000 -WarningAction SilentlyContinue -InformationLevel Quiet ) )
            {
                . "$($Agent_InstallDir)\klnagchk.exe"
                if ( -not $?)
                {
                    $KLMoveTo = $Protection_AdmServer
                }
            }
        }

        if($KLMoveTo)
        {
            Stop-Service klnagent -ErrorAction Ignore
            Start-Process -FilePath "$($Agent_InstallDir)\klmover.exe" -ArgumentList "-address $($Target_Protection_AdmServer) -silent" -NoNewWindow -Wait
            Start-Service klnagent -ErrorAction Ignore

            Start-Sleep -Seconds 5
            Restart-Service klnagent -ErrorAction Ignore
        }
    }
    Catch {
    }
}

 

Групповые политики:

Копирование файла на клиентские ПК:

<File clsid="{50BE44C8-567A-4ed1-B1D0-9234FE1F38AF}" name="klmover.ps1" status="klmover.ps1" image="1" changed="2024-03-28 07:40:22" uid="{5366A378-8BFF-49E6-86B7-135FA9A3D210}">
    <Properties action="R" fromPath="\\<NetworkShare>\klmover.ps1" targetPath="%WindowsDir%\klmover.ps1" readOnly="0" archive="1" hidden="0" suppress="0"/>
</File>

 

Создание задачи запуска скрипта:

<TaskV2 clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}" name="klmove" image="0" changed="2024-04-10 13:31:36" uid="{7D0F26FD-8964-4699-8386-B5D262A15B85}" userContext="0" removePolicy="0">
	<Properties action="C" name="klmove" runAs="СИСТЕМА" logonType="Group">
		<Task version="1.2">
			<RegistrationInfo>
				<Author>Erael</Author>
				<Description></Description>
			</RegistrationInfo>
			<Principals>
				<Principal id="Author">
					<RunLevel>HighestAvailable</RunLevel>
					<GroupId>СИСТЕМА</GroupId>
				</Principal>
			</Principals>
			<Settings>
				<IdleSettings>
					<Duration>PT5M</Duration>
					<WaitTimeout>PT1H</WaitTimeout>
					<StopOnIdleEnd>false</StopOnIdleEnd>
					<RestartOnIdle>false</RestartOnIdle>
				</IdleSettings>
				<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
				<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
				<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
				<AllowHardTerminate>false</AllowHardTerminate>
				<AllowStartOnDemand>true</AllowStartOnDemand>
				<Enabled>true</Enabled>
				<Hidden>false</Hidden>
				<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
				<Priority>7</Priority>
				<StartWhenAvailable>true</StartWhenAvailable>
			</Settings>
			<Triggers>
				<BootTrigger>
					<Enabled>true</Enabled>
					<Delay>PT30M</Delay>
				</BootTrigger>
				<TimeTrigger>
					<StartBoundary>2024-04-10T11:29:19</StartBoundary>
					<Enabled>true</Enabled>
				</TimeTrigger>
			</Triggers>
			<Actions Context="Author">
				<Exec>
					<Command>powershell.exe</Command>
					<Arguments>-NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File c:\Windows\klmover.ps1</Arguments>
				</Exec>
			</Actions>
		</Task>
	</Properties>
	<Filters>
		<FilterOrgUnit bool="AND" not="0" name="OU=...,DC=domain,DC=local" userContext="0" directMember="0"/>
	</Filters>
</TaskV2>

 

Указание целевого сервера администрирования:

<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="Target_Protection_AdmServer">
	<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="Target_Protection_AdmServer" status="Target_Protection_AdmServer" image="6" changed="2024-03-27 16:23:10" uid="{12A67558-0D56-4155-8B36-31FD502D21AB}" bypassErrors="1">
		<Properties action="R" displayDecimal="0" default="0" hive="HKEY_LOCAL_MACHINE" key="SOFTWARE\WOW6432Node\KasperskyLab" name="Target_Protection_AdmServer" type="REG_SZ" value="server.local"/>
		<Filters>
			<FilterVariable bool="AND" not="0" variableName="PROCESSOR_ARCHITECTURE" value="AMD64"/>
		</Filters>
	</Registry>
	<Registry clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}" name="Target_Protection_AdmServer" status="Target_Protection_AdmServer" image="6" changed="2024-03-27 16:23:36" uid="{BD980A4D-F62F-4D01-9947-585CA3B0EEF5}" bypassErrors="1">
		<Properties action="R" displayDecimal="0" default="0" hive="HKEY_LOCAL_MACHINE" key="SOFTWARE\KasperskyLab" name="Target_Protection_AdmServer" type="REG_SZ" value="server.local"/>
		<Filters>
			<FilterVariable bool="AND" not="0" variableName="PROCESSOR_ARCHITECTURE" value="x86"/>
		</Filters>
	</Registry>
</Collection>

