HallFS

Hi everyone. I would like to know if there is a way to make KES Cloud to trust certificates signed with certs stored in CA root repo of Windows. I know that the on-prem solution allows it but with the cloud version I'm having troubles with a customer that is facing a lot of issues with his systems due that limitation when he enables KES to inspect encrypted connections. We have noticed that the endpoint seems to be able to import certificates, but we didn't find any way to enable this option locally or in the console. Thanks in advance!

@shahzad40 this screen that you’re showing is to configure KATA, not EDR. To configure EDR before the Endpoint Security 11.7, we needed to go to the endpoint agent policie and set the agent configuration there. Now, with 11.7 you have those option on the Web Console: You can find all EDR settings that used to be in the older Endpoint Agent options on the last screen: You need to have the Endpoint Optimum license in order to be able to use EDR. On the last quart of the past year, I remember that Kaspersky has launched The Kaspersky Optimum Security package, that included in the same license the Endpoint Security, the EDR Optimum and Kaspersky MDR.

I don’t think will you need of these others components anymore. At least is what Kaspersky documentation suggests. https://support.kaspersky.com/KESWin/11.7.0/en-US/127969.htm

Yes, it's possible. Starting with Kaspersky Endpoint Security 11.7 for Windows, the Endpoint has built-in EDR capabilities. If you already has the old Endpoint Agent that was responsible for the EDR capabilities, you can use a wizard to migrate the configuration for the Endpoint Security. Although you can only manage it through web console with the appropriate web-plugin installed and it also requires KSC 13.2. https://support.kaspersky.com/KESWin/11.7.0/en-US/213425.htm

Does anyone know if it’s in Kaspersky’s road map adding DLP capabilities to KES in order to the Endpoint be able to detect data patterns on files, clipboard, etc and prevent data movement based on rules? (It would be interesting if it came with pre-set templates). I’m asking it because I work for a Kaspersky reseller in Brazil and a lot of customers pointed that a much cheaper endpoint has this capability (we were able to revert the potential lost deal showing all the other advantages and capabilities of KES and I also managed to convince some customers in using web filter control and device control to block and monitor the manipulation of certain types of files and the use of the reports to track the potential data leakage, but that’s not quite well a complete DLP solution). A feature that I also miss a lot is the possibility to make lookups of websites categories defined by KSN and to send a requests for revaluaton of the website in the case it isn't put in the most appropriate category. Thanks in advance if someone in Kaspersky Engineering/Project teams has this information, because i couldn’t obtain a conclusive answer of the LATAM assistance team wich we use to interact with.

Well, if you doesn’t have the task for this product and no one have deleted it, perhaps it didn’t exist before. You have to create a new On-demand Scan task scan to run periodically on your servers. If you have a task for the workstations and this task exists and is applied on to this separate management group for your workstations, so it won’t be run on your servers. If you have installed KES for Windows in your machines and KES for Windows Server on your servers and created a task only for KES Windows, so this task will only be executed on those machines with this product. One thing will have to be aware of is that the task will be executed accordingly with the scope you define it to run. If you create a task in the tasks section, the it will ask you to define it. If you define it on a determined management group, then it will assume that the scope of execution of the task is that management group. Best regards.

Hi Kaspersky Community! I work for a Kaspersky reseller and I’ve prepared a lab environment for future demonstrations of the Kaspersky Endpoint Security capabilities and features for our customers. Actually I started dealing with Kaspersky Endpoint Security recently and I’m liking it a lot. What I was trying to do was simplify the application of polices that need minor changes from one machine to another and for that I thought using policy profiles would be a good choice. For instance, in my environment I deployed some machines with Windows 10 and installed the KES 11.6. (I’m also using KSC 13). I created rules to automatically tag those machines based on their IP addresses. Worked perfectly. I also created a policy profile that have to be applied for any machine with determined tag (no problems with that too). On the main policy of the KES, I’ve defined that it has to block any incoming traffic to Remote Desktop Services (3389) and I created a police profile that allows traffic to this port depending on the remote IP address. Unfortunately it doesn’t worked as expected. It’s simply ignoring completely the policy profile and applying the packet filtering table of the main police, even with the device being marked as having the police profile applied on it. My intention with that is to be able to demonstrate to the customer that he doesn’t need to create multiple groups and multiple polices and that he can just can tag automatically his machines and apply different policy profiles accordingly with those tags. A strange behavior that I also have been experiencing is that when I allow traffic on the port 3389 only for a specific IP address (192.168.1.160 in the evidence) on the main policy it allows traffic incoming from any IP address. I’m working with those rule lists the same way I work with as usual firewall. On the first rule I allow all outgoing traffic, on the middle I define the allowed incoming traffic and in the last rule I block all incoming traffic that doesn’t match the previous rules. Is the order of the rules relevant for the Kaspersky firewall or it behaves like a Windows Firewall that doesn’t care about the order. Am I doing this correctly or Am I misinterpreting the way KES firewall works? I’m also sending some captures of what I’ve experienced in my environment and my current configuration and I hope someone that have faced similar challenge can give me some glance of what is going on here. Thanks you for your time and attention! I’ll really appreciate it.

A straight shot, Demiad. Let’s go to close this deal. Thank you very much!

Hi Kaspersky community! I work in a Kaspersky reseller and I’m facing unusual behavior during and after the installation of KSC 13.0.0.11247. I used to work in another field but recently I got transferred for the IS sales team. Our customer is a medium sized company and it’s interested in deploying Kaspersky to protect its network. Last Friday, the IT Manager of this company contacted us and said that he was trying to test the product by himself, but was unable to install it properly without the MMC console crashing. I thought he was doing something wrong, so I scheduled an online meeting next Tuesday in order to demonstrate the product capabilities and etc. I set up our test environment with two VMs with fresh installations of Windows Server 2016 Standard x64 with MS SQL Server Express 2019 with the KSC installed in the same machine. Each machine has 20 GB of RAM and 500 GB HD and I limited the maximum amount of RAM that can be consumed by SQL Server to 8GB. I’m now facing the same issues. After the installation, the configuration process through MMC Console isn’t smooth and breaks constantly and in different phases in both machines. Sometimes it crashes after downloading the packages, or during the acceptance of KSN terms. It’s bizarre. I’ve tried a fresh install of the product four times and it continues to happen. When I finally managed a way to finish the installation, after opening MMC, connecting to server and clicking in Managed Devices the MMC just crashes. I’m just going to try installing the previous version in order to demonstrate some of the functionalities of the product, but this customer always wants everything in the latest version available, so no deal if we offer to install KSC 12.2.0.4376 in theis environment. Does someone else here is experiencing those issues? I’m sending some prints that I’ve gathered from my environment. I think it maybe can help, but seems that the KSC is stuck in an insert operation that is compromising the database performance and making the entire environment crash. Thanks for your time and attention!