Search the Community

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Sometimes it's necessary to check KATA detects, for example IDS, IOA, Sandbox detects. Step-by-step guide IDS detects (SPAN) To check IDS detects (SPAN) you can use tcpreplay utility on server configured to receive SPAN traffic. KATA 4.0/4.1 tcpreplay package for such versions could be found here https://rhel.pkgs.org/7/epel-x86_64/tcpreplay-4.4.4-1.el7.x86_64.rpm.html KATA 5.+ and tcpreplay tcpreplay package is not installed by default, so you should install it manually, using step-by-step guide below: 1) Download this package from HERE 2) Place downloaded file tcpreplay_4.3.2-1build1_amd64.deb to your KATA node. For example, use scp: [user@host]$ scp <your-path>/tcpreplay_4.3.2-1build1_amd64.deb admin@<kata-ip>:/tmp 3) Run installation on your KATA node with the next command: [admin@katahost]$ sudo dpkg -i /tmp/tcpreplay_4.3.2-1build1_amd64.deb Success! Now you can use tcpreplay on your KATA 5.+ or any other UBUNTU system! Before using tcpreplay you should enable tx capture for span: KATA 3.7.* In technical support mode from user root run following commands : systemctl stop apt-preprocessor.service systemctl stop suricata.service rmmod pf_ring Edit file /etc/modprobe.d/pf_ring.conf: change line: options pf_ring enable_tx_capture=0 min_num_slots=16384 # tx capture is disabled to: options pf_ring enable_tx_capture=1 min_num_slots=16384 # tx capture is enabled save file. Start pfring and related services back: modprobe pf_ring systemctl start suricata.service systemctl start apt-preprocessor.service KATA 4.0/4.1 Edit file /etc/modprobe.d/pf_ring.conf: change line: options pf_ring enable_tx_capture=0 min_num_slots=16384 # tx capture is disabled to: options pf_ring enable_tx_capture=1 min_num_slots=16384 # tx capture is enabled save file. In technical support mode from user root run following commands: systemctl stop docker rmmod pf_ring modprobe pf_ring systemctl start docker tx capture for span is now enabled KATA 5.0/5.1/6.0 - see https://forum.kaspersky.com/topic/how-to-enable-tx-capturing-in-kata-katakedre-37514/ Eicar traffic detect: Upload EICAR-Test-File_TCP.pcap sample to server with SPAN interface, then execute command from root shell: tcpreplay -i ens34 EICAR-Test-File_TCP.pcap # ens34 in this example is SPAN interface Nmap traffic detect: Scenario is the same as for Eicar detect, only .pcap file differs (# tcpreplay HackTool.Nmap.HTTP.C&C.pcap). After testing detects from span we strongly recommend to disable tx capture back again by the same way as described above for enabling. AM Engine Use EICAR's - https://www.eicar.com/ Email - send the EICAR via SMTP to KATA 25 port. (SMTP processing needs to be Enabled of course). ProTip: you may use local swaks mail client on CN to skip elaborate mail setups. swaks examples swaks --server 127.0.0.1 --port 25 --from antony@test.org --to cleopatra@test.org --attach eicar.com swaks --server 127.0.0.1 --port 25 --from antony@test.org --to cleopatra@test.org --body "link_to_EICAR_here" Endpoint - put an EICAR file to the endpoint and fetch it using GetFile task, queue for scanning. YARA detects By default, no YARA rules are supplied with the product. For test purposes one can use a test rule from YARA docs https://yara.readthedocs.io/en/v4.1.0/writingrules.html rule ExampleRule { strings: $my_text_string = "text here" $my_hex_string = { E2 34 A1 C8 23 FB } condition: $my_text_string or $my_hex_string } The rule will mark any analyzed object containing $my_text_string or $my_hex_string. IoA detects To check IoA detect (IoA detects can be checked only if you have KEDR license): Copy .bat file from attached archive Test_IOA.rar(not_infected) to any folder on host with installed EDR and start it. After some time(KATA need several minutes to transmit and process telemetry from EDR) check alerts in KATA. Alert should have type ioa_test_detect. For testing IoA detects on host more than once, .bat file should be placed to different locations on this host. On the host with installed KEA run command below in the cmd.exe shell: wmic.exe sfdguninstallkasperskyblabla There can be something else instead of sdfg and blabla, important part of command is uninstallkaspersky Command execution will fail with error, but it's not important. After some time new IoA detect should appear in KATA web-interface. IoC detects One can use the custom rule for testing - Ioctest.zip (infected123) - it is triggered for "c:\windows\system32\calc.exe" Automatic sandboxing in EDR To check automatic sandboxing: Unpack the archive with sample, use default password for samples: autosbtest.zip NB! Do not change MD5 of the sample. Run the sample on EDR-protected host and wait for automatic SB detect: Sandbox detect To check sandbox detect we can use file SA_sleep.exe from archive no_am_detection sample.rar. Password is inside text document in archive. Go to KATA senior security officer web-interface. Choose Storage → Upload and upload SA_sleep.exe from attached archive for KATA checking. Kata should enqueue it to sandbox , then a bit later verdict from SB should be Suspicious Activity. If SA_sleep.exe produces Not detected verdict then please use test_sb.bat from the test_sb.rar URL reputation Firstly, confirm K(P)SN is configured and works properly. MD5 used in this example should return UnTrusted status: Check KSN on KATA command for KATA 4.+ and 5.0: docker exec -it `docker ps | grep ksn_proxy| awk '{print $1}'` /opt/kaspersky/apt-ksn_proxy/sbin/ksn_client --ip 127.0.0.1 --hash 9C642C5B111EE85A6BCCFFC7AF896A51 for KATA 5.1: docker exec -it $(docker ps | grep ksn_proxy| awk '{print $1}') /opt/kaspersky/apt-ksn-proxy/sbin/ksn_client --ip 127.0.0.1 --hash 9C642C5B111EE85A6BCCFFC7AF896A51 Secondly, For traffic: access http://bug.qainfo.ru/TesT/Aphish_w/index For email (SMTP processing needs to be Enabled), send the link above via e-mail. For quick and dirty test: swaks examples swaks --server 127.0.0.1 --port 25 --from fisherman@test.org --to cleopatra@test.org --body "http://bug.qainfo.ru/TesT/Aphish_w/index"

