Search the Community

Hi Kaspersky: We are a small company and only have 2 IT engineers. Therefore, we use KES + EDR Optimum + MDR as our solution. Next year we want one platform to monitor every endpoint security status. 1. Kaspersky XDR I have read the datasheet of XDR. It seems like an unified platform to monitor everything. In the datasheet, there is a quote: For advanced network management, KATA is an additional option.But the infrastructure shows that KATA will send information to XDR. My questions are: 1. Is XDR a basic KATA or just KUMA system? 2. Is Kaspersky XDR like CrowdStrike Falcon platform, which approaches "Unified platform. Complete protection"? 2. KATA Since we lack of IT engineer, there is no time to deal with incident by ourselves. That's the reason we use MDR. But KATA has a lot of component like EDR Expert and additional sandbox function. We can test unknown threat by ourselves and have quick response. My question is: 1. Does KATA like a small automatic analysis system of KSN? Therefore we can add IoC or YARA rule easily and quickly. Because we just get a little information of Kaspersky XDR from local reseller. The product is too new and no Chinese version. They will send detail information next year. I want to know in advanced so we can evaluate which product is suit for us. Thank you.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Security administrator can create KSWS Application Control rules based on Digital Certificate. What does product actually checks and how it is related to the file itself? First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa. If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed? Altering the file signed by the certificate will cause its certificate to no longer confirm the integrity of this file. As a result "Allowing" rule will no longer be applied to the file. How the control of the revoked certificates operates, if such a control exist? Certificates revocation in the operation system is implemented through OS updates. When a certificate becomes revoked, it can no longer pass validation checks. Thus file execution will be blocked. When both the subject of the certificate and its thumbprint verifications are selected, then product checks that the file is signed by an exact "version" of certificate. In other words, it will not be enough to make a self-signed certificate with the Subject field equal to "Redmont, Microsoft" - such a certificate does not coincide with the real thumbprint of Microsoft.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. While removing Kaspersky Security for Windows Server Console removal log may contain a message: Error 1336. There was an error creating a temporary file that is needed to complete this installation. Folder: C:\Program Files (x86)\Common Files\Kaspersky Lab\Kaspersky Security for Windows Server\. System error code: 5 And if you launch removal process using an appwiz.cpl a popup will be displayed stating : “There was an error creating a temporary file that is needed to completed this installation” This may happen because KES is installed in the system, so far the workaround is the following: Disable self-defense in KES and perform removal one more time.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Sometimes Anti-Cryptor task in KESL won't be able to launch after the OS is started. This may happen because Anti-Cryptor needs all the protected network resources to be up before KESL service is started. In other words, Samba or NFS services should be started before KESL service. Solution To resolve this problem you need to make sure that services start in the correct order. For Systemd systems: 1. Create a file /etc/systemd/system/kesl.service.d/override.conf # touch /etc/systemd/system/kesl.service.d/override.conf 2. Add the following to /etc/systemd/system/kesl.service.d/override.conf: [Unit] After=nfs-server.service smb.service [Service] TimeoutSec=300 3. Reload services # systemctl daemon-reload For Sys V init systems: Rename Samba and NFS init files to make those services start earlier. E.g. # mv /etc/rc3.d/<smb_init_file> /etc/rc3.d/S49smb # mv /etc/rc3.d/<nfs_init_file> /etc/rc3.d/S49<nfs_init_file> Where <smb_init_file> and <nfs_init_file> stand for current init files present in the system. NFS init file may have different name depending on your environment - nfs, nfs3 or nfs-server.

Hello @wildafrica, Thank you for posting back & the information! Read: Kaspersky Protection browser extension - it works, with the following modules: Inform about suspected phishing, Inform about website problem, Open On-Screen Keyboard, no Private Browsing & no Anti-Banner. Is claripi a Medical Imaging Solution - provider? We just need to make sure we're checking the right site - from the image you posted? What does "PC's for a 10-year-old." mean please - is a child going to be using the computer - please clarify? *Where* in the EU please? Please post back? Thank you🙏 Flood🐳+🐋

