Search the Community

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. In cases when you need to diagnose an intermittent network issue, or capture an event that occurs only once in a while, you may need to use ring-buffer mode in Wireshark. In this mode, the number and overall size of the capture files will be fixed and when the limit will be reached, the newest data will start continuously overwrite the oldest data in the capture buffer. Below, you will find instructions for how to configure this capture mode: Download and install Wireshark from the official website, if you have not done that already. Launch Wireshark and click Capture options. On the Input tab, uncheck option Enable promiscuous mode on all interfaces and select interfaces from which you want to capture traffic. If you are not sure which ones to select, look at the graphs in the Traffic column to determine which interfaces are active and select all of them. If you are completely lost, you can also select all interfaces. On the Output tab you configure where the resulting files will be saved, the ring buffer capture is also configured here. It's a good idea to create a separate folder to store the capture files. The screenshot below shows optimal configuration for the capture settings. Note that the space occupied by the capture files will be equal to the size of a single capture file multiplied by the number of files in the ring buffer. In our example it's 500 MB * 8 = 4000 MB, which is the optimal size to upload to Company Account portal. You can modify these parameters to allocate more or less space for the capture files, though we don't recommend making it less than 2 GB. Use of compression is optional. With it, more data can be stored within the same file size, but it also can increase load on the CPU. Disable this option in case of performance problems. When everything is configured, click Start to start the capture. Please, pay attention that when capturing traffic in the ring buffer mode, it's very important to monitor for the occurrence of the event that you need to record and disable capture as soon as possible after the event has occurred, otherwise the relevant part of the capture may be overwritten. The timing is especially important, when using smaller sizes of the buffer. When the capture is finished, click Stop capturing packets, then Close this capture file. Pack the resulting files into an archive and upload it to your Company Account.

This is just a REAL shame to broke user's PC like that , never seen this before !!!!!! the up^date of 23/08/2023 just broke my entire computer : no mouse, no keyboard ... and system in hibernate mode !!!!!!!!!!!!!!!!!! What can i do to recover my computer ??????? usb fix : just ...., 1 change and no keyboard or mouse ???? Is there skilled ingeneer at kasper lab ??? You just waste my time, and week end.

It looks good? the max protection is that you type in a password input box via K‘s virtual keyboard in safe-money protected broswer. the password input box should be automaticly indentified by K and you will be suggested to use the virtual keyboard. a small lock icon will be displayed beside the input box.

Hello @megala, Welcome! It's not necessarily a matter of 'better or worse', it's personal choice. About protection through hardware virtualization in Kaspersky applications. About protection using hardware virtualization. About protection of data entered on the computer keyboard. Thank you? Flood?+?

Thank you guys for your feed back. I already tried to find the delete the files / email s by selecting: Open containing folder, HOWEVER I can not see / find the emails in there. If I look directly in TB in the inbox or junk folder the emails are not there either. What does this all mean? Are these malicious files gone, as I can not find them and the Kasp[ersky Plus is just some kind of error message, showing malicious files, although they are not present anymore? What would be a quick fix? Just to click on: IGNORE?

Thank you very much for quick reply I have account before working . Now, it is not working. Kaspersky VPN Secure Connection Subscription: Active Remaining days:196 Kaspersky internet Security applications Subscription: Active Remaining days:331 It is clear, I will delete Kaspersky VPN Secure Connection and Kaspersky internet Security applications.

I noticed my computer has been very very slow and every now and again i get messages from kaspersky saying "previous application launch failed" i have optimized my computer and run a full scan on my computer the other day and nothing comes up as wrong, also when i try to play Fortnite the game lags incredibly bad, it is when i sign out of that game do i usually see the "previous application launch failed".

I am really sorry for my similar questions. I was just calming my mind from worrying about the security because I trust the company. Thank you for your patience with me Do not deprive us of your support and quick response to my inquiry. Thank you very much.

Symptoms OS hang, sometimes with open file errors in journals Customer application degrades with errors "unable to open file", "too many open files" Hangs and third-party (compatibility) issues often require advanced data collection and are sophisticated to investigate. However, a quick check is possible: On a system where KESL has worked for some time (not immediately after reboot/restart), validate the output of the following command, ran as root, for numerous records of /usr/bin or /usr/sbin folders lsof | grep -E 'kesl.+DIR.+\/usr\/s?bin' Root Cause Under heavy load, KESL may display linear increase in file descriptors usage (sysctl - fs.file-nr) up to system-wide limit (sysctl - fs.file-max) and eventually degradation. Workaround Schedule restart of KESL service every week/day, depending on intensity of descriptors growth. NB: KESL restart will also reset progress of certain tasks like "malware scan" and "database update". Schedule KESL restart outside of tasks timeframes. Solution This issue was fixed in KESL 12.1.0.1274, so an update to that or newer version should fix it.

