Search the Community

Description and cautions This article describes how to configure dump for capturing memory dumps, including application memory. Details The recommended text editor is nano, below is a quick tutorial on how to use it if you are using it for the first time. Configure kdump Altlinux There is no kdump-tools package in the default repository, so it has to be downloaded from the sisyphus repository: Go to https://packages.altlinux.org/en/sisyphus/srpms/kdump-tools/ In List of rpms provided by this srpm select the kdump-tools package for the required architecture (can be checked by running uname -m) Download the package from the Download link Install it by running apt-get update && apt-get install <path to the downloaded rpm> After that, follow the Debian instruction from Edit /etc/default/kdump-tools step Red Hat based distributions (tested on Fedora 38, Rocky Linux 9, Red OS) Install kexec-tools sudo dnf install kexec-tools Edit /etc/kdump.conf. In the configuration file edit the core_collector setting: option -d should be set to 17 instead of 31 Edit /etc/default/grub. Edit GRUB_CMDLINE_LINUX, add crashkernel=256M to reserve enough RAM for the dump kernel to run, and nmi_watchdog=1, to capture a dump in case of a system hang Run sudo grub2-mkconfig -o /boot/grub2/grub.cfg Reboot Enable kdump service sudo systemctl enable --now kdump.service Debian based distributions (tested on Debian, Astra CE, Alt Linux) Install kdump-tools sudo apt update && sudo apt install kdump-tools -y Edit /etc/default/kdump-tools. In the configuration file edit the MAKEDUMP_ARGS variable: option -d should be set to 17 instead of 31 Configure the bootloader In /etc/default/grub edit GRUB_CMDLINE_LINUX_DEFAULT, add nmi_watchdog=1 to capture a dump in case of a system hang In /etc/default/grub.d/kdump-tools.cfg change crashkernel value to 384M-:256M (default is 384M-:128M) Expected result: GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT crashkernel=384M-:256M" ave and run sudo update-grub SUSE Linux Install kdump sudo zypper in kdump kexec-tools Edit /etc/sysconfig/kdump Change KDUMP_DUMPLEVEL variable to 17 Edit /etc/default/grub Edit GRUB_CMDLINE_LINUX_DEFAULT, add crashkernel=256M to reserve enough RAM for the dump kernel to run, and nmi_watchdog=1, to capture a dump in case of a system hang Update the bootloader configuration sudo grub2-mkconfig -o /boot/grub2/grub.cfg Reboot Enable kdump service sudo systemctl enable --now kdump.service Configure SysRq dump trigger To enable SysRq trigger, these key combinations 'kernel.sysrq = 8'(without quotes) has to be added to /etc/sysctl.conf. Reboot or run sudo sysctl --system After the set up above is complete, to manually trigger a dump press Alt+SysRq, Alt+C. Alternatively: echo 8 | sudo tee /proc/sys/kernel/sysrq (Command above is only needed if kernel.sysrq is not set in /etc/sysctl.conf) echo c | sudo tee /proc/sysrq-trigger Location of the dump files may vary between different Linux versions, it is configurable in the kdump configuration file. In Debian based distributions it is set by KDUMP_COREDIR variable. In Red Hat based distributions it is set by the path setting, generally the default location is /var/crash. Make sure that the dump folder has enough free space for the dump to be written. You may search by filemask: vmcore. Related Information

Hello guys, Currently i am running Microsoft Windows 10 Pro 22H2 Build SO: 19045 with latest Microsoft Windows 10 updates. I was using Kaspersky Cloud Free as my antivirus. Yesterday i received an update for my anti-virus for the newest Version 21.9.6.465. I cannot open On-Screen Keyboard even if i press the shortcut keys CTRL+ALT+SHIFT+P. I also uninstall the antivirus completely and remove all leftovers. I also Uninstall only one of my web browsers Mozilla Firefox I downloaded the latest version available on the global website from Kaspersky and from My Kaspersky (Downloads). The version is the right one for European countries. If you remember well i already faced this problem in the past. But on that time Seem's there isn't any version available for European countries, so the resolution was removing completely Kaspersky free from my system and install the Kaspersky Security Cloud Free. I think I will make the same when you find a solution, please tell me OK! I did a Microsoft Windows Clean install on March 30, 2023. I am running out of ideas to fix the problem! I use Home Banking a Lot i need my On-Screen Keyboard to put the Password instead of Physical Keyboard. I think it's safer! But if nothing of this works in either Browser I will be forced to downgrade. But i also think that sooner or later my anti-virus will want to make the upgrade happen again. So, what can i do to avoid that? Thank you very much for the time that you will spend to try to find a solution. Best Regards. Hugop.

