SIIL-IT1

I've just downloaded the latest Kaspersky Security Center 14.0.0.10902 and am trying to do a clean install on a new Windows Server 2022 instance. After reading the requirements at https://support.kaspersky.com/KSC/14/en-US/96255.htm I've decided to use MariaDB installed on a separate server on the same subnet. The MariaDB instance is running on a Debian 11 system and has v10.5.15 installed which, according to the requirements page, should be supported MariaDB 10.5.x 32-bit/64-bit When I try install and configure Kaspersky Security Center, it's throwing up the following message One of the installation parameters is invalid. Error: The following MySQL Server versions are supported: 5.6 and 5.7. MariaDB 10.3 is also supported. Please modify the connection settings. I take it that MariaDB 10.5 isn't actually supported? If it is, how can I get past the error it's throwing?

We are just deploying KSC 13.2 and plan to do the bulk of the software management and patching through KSC. When it comes to drivers, we get the following message when we try add to the update task “The following updates can be installed only in interactive mode” I remember a long while back reading about the fix for this but I can’t seem to find it anywhere now! Can anyone help?

It is mainly drivers updates

We have moved to KSC11 (11.0.0.1131) for our software and patch management. It’s been a fun and interesting journey due to the nature of our setup! After authorizing and releasing a lot of patches, we are nearly on top of our software but have one final hurdle. There are roughly 180 updates that require installation in “interactive mode” (mainly drivers). Trying to create a task throws up the message that the updates can’t be added as they need to be installed in interactive mode. How do we install these? Is it OK just to authorize them and then run driver update on the systems requiring the new drivers? Hope someone can help?

Elthon, raise a support ticket as it requires a patch for the net agent. We have had to install the patch then run klmover -server %servername% -logfile klmover.log "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klmover.exe" where %servername% is the name of your kaspersky security center instance The log file is just so you can confirm the command has completed ok

The network agent connection profile is pointing them to connect via the connection gateway in our DMZ if they are not using one of our DNS servers or network gateways. I'm starting to think that the 'profile switched' option doesn't actually mean the net agent connection profile but the policy profiles in the actual end point protection profile. I need to do some more testing by the looks of it!

We are about 1/2 way through an upgrade to our Kaspersky system from 10 to 11. We are running Security Center 11.0.0.1131 and are rolling out Endpoint Security 11.1.1.126 as well as Security 4 Windows servers 10.1.2. We've hit a number of interesting and, in some case, complex snags along the way and I'm looking for help resolving this latest issue! Our server is blob.company.local and we have a connection gateway in our DMZ blob.company.com (which is also a distribution point). As some of our users travel or work remotely from locations not connected to our network, I've setup an "external users" connection profile in the net agent policy that lists the internal admin server address and the connection gateway address. The net agent policy also has "Enable out of office mode when the admin server is not available" selected. I've then set a "network location" for external users in the net agent policy which uses the "external users" connection profile is triggered by a system not using one of our DNS servers. I want to tag and move any system using the external users profile into a specific group but the only option I can see in the conditions is "connection profile switched" which doesn't seem to be working. Can anyone advise me on this?

How about your test policy, have you unchecked inherit settings?

Check your top level policy for "force inheritance of settings in child polices" and check your test policy for "Inherit settings from parent policy"

You also need to have a task setup to install the updates. Depending on how you set the task, by changing the update to "approved", it may install the task. Our updates are a complex and terrible thing & we have it set so that the update has to be added to the update task by manually adding as we can't allow certain updates to certain systems automatically. You can add and update to a task by right clicking the update, selecting "Install update" and "Add rule to specified task" and then you drill down through your structure to find the appropriate update task. We ended up moving all our update tasks to the top level under managed devices and then using exclusions to target the updates to the right systems

If you are running Kaspersky Security Center and have the network agent installed on your end user devices then look under "Tasks" for "Find vulnerabilities and required updates". If there is no task then select "New task", look towards the bottom for Kaspersky Security Center Administration Server, expand the "Advanced" folder and you should have the option there to "Find vulnerabilities and required updates". Just follow the wizard to target where to look for software (we don't install apps on the C drive), target the devices you want to scan and set the schedule.

We are looking to deploy mobile protection and I've just tried to install the iOS MDM server on our system in our DMZ that is acting as the external connection/distribution point gateway for our users who travel. The install fails with the following error.... Remote installation has been completed with an error on this device: Fatal error during installation. (The port that you have specified for external connection to iOS MDM service is already in use. Please select another port.) The distribution point is set as a connection gateway with the following details address: %external dns% Establish connection to gateway from Admin Server: Yes Open local port for KSC 11 Web Console - Port: 13299 Open port for mobile devices (SSL auth of the admin server only) - Port: 13292 Open port for mobile devices (two way SSL auth) - Port: 13293 DNS domain names: %external dns%, %internal dns of admin server% Within MDM, additional ports are set as SSL for activation proxy: 17000 Mobile device sync: 13292 Mobile device activation: 17100 What port setting do I need to tweak to get the install to work???

