Search the Community

Hello @Boncip, Welcome! No. No. The Subscription *owner* shares the subscription, to allow for the other user to use the subscription; from their MyKaspersky account, on (your) device they will be able to: View the list of computer security problems and fix *some of them* remotely, Scan the computer for viruses and other threats - Full scan & Quick scan, Update databases and application modules, Configure *some* Kaspersky components & Disconnect (your) device. *READ* Remote management of computer protection. They will not be able to see (your) passwords or manage any of (your) data/files etc. *READ* Shared protection & all the sub-articles. Also note, Remote management & remoting to (your) computer are *different*, in (your) Kaspersky application, Self-defense, do not Allow managing Kaspersky settings via remote control applications & do not enable external management of system services, *READ* Self-Defense settings (you) can Password protect (your) installed Kaspersky application, *READ: How to password-protect access to the application management functions - however, this may not prevent the subscriber performing the above actions in point 3. as they *own* the subscription & they have *shared* their subscription with you - so they retain some control: Any questions or problems, please post back? Thank you🙏 Flood🐳+🐋

Is there any update on the "MR17" update? I certainly have many, many large files on the filesystems being scanned if that's the case. I've been experiencing this issue for what feels like a year or more now. Exact same symptoms as commonly reported over the last year or two. Full scan will always cause an application crash however, even when manual. System idle for many days will eventually cause a crash. Sometimes application can recover, other times application will fail to launch due to what appears to be the Kaspersky windows service locking up and cannot be restarted or stopped due to security and requires a reboot. I'm not totally comfortable submitting traces and have been watching from the sidelines.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Sometimes it's necessary to check KATA detects, for example IDS, IOA, Sandbox detects. Step-by-step guide IDS detects (SPAN) To check IDS detects (SPAN) you can use tcpreplay utility on server configured to receive SPAN traffic. KATA 4.0/4.1 tcpreplay package for such versions could be found here https://rhel.pkgs.org/7/epel-x86_64/tcpreplay-4.4.4-1.el7.x86_64.rpm.html KATA 5.+ and tcpreplay tcpreplay package is not installed by default, so you should install it manually, using step-by-step guide below: 1) Download this package from HERE 2) Place downloaded file tcpreplay_4.3.2-1build1_amd64.deb to your KATA node. For example, use scp: [user@host]$ scp <your-path>/tcpreplay_4.3.2-1build1_amd64.deb admin@<kata-ip>:/tmp 3) Run installation on your KATA node with the next command: [admin@katahost]$ sudo dpkg -i /tmp/tcpreplay_4.3.2-1build1_amd64.deb Success! Now you can use tcpreplay on your KATA 5.+ or any other UBUNTU system! Before using tcpreplay you should enable tx capture for span: KATA 3.7.* In technical support mode from user root run following commands : systemctl stop apt-preprocessor.service systemctl stop suricata.service rmmod pf_ring Edit file /etc/modprobe.d/pf_ring.conf: change line: options pf_ring enable_tx_capture=0 min_num_slots=16384 # tx capture is disabled to: options pf_ring enable_tx_capture=1 min_num_slots=16384 # tx capture is enabled save file. Start pfring and related services back: modprobe pf_ring systemctl start suricata.service systemctl start apt-preprocessor.service KATA 4.0/4.1 Edit file /etc/modprobe.d/pf_ring.conf: change line: options pf_ring enable_tx_capture=0 min_num_slots=16384 # tx capture is disabled to: options pf_ring enable_tx_capture=1 min_num_slots=16384 # tx capture is enabled save file. In technical support mode from user root run following commands: systemctl stop docker rmmod pf_ring modprobe pf_ring systemctl start docker tx capture for span is now enabled KATA 5.0/5.1/6.0 - see https://forum.kaspersky.com/topic/how-to-enable-tx-capturing-in-kata-katakedre-37514/ Eicar traffic detect: Upload EICAR-Test-File_TCP.pcap sample to server with SPAN interface, then execute command from root shell: tcpreplay -i ens34 EICAR-Test-File_TCP.pcap # ens34 in this example is SPAN interface Nmap traffic detect: Scenario