mokaz

Good to know -- I'd also love to be able to run Kaspersky Home based products on potentials Linux systems -- I think it makes sense nowadays

Hi there, You can make the K very quiet on notifications indeed, although if your goal is to turn it all off -- I found that difficult. If Kaspersky reads this somewhat -- a user switchable "presenter mode/absolutely no notification" would be smart. Cheers, m.

Hi all, Thanks for your help !! It turns out that if you've got both "subscriptions" within your my.kaspersky.com account: - Kaspersky Premium - Kaspersky Secure Connection The default/firstly applied KSC license are taken from KSC. KL support teams instructed me to created another my.kaspersky.com account to "host" the KSC licenses only for hosts that only needs KSC. Perfect, solution found. Thanks, Cheers, M.

Hi all, Would some of you have examples of rules creation within KSIG ? My goal would be not the scan ISO images bigger than 100MB. I came with this although was wonder if the mime type isn't perhaps to "broad" so to speak: Bypass Rule Traffic filter HTTP Content-Length, KB greater than or equal to 100240 KB --- AND --- MIME type of HTTP message application/octet-stream It works as intended although if anyone might have better or sharper, it's welcome. Let me know, Kind regards, M.

Hi there team, Thanks to Black Friday. I've recently acquired new Kaspersky Premium licenses -- all fine with theses. My only "concern/question" is how can I leverage the included VPN Services, this specifically using/binding that newly bought Premium license? Indeed, previously, I've bought the KSC/VPN subscription (still active) and currently, any devices I've shifted toward the new Premium subscription are still using the KSC/VPN subscription available within my my.kaspersky account. If I'd remove the given KSC license, I'm then shifting to the free scheme. Any ideas? Thanks in advance, M.

Just for the update and because I like to be factual; this has now been provided (since a few months I'd say). Thanks for listening to your users, much appreciated. Cheers, M.

Hi there K team, According to my readings, currently the supported Proxy possibility on my K Plus = http/https proxies. Would supporting SOCK5 be something Kaspersky would consider? Also, I've witnessed as well is that on the current proxy implementation, DNS queries are conducted through the host based DNS server. HTTP and/or SOCKS5 would support Proxied DNS queries, which in some implementations is the only way to resolve external domains. Let me know, Kind regards, m.

Hi there, Is your KWTS able to crawl the internet? I do not know exactly is KWTS Web Filtering categories are local DBs or queried as needed upon traffic. If the latter, access to K* would imply. Here, I've got a very simple rule bumping ads and spammers out, such a rule might be potentially needed to get any contents passing through KWTS categorized.

Hi there, No issue with that here -- could you detail a bit your setup? Obviously, SSL bumping / SSL interception is needed for that particular file. I'm actually now using KWTS as an ICAP server, queried by an array of independent Squid systems.

Nexon, that has nothing to do with wanting or not, it's a different way of using the product. Either you go from your endpoint or you can if you so want set it up through OpenVPN (routers, NGFW, Linux, etc..) -- the latter is somewhat limited and having Switzerland would be neat, that's it really. EDIT: I mean considering the banner here, I guess it could make sense ? https://www.kaspersky.com/about/transparency

Yes Berny, that is what I'm talking about indeed ? here are the current concentrators listed

Hi there Flood, Thanks for the update, I thought KSC was the current "home product" flagship suite. Oki I'll try the contact form, as I think that would be a neat feature. Thanks, Cheers, M. PS: yes sorry, originally posted this in the wrong forum, all sorted now

hi there KL teams, As we already have the "Pause Protection" menu item, I'd really appreciate a "Pause Notifications" button as well. Thus completely silencing the app for a given amount of time (1h/2h/4h/1day).. It is a bit annoying when a popup show's up in a middle of an online meeting while you present something... Also there are some screen notifications from features like "Secure Keyboard Input" which, if possible, I'd like to "discrete". Let me know, Cheers, m.

Hi there, I've seen that there are a few OpenVPN available concentrators -- will you guys add Switzerland to the stash ? Let me know, Kind regards, m.