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Environment/Preconditions KSC - 12 KSWS - 11.0.1.897 You may find a massive increase in disk usage from the folder report under the Kaspersky folder. The size of the report folder will increase from around 2GB to 12GB, the files in the report folder have random name (like 340a13d9-2a50-4c4e-94d6-82a79d80da4b), which rapidly grows and consumes disk space. The file can be deleted to resolve the disk space full issue, which itself can cause many issues (can't log in to the server, KSWS stop, etc) To delete the file: Stop KSWS. Add permission/owner for the login account. Right-click and delete file. This issue is caused by the Task log setting under Log and Notification tab in the KSWS policy. To avoid the detailed events issue: Ensure that there are no Informational events in the Importance level option in each Component. Remove task logs older than (days) is selected. In case you do the above step and the random file is still keep growing rapidly (100 MB per hour), it may be causes by the flooding event. You can check the event flooding by using "DB Browser for SQLite". For example, the log above is generated by the Application launch control component. You may solve this issue by disabling Application launch control log.

Once again I answer my own questions because I am too quick to post. After literally 5 minutes of research, I was able to find out that Kaspersky's drivers are indeed running as ELAM (Early Launch Anti-Malware) drivers: Probably obvious, but I wanted to make sure. And now anyone with the same question knows as well.

Many thanks for the quick resolution of the matter. Top notch! 😎

i am unable to launch any game apps while the program is active. After disabling it, i can launch it again. i have tried messing with the firewall but that doesn't seem to be the issue. How can i launch games while the program remains active

Windows Defender has an early launch module that allows it to start pretty much before the OS does - but with Kaspersky I’ve noticed it takes 1 or 2 seconds after I reach the desktop for the app to show up in the tray. Is that just the app starting late, or the protection modules as well? Do Kaspersky protection modules start early like Defender’s? If the modules start with the app then that’s… not great. Isn’t that a security risk? Malware could start before the AV, disabling its self-defense.

https://learn.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware

Merhabalar, age of empires 4 oyununu Steam dan satın alıp indirdim. Fakat oyun başlangıçta yükleme ekranında kalıyor ve ileri gitmiyor . Fakat Windows+ r den Kaspersky nin hizmetlerini kapatınca serverı aramaya başliyor . Nasıl son verebilirim Windows 11 CoreSinglelanguage x64 Kaspersky plus üyelik Sürüm : 21.14.5.462

So, in the last 4-5 days now Kaspersky is blocking the app Discord on my PC. It doesn't give me any notifications whatsoever I just can't launch discord while Kaspersky is active. Discord shows me the following error '' Update failed - retrying in X sec... ''. I did get in contact with Discord support and for 3 Days we tried many different ways to fix it, other versions, PTBs, older versions, different launch options etc. but in the end, it came all to the same result, Discord won't launch, no matter which version it is unless I completely turn of Kaspersky. When i do turn off Kaspersky - launch Discord - turn on Kaspersky, Discord won't show me pictures and won't let me play videos via the app. After a couple minutes more Discord will get in a state where you would get normally if you don't have internet connection anymore. So, as said to be able to use Discord i need to turn off Kaspersky. When i try to add the Discord.exe as a trusty source via Kaspersky option -> threats and exceptions -> specify trusted apps, Kaspersky does crash. I did attach a screenshot about it. When im in the opions '' exceptions for application '' and i add Discord.exe after i click 'tamam' which means OK, nothing happens (even if i wait for long). After i click it 1 more time Kaspersky just crashes. So here the stuff i already did and still doing. -Check for Updates and do them -Check drivers -Launch with administrator -Try older Version of Discord -Try to add as many folders etc from Discord as a Trusty source -Try different Version of Discord like Public Test Build -Send crash report when Kaspersky crashes I would be happy if someone can give me a solution to this. Discord staff run out of options to let me try so it seems like it might be a problem with Kaspersky. My Version is Microsoft Windows 11 x64 Build 22621 --- 21.3.10.391 (k) --- It's standart version of Kaspersky. Not a free one.

When I try to open the Valorant game I get a message saying "Cannot guarantee authenticity of the domain to which an encrypted connection is being established", and even if I click continue the game does not open, and not only that, but from then on the game never opens unless I restart the computer and I get the message again. SSL connection with invalid certificate detected;Riot Client;RiotClientServices.exe;

I have Kaspersky Premium. "Previous application launch failed". Apparently after few minutes when Windows boots, Kaspersky crashes and opens up again and displays this error. And it does the same several times again during the day. It's really annoying. I have contacted customer support and gave them all the necessary files (dump and system info files), It's been 3 weeks and I haven't heard anything back. I went so far as to fresh install the latest Windows 11 (ISO on Microsoft's website), but nothing changes. I do not have any cracked software and everything I installed are genuine and properly bought. I thought the issue may be due to system stability, so I did a memory test overnight and did some burn-in benchmarks and there are no errors. No other program on my system acts weirdly. I have also tried "Kaspersky removal tool" and did another installation of Kaspersky, but the issue persists. I am very close to uninstalling this for good, and I don't want to, I really like Kaspersky. Please help!