is the same as for Eicar detect, only .pcap file differs (# tcpreplay HackTool.Nmap.HTTP.C&C.pcap). After testing detects from span we strongly recommend to disable tx capture back again by the same way as described above for enabling. AM Engine Use EICAR's - https://www.eicar.com/ Email - send the EICAR via SMTP to KATA 25 port. (SMTP processing needs to be Enabled of course). ProTip: you may use local swaks mail client on CN to skip elaborate mail setups. swaks examples swaks --server 127.0.0.1 --port 25 --from antony@test.org --to cleopatra@test.org --attach eicar.com swaks --server 127.0.0.1 --port 25 --from antony@test.org --to cleopatra@test.org --body "link_to_EICAR_here" Endpoint - put an EICAR file to the endpoint and fetch it using GetFile task, queue for scanning. YARA detects By default, no YARA rules are supplied with the product. For test purposes one can use a test rule from YARA docs https://yara.readthedocs.io/en/v4.1.0/writingrules.html rule ExampleRule { strings: $my_text_string = "text here" $my_hex_string = { E2 34 A1 C8 23 FB } condition: $my_text_string or $my_hex_string } The rule will mark any analyzed object containing $my_text_string or $my_hex_string. IoA detects To check IoA detect (IoA detects can be checked only if you have KEDR license): Copy .bat file from attached archive Test_IOA.rar(not_infected) to any folder on host with installed EDR and start it. After some time(KATA need several minutes to transmit and process telemetry from EDR) check alerts in KATA. Alert should have type ioa_test_detect. For testing IoA detects on host more than once, .bat file should be placed to different locations on this host. On the host with installed KEA run command below in the cmd.exe shell: wmic.exe sfdguninstallkasperskyblabla There can be something else instead of sdfg and blabla, important part of command is uninstallkaspersky Command execution will fail with error, but it's not important. After some time new IoA detect should appear in KATA web-interface. IoC detects One can use the custom rule for testing - Ioctest.zip (infected123) - it is triggered for "c:\windows\system32\calc.exe" Automatic sandboxing in EDR To check automatic sandboxing: Unpack the archive with sample, use default password for samples: autosbtest.zip NB! Do not change MD5 of the sample. Run the sample on EDR-protected host and wait for automatic SB detect: Sandbox detect To check sandbox detect we can use file SA_sleep.exe from archive no_am_detection sample.rar. Password is inside text document in archive. Go to KATA senior security officer web-interface. Choose Storage → Upload and upload SA_sleep.exe from attached archive for KATA checking. Kata should enqueue it to sandbox , then a bit later verdict from SB should be Suspicious Activity. If SA_sleep.exe produces Not detected verdict then please use test_sb.bat from the test_sb.rar URL reputation Firstly, confirm K(P)SN is configured and works properly. MD5 used in this example should return UnTrusted status: Check KSN on KATA command for KATA 4.+ and 5.0: docker exec -it `docker ps | grep ksn_proxy| awk '{print $1}'` /opt/kaspersky/apt-ksn_proxy/sbin/ksn_client --ip 127.0.0.1 --hash 9C642C5B111EE85A6BCCFFC7AF896A51 for KATA 5.1: docker exec -it $(docker ps | grep ksn_proxy| awk '{print $1}') /opt/kaspersky/apt-ksn-proxy/sbin/ksn_client --ip 127.0.0.1 --hash 9C642C5B111EE85A6BCCFFC7AF896A51 Secondly, For traffic: access http://bug.qainfo.ru/TesT/Aphish_w/index For email (SMTP processing needs to be Enabled), send the link above via e-mail. For quick and dirty test: swaks examples swaks --server 127.0.0.1 --port 25 --from fisherman@test.org --to cleopatra@test.org --body "http://bug.qainfo.ru/TesT/Aphish_w/index"

1.Modified firmware found The modified firmware may contain critical security vulnerabilities. Some apps could get additional permissions and send your sensitive data to third parties. The modified firmware could cause an irreversible device malfunction. 找到修改后的固件 修改后的固件可能包含严重的安全漏洞。某些应用可能会获得其他权限，并将您的敏感数据发送给第三方。修改后的固件可能会导致不可逆转的设备故障。 2.Turn off accessibility for unknown apps Accessibility gives an app access to the data that you enter, such as text or web addresses, and gives it access to the keyboard and microphone. For your data security, you are advised to turn off accessibility for unknown apps. 关闭未知应用的辅助功能 辅助功能使应用能够访问您输入的数据（如文本或网址），并允许其访问键盘和麦克风。为了您的数据安全，建议您关闭未知应用程序的可访问性。 怎么在，在设备上本地修复此问题