Problem: Create Group On Demand Scan Task of Windows Kaspersky Light Agent 5.2/Linux Kaspersky Light Agent 5.2 Launch Group On Demand Scan Task Group On Demand Scan Task of Windows Kaspersky Light Agent 5.2/Linux Kaspersky Light Agent 5.2 might detect infected object, but might not delete it. Solution: Delete created Group On Demand Scan Task of Windows Kaspersky Light Agent 5.2/Linux Kaspersky Light Agent 5.2 Delete all created Windows Kaspersky Light Agent 5.2/Linux Kaspersky Light Agent 5.2 Policies Add registry key on Kaspersky Administration Server 5_2_ksc_win_x86_fix.reg if Kaspersky Administration Server is installed on x86 operation system 5_2_ksc_win_x64_fix.reg if Kaspersky Administration Server is installed on x64 operation system Create Windows Kaspersky Light Agent 5.2/Linux Kaspersky Light Agent 5.2 Policies anew. Create Group On Demand Scan Task of Windows Kaspersky Light Agent 5.2/Linux Kaspersky Light Agent 5.2 Launch Group On Demand Scan Task of Windows Kaspersky Light Agent 5.2/Linux Kaspersky Light Agent 5.2

There is an example of a step-by-step instruction to configure Single-Sign-On (SSO) for KATA 4.1/5+/6+ into HOME.LAB domain. Prerequisites Deployed Central Node Server Name should be FQDN. (In current case FQDN name of Central Node - kata-cn.home.lab) It can be checked via Settings/Network Settings of Central Node. A and PTR record should be set for Central Node in DNS. Domain User Account should be created to set up Kerberos authentication by means of keytab file (in current case Domain User Account is kata-sign-on). AES256-SHA1 encryption algorithm should be enabled into created Domain User Account. Step-by-step guide to create keytab file On Domain Controller: Launch CMD As Administrator Execute the following command to create keytab file C:\Windows\system32\ktpass.exe -princ HTTP/kata-cn.home.lab@HOME.LAB -mapuser kata-sing-on@HOME.LAB -crypto AES256-SHA1 -ptype KRB5_NT_PRINCIPAL -pass * +dumpsalt -out C:\TEMP\kata-sgn-on.keytab The utility requests the kata-sign-on user password when executing the command. The SPN of the selected server is added to the created keytab file. The generated salt is displayed on the screen: Hashing password with salt "<hash value>" For multiple Central Node servers you need to save "<hash value>" of hashing password to add an SPN for each subsequent Central Node servers further using ktpass.exe utility. On Central Node Web Interface Move to Settings/Users/Active Directory Integration Add the created keytab file: Keytab file status section contains File which contains SPN for this server The file contains section HTTP/*****@*****.tld Under Users tab click Add and select Domain user account. Set domain user as <username>@<domain> On client machine Host should be joined to the same domain. Domain user should be logged in with account added into the Central Node. Open Control Panel/Internet Options Click on Security and select Local Intranet Click on Sites and then on Advanced Add FQDN of central node - kata-cn.home.lab Close windows: Launch Web Browser and access to Web Interface of the Central Node https://kata-cn.home.lab:8443 and it should be opened without asking any Login/Password.

I left my computer alone for two weeks, When I returned my Kaspersky icons had disappeared from my desktop. Kaspersky still appears to be running but I cannot launch it from the apps list and get the same annoying dialogue as the original poster. Kaspersky also cannot open the secure browser to my Bank or other financial sites. I have tried downloading Microsoft.net framework and reinstalling it but this achieves nothing either. Is this some monkey business from Microsoft?

Hello @Pandonus, Welcome back! What happened - what errors show when Kaspersky Premium fails to update anydesk? Please look in Kaspersky Reports for any anydesk events & post back? Note - please post images in English - to convert the Kaspersky Gui to English - by pressing SHIFT + F12 on the keyboard; to revert press SHIFT + F5 on the keyboard. Are (you) able to update anydesk manually? *Note* when posting images to a public forum, for *your* privacy & security - please hide all personal information - for example - email address. Please post back? Thank you🙏 Flood🐳+🐋

I have my file manager windows app blocked from network activity. But using that file manager I have some url shortcut files, as bookmarks to those websites. If my windows default web browser is not currently running then clicking the file will launch the browser but Kaspersky blocks it. Even though the browser is network allowed. If I run my browser first then copy over the url into the box it isn't blocked. This happens with any kind of file where I want the program not to connect to the internet but if it runs a file that I want to connect it won't. How can I allow url shortcuts to pass but keep the file manager blocked? Same with updating software. I wish that for my apps I can "Check For Updates" and Kaspersky will allow it, but that's the only thing it will allow.