Hi Nikolay, The policy is attached

Ok thanks

We are just doing a new build of KSC 11 (11.0.0.1131). The deployment and configuration has been interesting due to the complex setup of our organisation and the dispersed nature of our users. I've setup all the IP ranges of our various sites with a direct connection to us in the "List of global subnets". The major sites have also been setup with a distribution point and we have also placed one in our DMZ with an externally resolvable name that is set as a connection gateway address. Within the network agent I've setup an "external users" connection profile that uses the connection gateway and set a network location using that profile for any users not using one of our DNS servers. When the users head out of the office for more than a couple of days, their machine ends up showing as "Not connected in a long time". Is there any way to keep the roaming system reporting in it's status?

We are implementing a new instance of KSC 11 (11.0.0.1131) and migrating our systems a few at a time from our KSC 10 system by installing the new server agent then deploying either endpoint protection for windows (11.1.0.15919), linux (10.1.1.6421) or security for windows server (10.1.2.996) as appropriate to the system. What we are seeing with a number of the windows systems (both desktop & server) is that after a few days, some of them tend to become unmanged. Checking in the systems event logs we see the following entries... #1687 File transfer module not initialized. Service 'klnagent' has been stopped due to an error. #1687 File transfer module not initialized. Failed to start service "klnagent". #1687 File transfer module not initialized. The service won't restart from within services. Sometimes a reboot cures it, sometimes it doesn't. We've run the agent cleaner and reinstalled the agent but the problem can reoccur. It's not happening on every machine but it's happening on enough that it's becoming a problem!

It was the ARP! Once I changed the Notify option about the MAC spoofing, then it all settled down. Thanks for that

We are currently rolling out endpoint Security for Windows 11.1.0.15919 to our windows desktop estate. Virtually every windows desktop is swamping the server logs with the following error Event type: Network attack detected Application\Name: Kaspersky Endpoint Security for Windows User: ******* (Active user) Component: Network Threat Protection Result\Description: Allowed Object: from several different sources Object\Type: Network packet Object\Name: from several different sources Object\Additional: Suspicious: Database release date: 6/12/2019 7:17:00 AM I'm looking through the machine logs and policy but can't identify what's actually triggering the event report or how to either turn it off or mark it as something to ignore! Can anyone point me in the right direction?

Just an update, the plugin file is now available at https://support.kaspersky.com/kes10linux#downloads

In the process of building a new KSC 11 instance and I'm setting up the version installation packages. Just downloaded the netagent and endpoint protection for debian linux but I'm having issues with the plugin. I've tried https://support.kaspersky.com/kes10linux#downloads and https://support.kaspersky.com/9333#block8 and both locations give me a zip file which doesn't include a "klcfginst*" file that KSC is looking for when I try install the plugin. How do I get the linux plugin files at either of the two locations above to work or is there another download somewhere?

Thanks for the link KarDip, I ended up going with https://help.kaspersky.com/KSC/11/en-US/92239.htm as more appropriate for our setup but I have some questions. I've done the first step, the manual install of the Network Agent, ticking the option to "Use Network Agent as connection gateway in DMZ" My problem is the next section... A dedicated administration group must be created on the Administration Server; in the properties of this group, the DMZ device must be assigned the connection gateway status by address. You must not add any devices to this administration group. I don't see any option to do this in the properties of the group? Also... For the connection gateway in the DMZ, the Administration Server creates a certificate signed with the Administration Server certificate. If the administrator decides to assign a custom certificate to the Administration Server, it must be done before a connection gateway is created in the DMZ. We've integrated with our PKI & have an external address sub.domain.com, Will it create the certificate with the external address we've already set?

We've just tried to update on of our systems and it's thrown the following error Signature mismatch for file 'https://get.skype.com/go/getskype-skypeforwindows' Is there a way to resolve this or do we need to install the patch manually?

We have been using KSC 10 for a long while to provide AV management across multiple locations and all the bigger locations had a local KSC instance that was a slave of the main server. After a network upgrade to improve our connections to our other locations, we have just built a KSC 11 (11.0.0.1131) server and are now in the process of deploying Endpoint Security (11.1.0.15919) & Security 4 Windows Server (10.1.1.746). As well as the endpoint protection, we are looking to utilize the disk encryption, software management/patching and mobile device management. Question 1: As we now have a decent network, what would be the better option for our larger offices? Slave Server on site Virtual server on the main KSC install for each location with a local distribution point on site Distribution points set off the KSC instance using Administrator Groups Question 2: We have servers in the DMZ as well as a number of remote workers who we want to protect. Will a distribution point in the DMZ be able to service both the DMZ and remote workers as long as we set the connection gateway on the distribution point to an externally resolvable DNS name? Would a slave server be a better alternative? Also, the plan is to throw mobile phones into the mix too! Does the iOS MDM server need to be in the DMZ? If so, can it be installed on the distribution point? Question 3: Am I right in thinking that external users will only need the following ports TCP 13000 TCP 17000 UDP 15000 UDP 15111 TCP 13292 TCP 17100 Question 4: Is there a page anywhere that explains connection profiles and policy profiles Thanks in advance for any guidance