First quick answer: > Has the *new* Kaspersky *application* been signed into, from the Kaspersky application. > I cannot do anything from the application itself, just see the window stuck with the need for an activation code Not 100% sure if I had shut down the pc completely, doubt that this will change things dramatically but will try a little bit later

I am casting spells and chant open sesame=芝麻开门 Be quick to obey my command=急急如律令 RELEASE NOW😀

I appreciate your quick response. I think that Linux Machines will be upgraded during KSC 14.2 upgrade. I'm right? or Should I upgrade the Linux machines first and then run KSC 14.2 upgrade? Best regards

Is this what you wanted to find ? scroll down for release notes for previous versions https://support.kaspersky.com/KESWin/12.4/en-US/127969.htm and also look at the changes in hardware and software compatibility for the latest version 12.4 ... and for 12.2 12.4 - https://support.kaspersky.com/KESWin/12.4/en-US/127972.htm 12.2 - https://support.kaspersky.com/help/KESWin/12.2/en-US/127972.htm you can change the help description to suit the version you are interested in I'm afraid there is no ready-made quick comparison table...

Ok here are the steps I had to do . 1. removed McAfee from add and remove programs. It appeared to be successful . Started the Kaspersky standard installation , it detected McAfee WebAdvisor was still detected . and incompatable . I was not really surprised about that WebAdvisor was not removed by just deleting from the add and remove 2 So I cancelled installation , and use the McAfee tool and ran. Then went back to install Kaspersky . 3. Installation went well , already ran quick scan all is good , so no more issues Just wanted to update how it went for me on windows 11. Thanks again 😃

Thanks , yeah sorry for being paranoid . I finally managed to launch the KasperSky Plus . Only because i launched the VPN on my windows machine . It's a very cool software indeed ! I still sent a request for refund to customer support since i can't always rely on vpn , i hope they can understand my paranoid and weird words . Anyways i have a small problem now , I am trying to connect to offsec 's website using Kali linux 's virtual machine , but the vpn keeps failling (Openvpn) . However the vpn on my windows machine works perfectly fine , Any idea if kaspersky implements any kind of protections against the traffic coming out from Kali or the virtual machine itself ?? Thanks

In what respect @tunathefish? Most people know not to use anything other than the *recommended* OS. Read: Smart Home Monitor resources. Read: Wi-Fi Analyzer resources. Also, there's many Smart Home Monitor topics in the Forums - you can refine the search according to your requirements: https://forum.kaspersky.com/search/?q=Smart Home Monitor&quick=1 Thank you🙏 Flood🐳+🐋

I always try to not use KavRemover, it usually breaks USB keyboard and mouse drivers, so it would even add a new issue to the current one...

I got my new Samsung s24 today, transferred all my apps, everything is going great and i can even login into Kaspersky. But then it asks me to login again to use the password manager and it says that my main password is incorrect, but it isn't. I've tried deleting the app on my phone and reinstalling but nothing seems to work, i've been looking online for a solution but don't really see anything helpful. I also checked on Kaspersky's site, there is a section where it asks me to enter my main password and what i'm entering there is accepted but it's not "correct" when i try on the app so i'm at a loss. Am i missing something obvious? Edit: Yes, i did miss something obvious. The keyboard layout is slightly different so i was typing the password incorrectly by a single character, don't mind me i'm smart.

Thank you my friend, for being quick to respond. I'm glad there were people who asked about this subject. Well, the Kaspersky team could do this without customers having to hide it. but that's ok, thank you. 😀

Hello Everyone, Good afternoon. I'm here raising another subject for knowledge, I hope you can clarify the matter. I will be detailing the subject with some points to make it easier. If you can put the answers in the points that are mentioned, it will be better for understanding. 1- We know that there is a way to manually update the Kaspersky database so that it can be updated manually, so far so good, now I wanted to know "How do I prevent the Kaspersky product version from being updated automatically?" 2- If there is any way to disable automatic updating of the Kaspersky version, could you provide a step-by-step guide? 3- I see that the vast majority of Antivirus products on the market have this option to update the product version when the customer wants to do so. Examples of antiviruses are AVAST, ESET, BITDEFENDER and others. 4- I see that other products on the market like Avast always launch a new version of their product every month. Kaspersky takes a long time to launch its products, why? 5- Could you tell us when Kaspersky releases new versions? I would like to thank everyone on this subject, I hope my doubts are resolved. Thanks! 🙂