@espresso I would turn on KSN on Kaspersky mobile Antivirus (for better and quick detection) and also for windows pc.. Simply with ksn enabled there is much more increased detection of viruses. I mean much more samples etc.... Because cloud.

Hello @vterra8871 As well as above posts. Try this Script To disable hardware virtualization in Windows, you would typically need to access your computer's BIOS (Basic Input/Output System) or UEFI (Unified Extensible Firmware Interface) settings. These settings can vary depending on your computer's manufacturer and model, but the general process is as follows: 1. **Restart Your Computer**: Begin by restarting your computer. 2. **Access BIOS/UEFI Settings**: As your computer starts up, there is usually a specific key or combination of keys you need to press to access the BIOS or UEFI settings. This key is often displayed on the screen briefly during startup. Common keys include Del, F2, F10, or Esc. Press the appropriate key(s) repeatedly until you enter the BIOS or UEFI interface. 3. **Navigate to Virtualization Settings**: Once in the BIOS/UEFI settings, use the keyboard to navigate through the menus. Look for a section related to "Virtualization," "Advanced CPU Configuration," "CPU Features," or something similar. The location and naming of this section can vary, so refer to your computer's manual or online resources if needed. 4. **Disable Hardware Virtualization**: Within the virtualization settings, you should find an option to enable or disable hardware virtualization. This option might be named "Intel Virtualization Technology," "VT-x," "AMD-V," or something similar, depending on your CPU manufacturer. Use the keyboard to select the option and disable it. 5. **Save Changes and Exit**: After disabling hardware virtualization, navigate to the "Save and Exit" or similar option in the BIOS/UEFI settings. Confirm that you want to save the changes and exit. Your computer will restart. Please note that the exact steps and options might differ based on your computer's hardware and BIOS/UEFI version. Additionally, disabling hardware virtualization may impact the performance of virtualization software like VMware, VirtualBox, or Hyper-V. Make sure you have a specific reason for disabling hardware virtualization and that you fully understand the implications. If you're not comfortable making changes in the BIOS/UEFI settings or are unsure about the consequences of disabling hardware virtualization, it's advisable to seek assistance from someone with experience or consult your computer's documentation. Remember that making incorrect changes in the BIOS/UEFI settings can potentially lead to system instability or inoperability, so proceed with caution and only make changes if you are confident in what you are doing. Thank you

Thank you so much for the response ?? @Flood and Flood's wife, Thanks for the welcome, I'm excited to be here. ? The suggestions you have provided worked. The notification part I've point out, I mean in the windows notification center not in the kaspersky app. I've removed the "Risk tool in object field & replaced with asterisk. Removed File hash & replaced with asterisk. Saved above settings and run a quick scan & I got the desired outcome I was looking for, results are below. ? I've gone through the below articles to understand how to add an exclusion, but i was confused with creating name masks, objects, filehash & protection components. Could you please explain in a simple way about those four underlined terms and what they mean & how they function? https://support.kaspersky.com/help/Kaspersky/Win21.5/en-US/227390.htm https://support.kaspersky.com/help/Kaspersky/Win21.5/en-US/201385.htm https://support.kaspersky.com/KESWin/12.0/en-US/187478.htm https://encyclopedia.kaspersky.com/knowledge/the-classification-tree/

So quick... It is better use ksn cloud... Much better detection ratio etc...