Os Version : Windows 11 22621.2283 Application version : 21.3.10.391 Good morning, For 2 days my Kaspersky total security has been in complete disarray. It starts by having the Kaspersky icon which begins to multiply in the notification bar between 3 to 5 times, then when I hover my mouse over it it all disappears. From this moment on, I have no access to internet surfing or the ability to open the Kaspersky interface. When I try to launch it the icon appears gray and the service does not start. I restarted the PC several times, the problem ended up reappearing quite quickly. I reinstalled kaserperky twice, 1 time while keeping my configuration parameters 1 time with nothing saved I tried to analyze in the Windows logs if I can see the causes of the application shutdown or the causes of its multiple launches but without success. Do you have any idea of the problem or a solution to enable more verbosity in logs so that we can carry out an analysis of this please? Thanks in advance

I found myself without a working keyboard or mouse after installing Kaspersky Free. LUCKILY, the mouse worked when I unplugged it since it's wired and wireless. I scoured the internet for a solution to my problem and quickly learned that has been an issue with Kaspersky since as early as 2016!? I saw that while keyboard input seemed, blocked, I was still able to communicate between PC and keyboard adjusting volume and opening calculator, for example. Moving forward, I tried uninstalling the devices multiple times and reinstalling them (after system restart), I tried modifying the registry, I tried running several different scans... ZERO luck. Then I thought, "Maybe disable Kaspersky?" Still nothing. I uninstalled, restarted, nothing. Windows troubleshoot was unable to fix my "driver error". I caved and called Kaspersky - this seemed promising since the rep sounded friendly! Alas, they told me the problem was not due to Kaspersky (I KNOW it was since that was the only significant change I made to my system), they could not help me and that I might need to contact Microsoft (ROFL, no)... Solution: Hold the shift key and restart the PC. Select a restore point from before installing Kaspersky. Wait about 10 minutes (will vary by system). Thanks for nothing, rep! ZERO effort. I hope you are shown this and not reprimanded, but at least LEARN to apply yourself to help customers. Call Ref #: 14316475

Does Kaspersky install its own mouse or keyboard drivers or change mouse/keyboard registry settings anymore? I read there were some issues regarding this in the past. And why would the software have to do any such thing? Excuse my ignorance but I’m a noob at antivirus. considering switching from Norton to Kaspersky. thank you

when I boot my computer and Kaspersky starts I get this popup window saying "previous application launch failed" and asking if I want to send data. I have sent it a few times, but I have no idea what application and what to do about it. Is it talking about Kaspersky? If so, why is it happening and how do I resolve it?

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. You can set and run PLC Project Integrity Check task in KICS4Nodes console. But it is not clear how to add PLC projects into the task settings in the KSC Console. Before PLC Project Integrity Check task setting the PLC Project Investigation task should be successfully executed. Step-by-step guide Go to the KICS4Nodes policy -> Properties -> Logs and Notifications -> Interaction with Administration Server | Settings. Enable Versions of PLC projects option (disabled by default). Lock the padlock. Save and apply the policy. (Data of investigated PLC projects will be transferred to the KCS as Network lists). Go to the Properties of the target host, which will have PLC project checker role. Go to Tasks section-> Select "PLC Project Integrity Check" task -> Properties -> Settings section Click the ADD button -> You will see the list of PLC projects, which were collected by the PLC Project Investigation task. Check the projects that you want to check. Add them to the list. Enable checkbox of the PLC configurations. Apply task properties. Run the task. PLC Project Integrity Check task does not start automatically after the application reboot. You should set the schedule in the task properties. We recommend to run task by schedule at the application launch.

True.... funny now that you said I'm slowly starting to see that my OS is falling apart beginning with the quick access history being erased upon system restart, windows spotlight failing to load, and of course the classic - longer boot times. 😭 My feelings exactly. The only reason why I'm holding on to Windows is cause of Office 365. Apart from that the whole OS is whack (sorry to Windows fans). On a side note, is Kaspersky available for Linux users?

