xpreme

Hi @THask Thank you so much for your help. I will check these steps.

Hi, I am going to install Network Agent MSI file on clients using GPO in Active Directory. Can I also automate deployment of KES on clients? For instance, every client on which Network Agent has been installed goes to a special group in KSC, then KES starts being installed on those clients automatically. Thanks in advance

Dear @ElvinE5 Thank you so much for your all-time help. I was looking for such tricky thing. I will do it. I really appreciate your help.

Hi. In my network, I have to change IP of KSC server. What should I take into account before? I'd prefer not to use KLMOVER on all clients after change. Can I figure this out? Thanks

Dear @ElvinE5 I really appreciate your all time support and great and complete answers. Thank you so much

Hi, I need to block a file using its MD5 hash. It is not an installed application. It is only a file. Is it possible to block it using MD5 hash or I have to inform Kaspersky about it? Thanks in advance.

Thanks @ElvinE5 for your usual support. Thanks @Joerg Lechea for your reply.

Hi @Joerg Lechea Thanks for youe support. As a matter of fact, events are exported while setting on Syslog server but it does not work when choosing Splunk format. Then I checked Kaspersky event in Windows event viewer. I found some errors regarding export failure due to limited functionality mode. So, I guessed it is somthing related to license. Thanks

Hi, @Joerg Lechea Good day. Does this feature require a special license? I am now using a Select license. Thanks

Hi @Joerg Lechea Thanks for your support. I am checking @ElvinE5 's solution as well. Thanks

Dear @ElvinE5 Thanks for your all time support. It was straightforward and cool. I checked some events to be exported to Syslog server. I am waiting for the result. Thanks

Dear friends, Good day. I have configured "Export to SIEM system" on my administration server (Automatically export... was checked as well). But nothing is exported to the syslog server. However, as I enable syslog export on KSWS policy (for servers) it sends data to syslog server (per server) successfully. But I need to send Kaspersky Security Center events to syslog server. Would it be possible? By the way, Kaspersky server has access to syslog server on port 514 UDP and TCP. Thanks in advance

Hi @Joerg Lechea Thanks for your reply. However, this is not what I am looking for. It seems somehow a bug here.

Hi @ElvinE5 Thanks for your reply. Actually, when I re-specify the KLSHARE in my Windows, it works fine in terms of copying update files. But when I create a new stand-alone package, it will be stored in the former KLSHARE (defualt by Kaspersky) directory.

Hi, I have just installed KSC 14.2. Now, I want to change the KLSHARE destination. To do so, I have removed the default KLSHARE folder in windows shared folders on Computer Management console. Then I created a new KLSHARE folder pointing to another destination. But, now, when I create a stand-alone installer package it goes to the former destination in C:\ProgramData\... again. What should I do now? Thanks a lot for your tips.

Thank yo so much for your usual help. @ElvinE5

Dears, Is it possible to pause, disable or stop KSWS on windows server side not the KSC side? Thanks for your help

Dears, I am checking Audit logs in event viewer on my KSC windows server. I have found some logon events (ID 4624) which are based ont NTLM. Does it happen normally from clients to the KSC server or it can be unauthorized access? Here is the event details: An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: No Impersonation Level: Impersonation New Logon: Security ID: "a user in our domain" (I have sealed it) Account Name: "the username" Account Domain: "our domain" Logon ID: 0x19565D21 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: "client's computer name" Source Network Address: "client's IP" Source Port: 63675 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128 Thanks in advance

Hi @ElvinE5 I really appreciate your detailed answer and complete instructions. It is possible to do such thing in Windows Firewall, however since Windows firewall is being managed by Kaspersky app, I won't be able to use it. I will check your instructions as well. Thank you so much again

Dears, I have a specific application on some devices which their access to the internet must be blocked. I tried configuring application rules on Firewall in Kaspersky Security Center (KES policy). However I cannot find it on application rule window. How can it be done actually? Can I define an application manually to block its access to the internet? Your help is highly appreciated

Thanks for your detailed answer @ElvinE5

Thanks for your reply. Infact, we have some users which leave the office for several days occasionally. I want to keep them out of my main managed devices in order not to have lots of devices in Critical status (because of not being connected). While creating periodic reports, active devices need to be taken into account in our company.

Dears, Is it possible to create a rule in KSC in such a way the computers which have not been visible for more than 1 week move to a specific group automatically? Thanks in advance

Thanks @ElvinE5

Hi, Based on the article "https://support.kaspersky.com/KSC/14.2/en-US/183040.htm", Network Agents send requests to each other within one broadcasting domain. Why does such flow happen? Is it necessary or required? @Danila T. Thanks for your help