MilanBortel

Hi @Kumar_K, great it all worked out 😉 Take care, Milan

Hi @StanAsterisque, I have no info about this being a known issue.. To be honest, as with any other AV vendor, there are typical scenarios we deal with - Kaspersky is blocking this and that.. Kaspersky thinks this is a malicious app, but it’s not - it is our internal tool … so of course, we have to be able to work it out somehow 🤕 To resolve this, I’d recommend simple test - let KSWS run on the affected server, but use policy settings to switch off/on one module after other and see if the CPU usage has decreased or not.. In other words - try to identify which component/task might be the cause.. Once we know the specific module, then we can optimize the policy, you know.. 🤓 Cheers, Milan

Hi @StanAsterisque, what products/versions are you using? Did you install Kaspersky Security for Windows Servers on that hosts? That’s the recommended version on server OS. I’d start with that 🤠 Cheers, Milan

Hi @rinnofer, it might be interesting to see what policy was active on this specific host. Can you share with us? Do you have password protection enabled for KES operation? And also for Network Agent? These are crucial settings. If you personally can turn off KES on the server, then the attacking malware can do the same. Not being KES problem rather the configuration issue 🙄 Let us know! Cheers, Milan

Hi @Kumar_K, well, I think that after restoration of the old KSC backup on the new KSC, there is no further action needed. All the keys will be restored and available. So you will just move all the computers to the new KSC. One more thing came to my mind. On the computers KES stores these encryption/decryption keys also locally, so they could work offline (with no KSC connectivity). And after you move the computers to new KSC, they will sync these keys with KSC if they are missing.. does it make sense to you? 😜 Milan

Yeah, @Kumar_K the option to import Encryption keys IMHO means that the new KSC server would use the old KSC’s master encryption key and thus being able to manage all external encrypted drives. You know, with KSC installation, there are always SSL certificate and master keys for FDE and FLE generated.. However, if you restore the backup from old KSC to new KSC, all the keys and certs will be restored, so I would fear no more.. I think external USB will work just fine with the new KSC 😇 Cheers, Milan

Hi @Kumar_K, when you forget the BitLocker PIN, you have to enter the recovery key: BitLocker recovery key promptThis is the MMC interface: BitLocker recovery keyAfter successful boot, user is prompted to change the password: BitLocker Change password promptAfter password change, both recovery key and recovery key ID are updated on KSC side: KSC - BitLocker recovery key and ID has been changedIf KSC backup has been made prior to this update, I’d assume that the new recovery key won’t be available after restore in new KSC.. haven’t tested that scenario, though. So, my recommendation - the migration process should take place either over night or during weekend, where the risk of this inconsistency would be minimized. Anyway, you can run both old and new KSC for few days after migration and keep backups to be able to restore access to encrypted drives if that occured during the migration process. I believe that you do have documentation of this, right? To be able to say which user has asked for which recovery key at what date/time.. 😀 Cheers, Milan

Hi @Kumar_K, from my experience it works fine. I personally did it this way: back up old KSC install new KSC on new host restore backup from old KSC (after this step, all encryption/decryption keys are present on new KSC) reconnect all hosts to new KSC (change administration server task or reinstall Network Agent with new connection settings) Change Administration Server task tadaaaaa 🤠 Let us know, if you have any further questions Cheers, Milan

Thanks, well.. maybe it’s a good idea to use KSWS instead. This product is tested on servers, more suitable then KES (this is meant to be used on personal OS) 🤡 Anyway, let us know the outcome from support, it is always interesting to see how the troubleshooting worked out :) Cheers, Milan

Hi @osama.mansoor, you don’t say what security product you have installed on the server? It’s either the KES (https://support.kaspersky.com/kes11) or KSWS (https://support.kaspersky.com/ksws11). Let us know, so we can assist you more effectively 😎 Cheers, Milan

Hi @apts, can you share your KES policy with us? I suppose you don’t have the firewall rules set up correctly 🤠 Cheers, Milan

Hi @chaibou, can you check, if on the target host is the encryption component installed? open device properties go to applications, select KES and open properties: Device properties→Applications→KES Properties Switch to components and check the Status: KES ComponentsCan you share printscreen with us? It may help to track the cause.. Cheers, Milan

sorry, it will be better the first article, you don’t need to change the tracing level … Trace files using registry keysCheers, Milan

Hi @MunirOmar, maybe you can check your registry keys → we can turn on/off trace files directly in registry 🤠 Follow instruction nr. 5) in this article: Trace files using registry keysThen delete the log file and see if it’s recreated again. Good luck, Milan

Hi @MunirOmar, thanks for clarification. Firstly, I’d recommend to use different Kaspersky product for servers (KSWS), as it’s designed and tested for that OS type. See this link for more details. If you want to stay with KES, I’d try to pause protection for that host (via console or locally from system tray): KES → Pause protectionWhen it’s paused, delete that log file, then enable protection and see if that log file is recreated again.. 🤓 Cheers, Milan