Good afternoon Below is a short introductory instruction for participating in beta testing. You can find out about the release of a new build or patch, and download installers for yourself in the news section. You can report a problem found in the beta build in the Kaspersky/KSOS/KSDE and KES sections, respectively. Please upload dumps to the appropriate section. In the patches section, please post only problems related to patches available for testing. Please pay attention to the rules for working with links: Messages with links will be subject to pre-moderation. After we download the traces/dumps, we will delete your link and publish the post itself with the appropriate mark. Please do not publish the same post if the original one is still under moderation, this is not necessary! It is advisable to follow the rule - 1 problem per 1 message. Application operation logs are located at C:\ProgramData\Kaspersky Lab\[application name and version]\traces. Please also attach screenshots and videos. If you see a message about a product crash on a previous launch and the application asks you to send a report, do not send it if possible! Instead, go to the traces folder, find the dump files and create a topic in the appropriate section of the product. Otherwise, it will be sent to the general user support server and it will be difficult for us to get feedback if necessary.

Unfortunately, this is an old problem and apparently has not been resolved yet. if the user has sufficient rights on the local device, instead of disabling the protection, he will pause it (just pause, and not by time or until a reboot). then you can also resume the operation of components (disable pauses) only from the local client. You will need to manually launch protection locally on all such devices. There is no other solution yet.

I installed Kaspersky Antivirus and my mouse and keyboard stopped working after restarting. I am trying to fix the problem using Kaspersky Rescue Disk 18 but it only shows a black screen after choosing “Graphic Mode” or “Limited Graphic Mode”. I have an Nvidia Geforce RTX 4070 graphics card. I tried to use this topic as a solution, however the link sent for KRD 2024 beta did not work. I can’t use my keyboard or mouse, I cannot run KRD since it gives me a black screen, and I can’t find recovery mode either. My PC is basically useless. Please help

Hello, Unfortunately I cannot do that without my keyboard or mouse.

I installed Kaspersky Total Security today, with a one year subscription. However, after it did a scan and restarted the computer, my keyboard and mouse have stopped responding. I tried other keyboards and mice, both wired and wireless as well but it did not work. But they still work on the biOS screen of the pc. I could not find a recovery boot option. So I would like to have help with this.

Danke Schulte, werde es beobachten, ab wann die Meldung wieder kommt. Kann etwas dauern, bin nicht täglich am Rechner. Mein letzter download war von der Seite ITSG, einem Sozialversicherungsmeldeportal der deutschen Sozialversicherung. Melde mich, sobald der "quick driver updater" wieder auftaucht.

Hallo! Habe soeben erstmals Kaspersky auf meinem Rechner installiert, der Grund war, dass am rechten unteren Bildschirmrand ein kleines quadratisches Fenster aufging mit der Meldung "quick driver update" - ich halte das für einen Virus oder sonstigen Trojaner oder Müll. Nach der Installation und vollständiger Systemprüfung erscheint das Fenster immer noch. Es lässt sich mit dem Task Manager unter "task beenden" wegklicken. Weiss jemand, was das "quick driver update" ist? - ein Virus, Trojaner, sonstwas?

I'll assume that you are trying to run a standard LOCAL task on a specific device. When the devices are managed by the KSC server, this task on the client devices... seems to be disabled... create a GROUP task in the appropriate section (policies and tasks), specify the necessary settings, select the devices on which it should run, set a launch schedule and try to run it...

Если кто-то желает убедиться в активности облачной защиты после отключения участия в KSN, существует тестовый сайт AMTSO. По ссылке кликаете на кнопку "Launch the test". В зависимости от настроек АВ, сработает либо веб-защита (когда включена проверка защищенных соединений и браузер поддерживается), либо после загрузки файл будет детектироваться файловым антивирусом (из-за оптимизации проверок, возможно, потребуется открыть папку с файлом и подождать или просто попробовать просканировать файл через контекстное меню). Префикс UDS (Urgent Detection System) в детекте как раз говорит о том, что срабатывает облачная защита. На всякий случай еще раз: ссылки и файлы на сайте не являются вредоносными и предназначены для проверки работоспособности компонентов защиты.

Hi, Thanks for your quick answer. Unfortunately, it doesn't correct my problem. Obviously, I tried once again to disable AV and upload. The problem is still here. I was too quick in my conclusions to think the VA was the culprit.