This instruction is relevant only in case of troubleshooting incorrect loading or rendering of a web page. In order to troubleshoot issues KES network traffic related issues traffic dump is required. It is easier to analyze and does not require third-party software installation. If reproduction of the issue requires the web browser to open web pages(such as web control non-working as expected, web page not loading, and so on), the tests should be performed in Incognito mode(also known as private browsing). Chrome browser: Ctrl+Shift+N or you can start browser from terminal: & "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -incognito . Starting application from terminal will make launch key visible in traces and make diagnostic easier. Firefox browser: Ctrl+Shift+P or you can start browser from terminal: & "C:\Program Files\Mozilla Firefox\firefox.exe" -private-window . Starting application from terminal will make launch key visible in traces and make diagnostic easier. Microsoft Edge: Ctrl+Shift+P Opera browser: Ctrl+Shift+N KES11/12 Instructions Disable KES11/12 Self-defense Navigate to the following registry key: x86: HKLM\SOFTWARE\KasperskyLab\protected\KES<Build version>\environment\ x64: HKLM\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES<Build version>\environment\ Create a string type value named DumpNetworkTraffic : DumpNetworkTraffic = (REG_SZ)"1" Restart the product or reboot the host Traffic dump files will be saved to %ProgramData%\Kaspersky Lab\KES<Build version>\Data\traffic Once the issue is reproduced compress the whole traffic directory Do not forget to disable traffic dump collection. To do so delete DumpNetworkTraffic value.Then restart the product or reboot the host.

Having upgraded to Premium from Total Security, the virtual keyboard in Safe Money no longer functions correctly. Clicking on the keys does not always register, so passworded files and websites are very difficult to access unless I resort to using the real keyboard, which defeats the point of having a virtual keyboard for security

red and green, its looking pretty festive here 🎄🍻 um so quick updates: they asked if the failed DNS site lookup happens with other sites then dnsleaktest.com, personally idk but it happens consistently with that site. i tested 10 servers for them and they still fail to find the site. i tried another vpn looking up dnsleaktest.com and it works fine. i updated the vpn again, and noticed the first go with selecting the fastest server puts me across the world, then after connecting to a closer server then trying the fastest server works properly. they asked if its the ISP i said i dont have the luxury to test that, but I gave them a link to this forum again where others have confirmed its not the ISP. 🙃happy holidays🫡

Quick startup keeps disabling some of my preferred startup items, I turn them back on thru the Kaspersky UI, It tells me to reboot. System then allows them all to run, but then Kaspersky Standard disables them again. How do I permanently turn OFF this **** and unwanted "Quick Startup" Lenovo kaptop, UEFI System AMD Ryzen cpu, 32gb ram, 2 x 512gb ssd, win 11 ver 2000.856

Hello everyone, After I updated Kaspersky Free to the latest version my keyboard stopped working. I tried many solutions but nothing worked. Please help.

Montreal servers feel great, quick loads no hiccups on youtube. 🥳 a bit quicker then Toronto imo, but maybe due to many normal factors. I Still get time outs where youtube tries to run an add and shows the page is not available but i think thats because of my adblock web extension Ublock Origin on firefox.

Hi All I have the same issue and I am using KIS (Kaspersky Internet Security) ?? Sorry for party crashing your topic. I am on a single computer using win11 updated a ASUS Keyboard (CERBERUS (K2)) USB - The "block" is random and from time to time?? - I just exit Kaspersky and turn him back on... But it is really frustrating - when I am typing and suddenly --- No reaction!! I don't have BADUSB attack and any of all those settings you showed here..? Hope for a solution Stay Frosty Netz

How can I disable the Kaspersky keyboard prompt in password fields using browsers on Windows 10 PCs? Nick

Thanks for reply. Just now, my Windows prompted me to update. After the update, the quick scan returned to normal. Thank you very much. Could you explain what caused this?