 

 

[Установка агента через GPO]

Скачиваем с Kaspersky Security для бизнеса Network Agent для Windows.

Распаковываем архив и достаём из него файл Kaspersky Network Agent.msi.

Сохраняем скрипт рядом с файлом Kaspersky Network Agent.msi и запускаем.

make-klnag4GPO.ps1 <имя сервера администрирования> (по умолчанию скрипт нацелен на 127.0.0.1)

После успешного завершения скрипта добавляем в GPO на установку.

<#

 #>
[CmdletBinding()]
PARAM(
    [parameter(Position = 0)]
    [String]$SERVERADDRESS = "127.0.0.1",
    [parameter(Position = 1)]
    [String]$PATH = "Kaspersky Network Agent.msi",
    
    [String]$Tags = "KLNagGPO"
     
)#PARAM
 
Begin {     
}

Process {
    $windowsInstaller = New-Object -ComObject WindowsInstaller.Installer
    function Set-MSIProperty {
        Param (
            [string] $Property,
            [string] $Value
        )
        try {
            $QueryView = "SELECT Value FROM Property WHERE Property = '$Property'"
            $View = $MSIDatabase.GetType().InvokeMember(
                "OpenView",
                "InvokeMethod",
                $Null,
                $MSIDatabase,
                     ($QueryView)
            )
 
            $View.GetType().InvokeMember("Execute", "InvokeMethod", $Null, $View, $Null)
            $Record = $View.GetType().InvokeMember("Fetch", "InvokeMethod", $null, $View, $null)
            [System.Runtime.Interopservices.Marshal]::ReleaseComObject($View) | Out-Null
            if ([string]::IsNullOrEmpty($Record)) {
                $QuerySet = "INSERT INTO ``Property`` (``Property``,``Value``) VALUES ('$Property', '$Value')"
            }
            else {
                [System.Runtime.Interopservices.Marshal]::ReleaseComObject($Record) | Out-Null
                $QuerySet = "UPDATE Property SET Value = '$Value' WHERE Property = '$Property'"
            }
             
            $View = $MSIDatabase.GetType().InvokeMember(
                "OpenView",
                "InvokeMethod",
                $Null,
                $MSIDatabase,
                     ($QuerySet)
            )
            $View.GetType().InvokeMember("Execute", "InvokeMethod", $Null, $View, $Null)
            $View.GetType().InvokeMember("Close", "InvokeMethod", $Null, $View, $Null)
            [System.Runtime.Interopservices.Marshal]::ReleaseComObject($View) | Out-Null
        }
        catch {
            Write-Warning -Message "Set-MSIProperty"
            Write-Warning -Message $_
            Write-Warning -Message $_.ScriptStackTrace
        }
    }

    try {
        $MSIDatabase = $windowsInstaller.OpenDatabase($(Get-ChildItem  $PATH).FullName, 1)
    
        <#
        # LIMITUI              = 1
        # EULA                 = 1
        # SERVERADDRESS        = 127.0.0.1
        # DONT_USE_ANSWER_FILE = 1
        # NAGENTTAGS           = KLNagGPO
        #>
        Set-MSIProperty "EULA"                  "1"
        Set-MSIProperty "LIMITUI"               "1"
        Set-MSIProperty "DONT_USE_ANSWER_FILE"  "1"
        Set-MSIProperty "SERVERADDRESS"         $SERVERADDRESS
        Set-MSIProperty "NAGENTTAGS"            $Tags
 
        
        $MSIDatabase.GetType().InvokeMember("Commit", "InvokeMethod", $Null, $MSIDatabase, $Null)
        [System.Runtime.Interopservices.Marshal]::ReleaseComObject($MSIDatabase) | Out-Null 
    }
    catch {
        Write-Error "Error!!!"
    }
    
    [System.Runtime.Interopservices.Marshal]::ReleaseComObject($WindowsInstaller) | Out-Null 
    [System.GC]::Collect()
}
End {   
}

 

[Ошибка прохождения проверки Endpoint Security On Demand]

Добрый день!
 