1.Modified firmware found The modified firmware may contain critical security vulnerabilities. Some apps could get additional permissions and send your sensitive data to third parties. The modified firmware could cause an irreversible device malfunction. 找到修改后的固件 修改后的固件可能包含严重的安全漏洞。某些应用可能会获得其他权限，并将您的敏感数据发送给第三方。修改后的固件可能会导致不可逆转的设备故障。 2.Turn off accessibility for unknown apps Accessibility gives an app access to the data that you enter, such as text or web addresses, and gives it access to the keyboard and microphone. For your data security, you are advised to turn off accessibility for unknown apps. 关闭未知应用的辅助功能 辅助功能使应用能够访问您输入的数据（如文本或网址），并允许其访问键盘和麦克风。为了您的数据安全，建议您关闭未知应用程序的可访问性。 怎么在，在设备上本地修复此问题

First quick answer: > Has the *new* Kaspersky *application* been signed into, from the Kaspersky application. > I cannot do anything from the application itself, just see the window stuck with the need for an activation code Not 100% sure if I had shut down the pc completely, doubt that this will change things dramatically but will try a little bit later

Hallo! Habe soeben erstmals Kaspersky auf meinem Rechner installiert, der Grund war, dass am rechten unteren Bildschirmrand ein kleines quadratisches Fenster aufging mit der Meldung "quick driver update" - ich halte das für einen Virus oder sonstigen Trojaner oder Müll. Nach der Installation und vollständiger Systemprüfung erscheint das Fenster immer noch. Es lässt sich mit dem Task Manager unter "task beenden" wegklicken. Weiss jemand, was das "quick driver update" ist? - ein Virus, Trojaner, sonstwas?

I installed Kaspersky Total Security today, with a one year subscription. However, after it did a scan and restarted the computer, my keyboard and mouse have stopped responding. I tried other keyboards and mice, both wired and wireless as well but it did not work. But they still work on the biOS screen of the pc. I could not find a recovery boot option. So I would like to have help with this.

I am casting spells and chant open sesame=芝麻开门 Be quick to obey my command=急急如律令 RELEASE NOW😀

Hello Everyone, Good afternoon. I'm here raising another subject for knowledge, I hope you can clarify the matter. I will be detailing the subject with some points to make it easier. If you can put the answers in the points that are mentioned, it will be better for understanding. 1- We know that there is a way to manually update the Kaspersky database so that it can be updated manually, so far so good, now I wanted to know "How do I prevent the Kaspersky product version from being updated automatically?" 2- If there is any way to disable automatic updating of the Kaspersky version, could you provide a step-by-step guide? 3- I see that the vast majority of Antivirus products on the market have this option to update the product version when the customer wants to do so. Examples of antiviruses are AVAST, ESET, BITDEFENDER and others. 4- I see that other products on the market like Avast always launch a new version of their product every month. Kaspersky takes a long time to launch its products, why? 5- Could you tell us when Kaspersky releases new versions? I would like to thank everyone on this subject, I hope my doubts are resolved. Thanks! 🙂

Dear KIS Community I don't know why KIS block Brave Browser every first time launch it. When start browsing, it is blocked. Second time of launch it I can browse. Moreover, If I exit my second times browser window then third times is not work too. Unless reopen it (4th). Error by the following action like this. Moreover, I can't find the solution of such this case over Google also. Please help. If the problem still exist, might not renew license. Really bored.