I have had this issue yesterday, but now it connects again. Still, it is really slow and unstable. Not sure how it fixed, just did it by itself. I think it just has to do with the infrastructure updates not being fully tested and complete. They must have rushed this update so quick, hence all the issues. Hopefully something official comes up.

Hi. First time using kaspersky premium and I am still learning the ins and outs. How do I disable the feature of where kaspersky keep asking me for permission to allow apps to access registry? While I appreciate the security tightness, it get very tedious to click allow every time I boot my pc or launch an app that I know and trusted. Cheers! :D Picture below.

Hi, I noticed that "Applications Launch Control" in task mode "Statistics only" does block (deny) applications from starting. I believed that "Statistics Only" wouldn't block anything but in this case the opposite seems to be true. Whenever I see that an application is being blocked I add it to the "Rules list..." under "Rules managing" after which the application runs without any problems. The events all say that there are no rules found for applications that are being blocked. Does this have something to do with the option "Replace local rules with policy rules" under "Rules managing"? Can someone please point out why task mode "Statistics only" does block applications in "Applications Launch Control? KSC: 13.2 Kaspersky Security for Windows Server: 11.0.0.480 Best regards

I've been using Total Security for at least 10 years and never had an issue until recently. I have a 2.5 year old PC HP laptop running Windows 10 and a 2 year old Android phone running whatever the latest update is. I extended my Kaspersky licence to my phone. I use the Chrome browser on both devices. Over the past 2 to 3 months (it's sept. 4, 2022), both devices have suddenly shut off while I was in the middle of something. Re: my phone, it's happened in the middle of me writing a text and in the middle of a phone call. On my laptop, it has happened while I was working in an excel document and while I was shopping online and about to hit the checkout button. Those are just the examples I can remember. I have been able to restart my phone afterwards but my laptop doesn't want to power on afterwards. I sometimes can't use it for hours. Once it was about 2 days before it would start again. At the moment, I'm not able to power it up and I don't know how to resolve that. Perhaps this is just coincidence but lately, I've been getting the occasional pop-up that tells me I've exceeded my 300 MBs of VON protection and offers a button for extended protection. I followed it once to find out it's trying to sell me an add-on. I've told it to get lost every other time. Has anyone else experienced any of the above? Does Kaspersky know about it? When I'm able to get back into my laptop, is there anything I can do so that it won't happen again? Thanks

I found Kaspersky, as well as two other previous softwares, cannot discern between a standard form field and one that needs extra care. Always sticking the prompts in a standard address field or whatever. I did find a control for this in the primary Kaspersky interface by typing "key" in the search field at the top, and selecting secure data input. You can keep the function enabled, but called upon with a keyboard shortcut only, and then disabling the prompt. You can choose types of fields you want the virtual keyboard to pop up in, but I have no faith. I have Bitwarden for my passwords and credentials, so no typing anyway.

Did you find a solution? I have the same problem. Clients receive a critical alert because KES is not working, and when trying to launch the application through KES, this error appears. When the client computer is restarted, the problem is resolved. However, I would like to resolve the issue causing KES to fail and stop. As shown in the attached image, out of almost 200 computers, four are experiencing the same problem. This occurs daily on different computers. If I restart these four computers now, tomorrow there will be other computers with the same problem.