Как писал ранее эта проблема решается созданием ссылки

ln -sf /var/opt/kaspersky/kesl/common/kesl.ini /opt/kaspersky/kesl/shared/init/kesl.ini

Возможно у пользователя нет разрешений на чтение этого файла. В этом случае нужно выполнить команду

chmod a+r /var/opt/kaspersky/kesl/common/kesl.ini

 

[Ошибка прохождения проверки Check Point Endpoint Security On Demand]

Добрый день!

Самым простым способом будет инициировать самоисправление KES.

$KSCExportList = @"

Сюда пишим имена компьютеров 
hostname1
hostname2
...
hostnameN
  
"@.Trim().Split("`n").Trim()

$KSCExportList | %{

    Invoke-Command -ComputerName $_ -ScriptBlock {

    $UninstallList = (Get-Item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall -ErrorAction SilentlyContinue).GetSubKeyNames()
    $UninstallList += (Get-Item HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall -ErrorAction SilentlyContinue).GetSubKeyNames()
    

    $KESW_vers = (
    "{9A017278-F7F4-4DF9-A482-0B97B70DD7ED}", #"11.2"
    "{192DE1DE-0D74-4077-BC2E-A5547927A052}", #"11.3"
    "{AF1904E7-A94C-4F4C-B3B7-EC54D7429DA2}", #"11.4"
    "{7B437856-99E3-4F01-B31C-B5A26465C633}", #"11.5"
    "{7EC66A9F-0A49-4DC0-A9E8-460333EA8013}", #"11.6"
    "{F4ECE08F-50E9-44E2-A2F3-2F3C8DDF8E16}", #"11.7"
    "{1F39E63E-3F9C-4E21-928B-136C6362E88B}", #"11.8"
    "{6BB76C8F-365E-4345-83ED-6D7AD612AF76}", #"11.9"
    "{305A9EC9-294E-4555-A7C5-E1C767E01C11}", #"11.10"
    "{BF39B547-8E24-4E11-8179-183B2F7C83EB}", #"11.11"
    "{E70CCFE8-163C-4E2B-BC36-61B747DAD590}"  #"12.0"
    )


    $KESW_Installed = (Compare-Object $UninstallList $KESW_vers -IncludeEqual -ExcludeDifferent).InputObject


    $ExitCode = (Start-Process -FilePath "msiexec.exe" -ArgumentList "/i $KESW_Installed REINSTALL=ALL REINSTALLMODE=amus EULA=1 PRIVACYPOLICY=1 SKIPREBOOTPENDING=1 /lv*x c:\windows\KESW_reinstall.txt /qn" -Wait -PassThru)

    "ExitCode = $ExitCode" | Out-File C:\Windows\KESW_reinstall.txt 

    #set-ItemProperty HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES.21.8\Data\ -Name NeedReboot -Value 1
    #set-ItemProperty HKLM:\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES.21.8\Data\ -Name NeedForcedReboot -Value 1

    } -AsJob -jobname JobKSC-$_
}

 

[Вылетает программа при вызове OpenFileDialog openFileDialog1 = new OpenFileDialog();]

Добрый день!

Попробуйте переписать функцию с использованием функции GetOpenFileName из comdlg32.dll.
Пример кода: https://stackoverflow.com/a/68712025

[Ошибка прохождения проверки Endpoint Security On Demand]

Добрый день!

С этой ошибкой рекомендую открыть обращение в техническую поддержку головной организации.

Как временное решение.
Создание временной ссылки на файл kesl.ini
 

ln -sf /var/opt/kaspersky/kesl/common/kesl.ini /opt/kaspersky/kesl/shared/init/kesl.ini