1. Premium 2. I've never contacted Bosch from the Android. Bosh got into my password list via Windows. I probably found their web site via Google. I have accessed the Kaspersky forum from the Android via Google but I usually follow the labyrinth starting from My Kaspersky. That applies to Windows/iPad/Android. Side issue? I doubt it it. When I first installed KPM on the Android I received a number of notices which flashed on the screen very quickly. One was satisfied by clicking on a button bar. The other came and went so quickly I could barely identify what it was about other than the "Autofill of Passwords" doesn't work and something about installed services. I could not determine the nature of the installed services or where to find them. Following my recent deletion and reinstallation of KPM I have started to receive the same messages again. This time the second message stayed on the screen. It read "Password Autofill doesn't work. Turn on the required settings to enable password autofill." I have done a quick search but I have not yet found anything which seems to fill the bill. Do you have any idea of what the required services are and where I might find them? These may be the answer to my problem.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Some devices do not have keyboards, but still are detected with BadUSB. Step-by-step guide In order to allow them work properly use BadUSB on-screen keyboard, using other onscreen keyboards or physical ones is not recommended. To open BadUSB on-screen keyboard click on the highlighted text (example for Russian localization). Note that Prohibit use of On-Screen Keyboard for authorization of USB devices option should be turned off.

I would like some help with this message that keeps popping up every time I start my computer, I've uninstalled and reinstalled the software three times and it always reappears, the message says "The previous startup of the application failed" and a report has to be sent , I already sent the report that the message asks for but even so it reappears, I wanted support for this and in the application settings there is no function that disables sending data, and at the time of installation I unchecked the option sending data to report, I request clarification on the matter...

