SIIL-IT1

I've just downloaded the latest Kaspersky Security Center 14.0.0.10902 and am trying to do a clean install on a new Windows Server 2022 instance. After reading the requirements at https://support.kaspersky.com/KSC/14/en-US/96255.htm I've decided to use MariaDB installed on a separate server on the same subnet. The MariaDB instance is running on a Debian 11 system and has v10.5.15 installed which, according to the requirements page, should be supported MariaDB 10.5.x 32-bit/64-bit When I try install and configure Kaspersky Security Center, it's throwing up the following message One of the installation parameters is invalid. Error: The following MySQL Server versions are supported: 5.6 and 5.7. MariaDB 10.3 is also supported. Please modify the connection settings. I take it that MariaDB 10.5 isn't actually supported? If it is, how can I get past the error it's throwing?

We are just deploying KSC 13.2 and plan to do the bulk of the software management and patching through KSC. When it comes to drivers, we get the following message when we try add to the update task “The following updates can be installed only in interactive mode” I remember a long while back reading about the fix for this but I can’t seem to find it anywhere now! Can anyone help?

It is mainly drivers updates

We have moved to KSC11 (11.0.0.1131) for our software and patch management. It’s been a fun and interesting journey due to the nature of our setup! After authorizing and releasing a lot of patches, we are nearly on top of our software but have one final hurdle. There are roughly 180 updates that require installation in “interactive mode” (mainly drivers). Trying to create a task throws up the message that the updates can’t be added as they need to be installed in interactive mode. How do we install these? Is it OK just to authorize them and then run driver update on the systems requiring the new drivers? Hope someone can help?

Elthon, raise a support ticket as it requires a patch for the net agent. We have had to install the patch then run klmover -server %servername% -logfile klmover.log "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klmover.exe" where %servername% is the name of your kaspersky security center instance The log file is just so you can confirm the command has completed ok

The network agent connection profile is pointing them to connect via the connection gateway in our DMZ if they are not using one of our DNS servers or network gateways. I'm starting to think that the 'profile switched' option doesn't actually mean the net agent connection profile but the policy profiles in the actual end point protection profile. I need to do some more testing by the looks of it!

We are about 1/2 way through an upgrade to our Kaspersky system from 10 to 11. We are running Security Center 11.0.0.1131 and are rolling out Endpoint Security 11.1.1.126 as well as Security 4 Windows servers 10.1.2. We've hit a number of interesting and, in some case, complex snags along the way and I'm looking for help resolving this latest issue! Our server is blob.company.local and we have a connection gateway in our DMZ blob.company.com (which is also a distribution point). As some of our users travel or work remotely from locations not connected to our network, I've setup an "external users" connection profile in the net agent policy that lists the internal admin server address and the connection gateway address. The net agent policy also has "Enable out of office mode when the admin server is not available" selected. I've then set a "network location" for external users in the net agent policy which uses the "external users" connection profile is triggered by a system not using one of our DNS servers. I want to tag and move any system using the external users profile into a specific group but the only option I can see in the conditions is "connection profile switched" which doesn't seem to be working. Can anyone advise me on this?

How about your test policy, have you unchecked inherit settings?

Check your top level policy for "force inheritance of settings in child polices" and check your test policy for "Inherit settings from parent policy"

You also need to have a task setup to install the updates. Depending on how you set the task, by changing the update to "approved", it may install the task. Our updates are a complex and terrible thing & we have it set so that the update has to be added to the update task by manually adding as we can't allow certain updates to certain systems automatically. You can add and update to a task by right clicking the update, selecting "Install update" and "Add rule to specified task" and then you drill down through your structure to find the appropriate update task. We ended up moving all our update tasks to the top level under managed devices and then using exclusions to target the updates to the right systems

If you are running Kaspersky Security Center and have the network agent installed on your end user devices then look under "Tasks" for "Find vulnerabilities and required updates". If there is no task then select "New task", look towards the bottom for Kaspersky Security Center Administration Server, expand the "Advanced" folder and you should have the option there to "Find vulnerabilities and required updates". Just follow the wizard to target where to look for software (we don't install apps on the C drive), target the devices you want to scan and set the schedule.

We are looking to deploy mobile protection and I've just tried to install the iOS MDM server on our system in our DMZ that is acting as the external connection/distribution point gateway for our users who travel. The install fails with the following error.... Remote installation has been completed with an error on this device: Fatal error during installation. (The port that you have specified for external connection to iOS MDM service is already in use. Please select another port.) The distribution point is set as a connection gateway with the following details address: %external dns% Establish connection to gateway from Admin Server: Yes Open local port for KSC 11 Web Console - Port: 13299 Open port for mobile devices (SSL auth of the admin server only) - Port: 13292 Open port for mobile devices (two way SSL auth) - Port: 13293 DNS domain names: %external dns%, %internal dns of admin server% Within MDM, additional ports are set as SSL for activation proxy: 17000 Mobile device sync: 13292 Mobile device activation: 17100 What port setting do I need to tweak to get the install to work???

Hi Nikolay, The policy is attached

Ok thanks

We are just doing a new build of KSC 11 (11.0.0.1131). The deployment and configuration has been interesting due to the complex setup of our organisation and the dispersed nature of our users. I've setup all the IP ranges of our various sites with a direct connection to us in the "List of global subnets". The major sites have also been setup with a distribution point and we have also placed one in our DMZ with an externally resolvable name that is set as a connection gateway address. Within the network agent I've setup an "external users" connection profile that uses the connection gateway and set a network location using that profile for any users not using one of our DNS servers. When the users head out of the office for more than a couple of days, their machine ends up showing as "Not connected in a long time". Is there any way to keep the roaming system reporting in it's status?