Hi all, A possible way of serving a "proxy.pac" file from your KWTS "all in one" appliance (.ISO based setup) --> please note that this might not be officially supported Obviously, you need SSH access to your KWTS appliance. ----> edit /etc/nginx/mime.types and add the following line where it alphabetically belongs, respecting the identation: [root@kwts ~]# vim /etc/nginx/mime.type types { ~ application/x-ns-proxy-autoconfig pac; ~ } ----> create a folder which will be hosting our .pac file: [root@kwts ~]# mkdir /usr/share/nginx/pac ----> create /etc/nginx/conf.d/pacserver.conf (you need to edit the lines below according to your wanted scheme: <port>, <fqdn>): [root@kwts ~]# vim /etc/nginx/conf.d/pacserver.conf server { listen <port>; server_name <fqdn>; charset utf8; location / { root /usr/share/nginx/pac; index proxy.pac; } } ----> create your proxy.pac file and edit accordingly: [root@kwts ~]# vim /usr/share/nginx/pac/proxy.pac function FindProxyForURL(url, host) { // Convert host to lower case var lhost = host.toLowerCase(); host = lhost; // Convert url to lower case var lurl = url.toLowerCase(); url = lurl; // Defining proxy Services var direct = "DIRECT"; var kwts = "PROXY 10.1.1.250:3128"; // Forced through --> KWTS if (shExpMatch(host, "Hostname.FQDN")) return kwts; // If the hostname suffix is within *.xxx --> DIRECT. if (shExpMatch(host, "*.local")) return direct; // DEFAULT RULE: Catchall --> KWTS return kwts; } ----> restart nginx services [root@kwts ~]# systemctl restart nginx.service ----> verify that the assigned PACSERVER:PORT is up and listening: [root@kwts ~]# ss -tnlp ----> test a proxy.pac retrieval: [root@kwts ~]# curl http://<your.fqdn.suffix:port>/proxy.pac function FindProxyForURL(url, host) { // Convert host to lower case var lhost = host.toLowerCase(); host = lhost; // Convert url to lower case var lurl = url.toLowerCase(); url = lurl; // Defining proxy Services var direct = "DIRECT"; var kwts = "PROXY 10.1.1.250:3128"; // Forced through --> KWTS if (shExpMatch(host, "Hostname.FQDN")) return kwts; // If the hostname suffix is within *.xxx --> DIRECT. if (shExpMatch(host, "*.local")) return direct; // DEFAULT RULE: Catchall --> KWTS return kwts; } [root@kwts ~]# You should afterwards be able to configure your OS'es/Browsers using the PAC file: http://kwts.domain.suffix:PORT/proxy.pac Hope this helps, Kind regards. m.

After some testing, I've actually replaced this line from the above snippet (which does not remove the header, it rather inserts "unknown" in place of the client IP): forwarded_for off with this line: request_header_access X-Forwarded-For deny all Which indeed remove's the header. Cheers, m.

Hi all, Continuing my testings, like it more and more ? I actually found out that the integrated squid proxy would send out the VIA & X-FORWARDED-FOR HEADERS if not specifically disabled. Here is what I've done in order to disengage these settings (caution: this might not be supported at all): ---> Edit the squid.conf.template file + addons = last tree lines of the snipet below: [root@kwts ~]# vim /opt/kaspersky/kwts-appliance-addon/share/templates/squid.conf.template {#-* This is a template for generating a configuration file *-#} ################################################################################ # This file was generated automatically. # # All changes to this file will be lost. # ################################################################################ cache deny all cache_mem 0 shared_memory_locking on shutdown_lifetime 5 seconds stats_collection deny all error_log_languages off via off forwarded_for off follow_x_forwarded_for deny all ---> Use the Web Admin interface and change any setting of the built-in proxy server. ---> This will cause the settings update. For example, you can change the Access log parameters and save the changes. You can test before and after here: https://www.whatismybrowser.com/detect/what-http-headers-is-my-browser-sending Cheers, m.

Hi there KTeam, I'm currently testing KWTS and honestly I'm very pleased with the appliance, stunning stuff!! I've been a bit astonished that multi-homing or multiple Ethernet interfaces doesn't seems to be endorsed by default, simple stuff like "trusted/untrusted" interface was my goal. Nevertheless, I found ways to enable KWTS in the layout I've wanted (perhaps not supported) and let me share that with you: ----> You need a public/private key pair in order to be able to access the KWTS Technical Support Mode (SSH): ----> creating the key pair: ssh-keygen -o ----> You then need to upload the public key on KWTS Web Admin for being able to connect over SSH: ssh -i kwts root@10.1.1.250 ----> Enabling ip_forward / reboot persistent: [root@kwts ~]# cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). # net.ipv4.ip_forward = 1 ----> Adding interface based routing (if needed etc..) [root@kwts ~]# cat /etc/sysconfig/network-scripts/route-eth0 10.0.0.0/8 via 10.1.1.1 dev eth0 ----> A few iptables rules in order to DROP anything except ICMP messages inbounding on eth1 (my untrusted interface): [root@kwts ~]# cp /etc/sysconfig/iptables-config /etc/sysconfig/iptables-config.ORG [root@kwts ~]# iptables -F [root@kwts ~]# iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT [root@kwts ~]# iptables -A INPUT -i eth1 -p icmp -j ACCEPT [root@kwts ~]# iptables -A INPUT -i eth1 -j DROP [root@kwts ~]# iptables-save > /etc/sysconfig/iptables-config Finally, I've setup the KWTS on a KVM Host which worked flawlessly using the ISO file. Thanks, Cheers, m.