[code] System: Kernel: 5.15.0-57-generic x86_64 bits: 64 compiler: gcc v: 11.3.0 Desktop: Cinnamon 5.6.5 tk: GTK 3.24.33 wm: muffin dm: LightDM Distro: Linux Mint 21.1 Vera base: Ubuntu 22.04 jammy Machine: Type: Desktop System: Micro-Star product: MS-7D42 v: 1.0 serial: <superuser required> Mobo: Micro-Star model: MAG B660M MORTAR WIFI DDR4 (MS-7D42) v: 1.0 serial: <superuser required> UEFI: American Megatrends LLC. v: 1.40 date: 05/19/2022 Battery: Device-1: hidpp_battery_0 model: Logitech Wireless Mouse serial: <filter> charge: 55% (should be ignored) status: Discharging Device-2: hidpp_battery_1 model: Logitech Wireless Keyboard serial: <filter> charge: 55% (should be ignored) status: Discharging CPU: Info: quad core model: 12th Gen Intel Core i3-12100 bits: 64 type: MT MCP arch: Alder Lake rev: 5 cache: L1: 320 KiB L2: 5 MiB L3: 12 MiB Speed (MHz): avg: 4183 high: 4286 min/max: 800/5500 cores: 1: 4286 2: 4251 3: 4178 4: 4136 5: 4138 6: 4105 7: 4251 8: 4125 bogomips: 52838 Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx Graphics: Device-1: Intel vendor: Micro-Star MSI driver: i915 v: kernel ports: active: HDMI-A-1 empty: DP-1, DP-2, HDMI-A-2, HDMI-A-3, HDMI-A-4 bus-ID: 00:02.0 chip-ID: 8086:4692 Display: x11 server: X.Org v: 1.21.1.3 driver: X: loaded: modesetting unloaded: fbdev,vesa gpu: i915 display-ID: :0 screens: 1 Screen-1: 0 s-res: 1920x1080 s-dpi: 96 Monitor-1: HDMI-1 mapped: HDMI-A-1 model: LG (GoldStar) W2363D res: 1920x1080 dpi: 96 diag: 587mm (23.1") OpenGL: renderer: Mesa Intel Graphics (ADL-S GT1) v: 4.6 Mesa 22.0.5 direct render: Yes Audio: Device-1: Intel vendor: Micro-Star MSI driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:7ad0 Sound Server-1: ALSA v: k5.15.0-57-generic running: yes Sound Server-2: PulseAudio v: 15.99.1 running: yes Sound Server-3: PipeWire v: 0.3.48 running: yes Network: Device-1: Intel driver: iwlwifi v: kernel port: N/A bus-ID: 00:14.3 chip-ID: 8086:7af0 IF: wlo1 state: down mac: <filter> Device-2: Realtek RTL8125 2.5GbE vendor: Micro-Star MSI driver: r8169 v: kernel pcie: speed: 5 GT/s lanes: 1 port: 4000 bus-ID: 03:00.0 chip-ID: 10ec:8125 IF: enp3s0 state: up speed: 100 Mbps duplex: full mac: <filter> Bluetooth: Device-1: Intel type: USB driver: btusb v: 0.8 bus-ID: 1-14:7 chip-ID: 8087:0033 Report: hciconfig ID: hci0 rfk-id: 0 state: up address: <filter> Drives: Local Storage: total: 589.69 GiB used: 14.44 GiB (2.4%) ID-1: /dev/nvme0n1 vendor: Kingston model: SKC3000S512G size: 476.94 GiB speed: 63.2 Gb/s lanes: 4 serial: <filter> temp: 23.9 C ID-2: /dev/sda vendor: A-Data model: SU650NS38 size: 111.79 GiB speed: 6.0 Gb/s serial: <filter> ID-3: /dev/sdb type: USB vendor: Silicon Power model: silicon -power size: 983 MiB serial: <filter> Partition: ID-1: / size: 237.08 GiB used: 14.41 GiB (6.1%) fs: ext4 dev: /dev/nvme0n1p5 ID-2: /boot/efi size: 95 MiB used: 30.2 MiB (31.8%) fs: vfat dev: /dev/nvme0n1p2 Swap: ID-1: swap-1 type: file size: 2 GiB used: 0 KiB (0.0%) priority: -2 file: /swapfile USB: Hub-1: 1-0:1 info: Hi-speed hub with single TT ports: 16 rev: 2.0 speed: 480 Mb/s chip-ID: 1d6b:0002 Device-1: 1-2:2 info: Micro Star MYSTIC LIGHT type: HID driver: hid-generic,usbhid rev: 1.1 speed: 12 Mb/s chip-ID: 1462:7d42 Hub-2: 1-3:3 info: Genesys Logic Hub ports: 4 rev: 2.1 speed: 480 Mb/s chip-ID: 05e3:0610 Device-1: 1-3.4:5 info: Kingston PS2232 flash drive controller type: Mass Storage driver: usb-storage rev: 2.0 speed: 480 Mb/s chip-ID: 13fe:1f23 Device-2: 1-8:4 info: Logitech Unifying Receiver type: Keyboard,Mouse driver: logitech-djreceiver,usbhid rev: 2.0 speed: 12 Mb/s chip-ID: 046d:c534 Hub-3: 1-11:6 info: Genesys Logic Hub ports: 4 rev: 2.0 speed: 480 Mb/s chip-ID: 05e3:0608 Device-1: 1-14:7 info: Intel type: Bluetooth driver: btusb rev: 2.0 speed: 12 Mb/s chip-ID: 8087:0033 Hub-4: 2-0:1 info: Super-speed hub ports: 9 rev: 3.1 speed: 20 Gb/s chip-ID: 1d6b:0003 Hub-5: 2-2:2 info: Genesys Logic USB3.2 Hub ports: 4 rev: 3.2 speed: 10 Gb/s chip-ID: 05e3:0625 Sensors: System Temperatures: cpu: 27.8 C mobo: N/A Fan Speeds (RPM): N/A Repos: Packages: apt: 2632 No active apt repos in: /etc/apt/sources.list Active apt repos in: /etc/apt/sources.list.d/official-package-repositories.list 1: deb http: //mirrors.powernet.com.ru/mint/packages vera main upstream import backport 2: deb http: //mirror.docker.ru/ubuntu jammy main restricted universe multiverse 3: deb http: //mirror.docker.ru/ubuntu jammy-updates main restricted universe multiverse 4: deb http: //mirror.docker.ru/ubuntu jammy-backports main restricted universe multiverse 5: deb http: //security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse Info: Processes: 277 Uptime: 5m Memory: 31.08 GiB used: 1.5 GiB (4.8%) Init: systemd v: 249 runlevel: 5 Compilers: gcc: 11.3.0 alt: 11 Client: Unknown python3.10 client inxi: 3.3.13 [/code]