Problem Using EDR, you may encounter an issue where you're unable to view incident card regarding a detection in KSC Web Console. It looks like this: Here we will discuss known causes of such behavior (several products are involved, so causes may be different). Possible causes and solutions MDR In MDR, incidents are to be viewed using the dedicated MDR Console, and KSC version 13 and newer with configured MDR plug-in. KSC 12.* Web Console will not receive the data; this is expected behavior. KES+KEA If you first install KES without EA component, and then a standalone KEA package, KES EDRO integration will be disabled and killchain will not work. Here is a quick way to determine if KEA was installed as a component of KES. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] "AntiAPTFeature" = "1" If the value is 0, proceed to the workaround to enable the component as described below. To fix this, we ran Change application components task on the host, enabling Endpoint Agent in KES. If KES/KEA integration is configured correctly, we can find the following in KES traces: 12:08:37.426 0x2a18 INF edr_etw Start processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, recordId = 6, taskId = 1128, result = 0 12:08:37.426 0x2a18 INF edr_etw Start processing actions = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, action = 4, recordId = 6, taskId = 1128, edrAction = 3489660999, result = 0 12:08:37.442 0x2a18 INF edr_etw Killchain is enabled! 12:08:37.442 0x2a18 INF edr_etw SystemWatcher is running! 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect end 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds end 12:08:37.442 0x2a18 INF edr_etw Finish processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com threat status = 1, recordId = 6, taskId = 1128,result = 0 12:08:37.458 0x1f18 INF edr_etw Finish processing AV detect result = 0 Searching for ThreatID in KEA traces: 12:08:37.426 0x2a18 INF amfcd ThreatsProcessingEventsLogic::OnTreatActionImpl: ctx:0x23d68510 [TI 0x1b8dd490: id = 0x6, : tdid = {7F620459-6C51-9E46-9A5D-689A9B0D0098}, name = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, add info: <none>, 0x0] 0x4 0x0 KES+KEA (upgrade from KESB to EDR Optimum) EDR Optimum requires KSC 12.1 or newer to work. This includes the Network Agent, which is a part of KSC, and is generally installed on the host alongside KES. Using an outdated version of Network Agent (10.5, 11, etc.) will lead to the mentioned error when opening incident cards. If Network Agents were not upgraded along KSC, it's better upgrading them for EDR Optimum. KES 11.7+ Check that EDR Optimum feature is enabled in registry (GSI > Registry > HKLM_Software_Wow6432Node_KasperskyLab.reg.txt ). [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] EdrOptimumFeature = 1 If value is 0, run Change application components task on the host, enabling EDR Optimum in KES. Also in traces (*.SRV.log) you can search for sentence bundles::InstalledFeaturesProvider::InstalledFeaturesProvider and check that EDROptimumFeature is there, for instance in example below such component is missing KES.21.9.6.465_05.18_14.00_3952.SRV.log 11:00:36.897 0x26a0 INF bundles::InstalledFeaturesProvider::InstalledFeaturesProvider{ 3 (AVScannerAndCoreFeature) 28 (AdaptiveAnomaliesControlFeature) 0 (AdminKitConnectorFeature) 24 (AdvancedThreatProtectionFeature) 27 (AmsiFeature) 7 (ApplicationControlFeature) 17 (BehaviorDetectionFeature) 30 (CloudControlFeature) 4 (CriticalScanTask) 6 (DeviceControlFeature) 23 (EssentialThreatProtectionFeature) 11 (ExploitPreventionFeature) 8 (FileThreatProtectionFeature) 19 (FirewallFeature) 5 (FullScanTask) 2 (HostIntrusionPreventionFeature) 16 (MailThreatProtectionFeature) 14 (NetworkThreatProtectionFeature) 12 (RemediationEngineFeature) 25 (SecurityControlsFeature) 18 (UpdaterTask) 21 (WebControlFeature) 20 (WebThreatProtectionFeature) 22 (WholeProductFeature) } KSWS+KEA The same rule applies: KEA component needs to be installed in KSWS. KSWS does not have a "Change application components" task in KSC, so this has to be taken into account during KSWS deployment. Here is a quick way to determine if KEA was installed as a component of KSWS. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\Software\Wow6432Node\KasperskyLab\\WSEE\11.0\Install] "Features"="AntiCryptorNAS=0;AntiCryptor=0;AntiExploit=0;AppCtrl=0;AVProtection=0;DevCtrl=0;Fim=0;Firewall=0;ICAPProt=0;IDS=0;Ksn=0;LogInspector=0;Oas=0;Ods=0;RamDisk=0;RPCProt=0;ScriptChecker=0;Soyuz=0;WebGW=0" (Soyuz needs to be set to 1) If Soyuz is set to 0, apply workaround to enable it. KSWS allows to change its components locally or via cli. Here is the example of how to set Soyuz=1 when KEA was installed not as a component of KSWS: 1. Locate ks4ws_x64.msi or ks4ws.msi (depends on OS architecture) 2. Create custom installation package based on ks4ws_x64.msi or ks4ws.msi from p.1 with parameters as per screenshot (add UNLOCK_PASSWORD= if KSWS is protected by password in policy) 3. Deploy package on problematic servers with KSWS and KEA, then check registry that Soyuz=1 4. Check host's properties at KSC side - EDRO should be in Running state in KEA If KSWS/KEA integration is configured correctly, we can find the following in KSWS traces: 19:57:04.577 7a8 1310 info [edr] Published ThreadDetected: VerdictName : HEUR:Win32.Generic.Suspicious.Access RecordId : 0 DatabaseTime : 18446744073709551615 ThreatId : {ffb58079-6d8d-4a62-8ab0-021ff4ed61c5} IsSilent : false Technology : 3489661023 ProcessingMode : 3489660948 ObjectType : 3489660934 ObjectName : C:\Windows\System32\wbem\WmiPrvSE.exe Md5 : e1bce838cd2695999ab34215bf94b501 Sha256 : 1d7b11c9deddad4f77e5b7f01dddda04f3747e512e0aa23d39e4226854d26ca2 UniquepProcessId: 0xf7c807730e051a0d NativePid : 3360 CommandLine : AmsiScanType : AmsiScanBlob : FileCreationTime: 1601-01-06T23:09:56.075520800Z Searching for ThreatID in KEA traces: 19:57:05.583 704 9b0 debug [bl] ThreatsHandler: detect v2 verdictName: HEUR:Win32.Generic.Suspicious.Access detectTechnology: 0xd000005f processingMode: 0xd0000014 objectType: 0xd0000006 objectName: C:\Windows\System32\wbem\WmiPrvSE.exe nativePid: 3360 uniquePid: 17854528913448180237 nativePidTelemetry: 3360 uniquePidTelemetry: 17854528913448180237 downloaderUniqueFileId: <none> downloadUrl: <none> isSilentDetect: false threatId: ffb58079-6d8d-4a62-8ab0-021ff4ed61c5 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59675, processed=59675, dropped=0, queueBytes=191 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59676, processed=59676, dropped=0, queueBytes=132 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59677, processed=59677, dropped=0, queueBytes=371 19:57:05.583 704 9b0 debug [bl] Threats Handler: event processed, id = 2 19:57:05.584 704 1fc debug [killchain] Message discarded: name = ThreatDetect The verdict is Message discarded, this means the detection won't trigger killchain generation. No such entries can be found in traces, which might mean that EPP integration is not configured correctly (EDR component is disabled in KSWS). Check killchain presence on the host If all pre-requisites are met, it's worth checking if killchain files are actually created on the host. To check that, run cmd.exe as Administrator and check the c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects folder contents. Archives with <threat_id>.zip names should be present in the folder: C:\WINDOWS\system32>dir "c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects" Volume in drive C has no label. Volume Serial Number is 8010-ADC0 Directory of c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects 08/16/2021 12:20 PM <DIR> . 08/16/2021 12:20 PM <DIR> .. 08/16/2021 09:34 AM 636 0349c190-4ac3-4da4-9b64-07835298660f.zip //this is an archive with killchain info 08/16/2021 12:18 PM 696 1d306aa7-f37f-4ab2-969e-d337d398a995.zip 08/16/2021 09:34 AM 637 23a5dc93-5776-43c8-b949-79c102aa1184.zip 08/16/2021 12:19 PM 691 27bc9ea3-200b-49d2-b8b0-df7954cd428a.zip 08/16/2021 12:19 PM 683 40673c70-9e8e-420f-b5ce-65b406862b94.zip 08/16/2021 12:19 PM 688 590b6e30-4509-4b25-bdb0-062f89b7e062.zip 08/16/2021 12:20 PM 693 67993612-dc82-45a2-9e5b-74756adc46eb.zip 08/16/2021 12:20 PM 685 6a892bd1-f452-42d0-80b0-cb953cd7fc26.zip 08/16/2021 12:19 PM 686 a63fbafa-fcef-46f7-935f-42be4392a172.zip 08/16/2021 12:19 PM 699 d9d4f5eb-42b2-4460-8f8a-eb63bbef8791.zip 08/16/2021 12:19 PM 686 f6042624-9840-4a6e-9b30-9270cce22236.zip 11 File(s) 7,480 bytes 2 Dir(s) 240,763,092,992 bytes free

It's pretty useless to scan password-protected archives via VirusTotal.🙂 For a quick solution, you can try to configure an exception, as shown in the screenshot (don't forget to save the changes). Perhaps you may need to add something else to the exceptions.

I have windows 10 22h2 with Kaspersky free edition and the browser extension for Microsoft Edge, Google Chrome and Mozilla Firefox All the latest updates installed. Previously, i had to uninstall the antivirus and reinstall again. Now i am facing exactly the same problem. I Stopped the antivirus and started again. I test in more than one browser and doesn't work even. What more can i do to fix the problem!?