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Description and cautions This article describes how to configure dump for capturing memory dumps, including application memory. To create a memory dump of a virtual machine: HOWTO: Get a memory dump of a virtual machine from its hypervisor. Details The recommended text editor is nano, below is a quick tutorial on how to use it if you are using it for the first time. Quick description of nano's basic functions Configure kdump Altlinux There is no kdump-tools package in the default repository, so it has to be downloaded from the sisyphus repository: Go to https://packages.altlinux.org/en/sisyphus/srpms/kdump-tools/ In List of rpms provided by this srpm select the kdump-tools package for the required architecture (can be checked by running uname -m) Download the package from the Download link Install it by running apt-get update && apt-get install <path to the downloaded rpm> After that, follow the Debian instruction from Edit /etc/default/kdump-tools step Red Hat based distributions (tested on Fedora 38, Rocky Linux 9, Red OS) Install kexec-tools sudo dnf install kexec-tools Edit /etc/kdump.conf. In the configuration file edit the core_collector setting: option -d should be set to 17 instead of 31 Edit /etc/default/grub. Edit GRUB_CMDLINE_LINUX, add crashkernel=256M to reserve enough RAM for the dump kernel to run, and nmi_watchdog=1, to capture a dump in case of a system hang Run sudo grub2-mkconfig -o /boot/grub2/grub.cfg Reboot Enable kdump service sudo systemctl enable --now kdump.service Debian based distributions (tested on Debian, Astra CE, Alt Linux) Install kdump-tools sudo apt update && sudo apt install kdump-tools -y Edit /etc/default/kdump-tools. In the configuration file edit the MAKEDUMP_ARGS variable: option -d should be set to 17 instead of 31 Configure the bootloader In /etc/default/grub edit GRUB_CMDLINE_LINUX_DEFAULT, add nmi_watchdog=1 to capture a dump in case of a system hang In /etc/default/grub.d/kdump-tools.cfg change crashkernel value to 384M-:256M (default is 384M-:128M) Expected result: GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT crashkernel=384M-:256M" Save and run sudo update-grub SUSE Linux Install kdump sudo zypper in kdump kexec-tools Edit /etc/sysconfig/kdump Change KDUMP_DUMPLEVEL variable to 17 Edit /etc/default/grub Edit GRUB_CMDLINE_LINUX_DEFAULT, add crashkernel=256M to reserve enough RAM for the dump kernel to run, and nmi_watchdog=1, to capture a dump in case of a system hang Update the bootloader configuration sudo grub2-mkconfig -o /boot/grub2/grub.cfg Reboot Enable kdump service sudo systemctl enable --now kdump.service Configure SysRq dump trigger To enable SysRq trigger, these key combinations 'kernel.sysrq = 8'(without quotes) has to be added to /etc/sysctl.conf. In SUSE the value of kernel.sysrq has to be changed in /usr/lib/sysctl.d/50-default.conf instead of /etc/sysctl.conf Reboot or run sudo sysctl --system After the set up above is complete, to manually trigger a dump press Alt+SysRq, Alt+C. Alternatively: echo 8 | sudo tee /proc/sys/kernel/sysrq (Command above is only needed if kernel.sysrq is not set in /etc/sysctl.conf) echo c | sudo tee /proc/sysrq-trigger Location of the dump files may vary between different Linux versions, it is configurable in the kdump configuration file. In Debian based distributions it is set by KDUMP_COREDIR variable. In Red Hat based distributions it is set by the path setting, generally the default location is /var/crash. Make sure that the dump folder has enough free space for the dump to be written. You may search by filemask: vmcore.

Hi there, There is a file called d5_launcher.exe in our software, and we used Kaspersky/OpenTip to scan this file, the result is safe and clean. However, sometimes when using our software D5 Render (a 3d rendering program for architecture, based on UE5), Kaspersky will suddenly start warning and deleting our file d5_launcher.exe. It said the file is Trojan.Win32.Generic. ( we did some searches, and maybe it is related to our keyboard shortcuts? The problem is that we cannot let all users to click Trust the file manually, which is inconvenient. So I'd like to ask you guys, is there a way to upload our files before we release our updates? so Kaspersky will trust those files and do not affect our users from using D5 Render. ( Avast and some other AV software provide us an address in FTP to upload files, and we upload files before we release a new version each time) Thanks in advance!

One question regarding unninstalling procedure as a last resource to workaround for any bug when Kaspersky app get these annual versions. When I merged my Kaspersky Internet Security 21.3.10.391(l) to Kaspersky Standard 21.17.7.539(e), I did not face any issue except for future versions of the app. Then upon KS 21.17.7.539(i) there have been unknown bugs related to report window not registering some virus scans or rootkit scan but then it would happen occasionally that issue. But Antispam was there, Kaspersky quick menu context was working as well the welcome message in introduction display was ensuring safety. Now Kaspersky Standard 21.18.5.438(a) do not ensure me much quality about these bugs and for reducing the package, recently acquired for purchasing Kaspersky Standard license. If I run the procedure to uninstall the whole KS suite and install directly the executable from My Kaspersky management center. Will that bring back Kaspersky scan menu context along with that second function to verify the certification? And what if I decide to wait untill Kaspersky Standard 21.18 update to a newer version ''KS 21.18.5.438(b)'' will this issue among others pointed out by other their user data. Are they going to be fixed if I decide to wait for a newer version to come up?

Thanks for the quick response and solution. I checked the website for any other, jist now it has been marked with CRDF also, any recommendations here and how you chekc if the website is not flagged by any other. Thanks and regards

Hello @om richard, Welcome! Open the GUI, select Settings⚙, select Privacy settings, select Secure Data Input, uncheck Enable Secure Keyboard Input, select Save, select Confirm. Thank you? Flood?+? Resources: About protection of data entered on the computer keyboard How to configure protection of data entered on the computer keyboard

Thank you very much for your quick response

Hello @tniou, Welcome! Thank you for your contribution👏 Agreed, there has been a lot of complaints about Secure Keyboard input is enabled popup, because, it’s a PIA😡! We think there’s an easy fix for this, similar to Kaspersky’s Protected browser, for any field where the Secure Keyboard input is enabled popup (apart from the fact the tiny keyboard icon is already present in the righthand side of all such fields, nothing like overkill Kaspersky!!); all they have to do is use a green border on all Secure Keyboard input is enabled protected fields → it’s not 🚀 science Kaspersky🙄 Thank you🙏 Flood🐳+🐋

Hello there. I was making a thread to list a few changes and possibly bugs to Kaspersky Standard 21.17 transition to 21.18 and now you've mentioned scan/verify files quick menu using mouse cursor no longer exist have made open my eyes. Going have to edit my thread about this. And thanks for sharing this finding.

I have kaspersky premium given to me but I'm not the account owner. I have read a couple of threads on here and some of the documentation. But it remains a little unclear and vague. What can the account owner specifically access on my device? What can they specifically see? What can they specifically do? Can I please get clear definitive answer please? For example: -can they see file list, names and paths? -can they see other devices and hardware connected? Think a PC running kaspersky with connected external drive, camera, network PC and so forth. -can they see logins and passwords using the password manager? In a thread I saw someone say no, but the official documentation for shared accounts in password manager data sync seems to indicate yes? -can they see what programs or software is installed? -can they see optimization suggestions, PC startup suggestions and so on that premium shows the user? -can they see what identity searches were done or what identities are being protected? A privacy protection function of premium that shows the user if their data has been leaked elsewhere -can they see vault and content? -can they see safe kids users, when accessed and so forth? -can they run quick scan? Full scan? If yes, in the results of these, can they see any of the above? What if the scan shows an issue or infection can they then see any of the above? -can they see what modules are not installed or used? Eg VPN, password manager. And can they enable it remotely anyway? -can they update the signatures DB? -what else can they do? -what else can they see?

Hello @emaranhao, Thank you for posting back & the information! So, for clarity, the steps to solve, have now changed from (1) restart Kaspersky to (2) deactivate Secure keyboard input - is that correct? Re Kaspersky Security Cloud (KSC) version 21.3.10.391(x), which patch(x), x = letter, on the Windows Taskbar or hidden icons, rightclick the Kaspersky icon, select About? Is Windows fully updated, with all Updates showing a Successfully applied status? Have the Keyboard drivers been updated / checked / refreshed? In the year the physical keyboard has been intermittently freezing, has KSC been fully uninstalled, saving License information *only*, leaving all other check-boxes unchecked / blank & clean installed? Is KSC Premium or Free? Please post back? Thank you? Flood?+?

Hello @booger, You’re most welcome! (ioo) the tiny Quick launch keyboard icon is fine, the Secure Keyboard Input is enabled popup it generates serves no purpose at all, (ioo & that of many others,) it’s something Kaspersky “should” fix, if they’d only listen to their subscriber feedback! Need to replicate & research, we’ll get back to you. Are KVPN & Kaspersky Security Data Escort Adapter both uninstalled - see images, let us know so we can again replicate & research? When the “desktop app continually tries to install the VPN” is there an alert that you can screenprint & post for us please? Thank you🙏 Flood🐳+🐋

Hello @George Whittle, Welcome! Read: Turn off/on automatic display of the onscreen keyboard - it needs to be *unchecked* Thank you? Flood?+?