Hello. I just installed Kaspersky internet security and right away my Lenovo yoga 7i keyboard stopped working. Tried several methods before finding the registry method. Problem is, I follow all the steps, I delete the "klkbdflt" entry from the registry leaving only "kbdclass". I hit ok. Then when I close the registry, it comes back as it was: both entries appear in the UpperFilters. What do I do now? Please help, I need this machine for work. When I change it: When I open it again:

Hi all , I have a VPN software called SurfShark takes long time to launch because of Kaspersky Standard. I've changed some settings in Exclusion of applications but I don't know if that safe or not ? At past I used multiple VPN software launch Fastly with no delay just this software. Hope to tell me about what I did if it's safe or not ?

I appreciate your quick response. I think that Linux Machines will be upgraded during KSC 14.2 upgrade. I'm right? or Should I upgrade the Linux machines first and then run KSC 14.2 upgrade? Best regards

Does Kaspersky install its own mouse or keyboard drivers or change mouse/keyboard registry settings anymore? I read there were some issues regarding this in the past. And why would the software have to do any such thing? Excuse my ignorance but I’m a noob at antivirus. considering switching from Norton to Kaspersky. thank you

Is this what you wanted to find ? scroll down for release notes for previous versions https://support.kaspersky.com/KESWin/12.4/en-US/127969.htm and also look at the changes in hardware and software compatibility for the latest version 12.4 ... and for 12.2 12.4 - https://support.kaspersky.com/KESWin/12.4/en-US/127972.htm 12.2 - https://support.kaspersky.com/help/KESWin/12.2/en-US/127972.htm you can change the help description to suit the version you are interested in I'm afraid there is no ready-made quick comparison table...

I have tried several times to figure out how to set my Kaspersky Plus to launch upon startup. There are instructions out there on the internet, but in the "security" area, there are so many places...& cannot figure out which one to use. I always purchase Kaspersky products & have never had a problem with any, however this one is really confusing me. I think it important that the app launch upon startup, otherwise how would I know if I'm protected. Thanks in advance!!!

Thanks , yeah sorry for being paranoid . I finally managed to launch the KasperSky Plus . Only because i launched the VPN on my windows machine . It's a very cool software indeed ! I still sent a request for refund to customer support since i can't always rely on vpn , i hope they can understand my paranoid and weird words . Anyways i have a small problem now , I am trying to connect to offsec 's website using Kali linux 's virtual machine , but the vpn keeps failling (Openvpn) . However the vpn on my windows machine works perfectly fine , Any idea if kaspersky implements any kind of protections against the traffic coming out from Kali or the virtual machine itself ?? Thanks

I installed Kaspersky Antivirus and my mouse and keyboard stopped working after restarting. I am trying to fix the problem using Kaspersky Rescue Disk 18 but it only shows a black screen after choosing “Graphic Mode” or “Limited Graphic Mode”. I have an Nvidia Geforce RTX 4070 graphics card. I tried to use this topic as a solution, however the link sent for KRD 2024 beta did not work. I can’t use my keyboard or mouse, I cannot run KRD since it gives me a black screen, and I can’t find recovery mode either. My PC is basically useless. Please help

My computer is running Windows 11 23H2 22631.3155 Professional (x64) and has Kaspersky Internet Security 21.3.10.391 (patch k) installed. After a quick scan of kaspersky, I restarted my computer but failed with a bluescreen. It said the OS ran into some problem and the error code was INACCESSIBLE_BOOT_DEVICE. After a forced reboot, the same bluescreen appeared again. I tried Windows boot repaire but it didn't work. I couldn't start the computer until I disabled the Early-Launch-AntiMalware on the boot option menu, which resulted in KIS not loaded. I thought the bluescreen must have something to do with KIS. To prevent rootkits and other unknown drivers from being loaded when the system boots, just after I had installed my OS, I turned on the Boot-Start Driver Initialisation Policy in Group Policy and set the policy to only allow "good" drivers to be initialised. I changed the policy to allow "good and unknown" drivers and restarted the computer, there was no bluescreen and KIS started normally like before. I changed the policy back to only allow "good" drivers and restarted the computer, the bluescreen came again. Just before this bluescreen accident happened, I updated database of KIS, and I ran a quick scan (NOTHING detected). I installed Qt 6.5.3 several days ago, but nothing went wrong these days. Even earlier, I installed a driver for Lenovo Hotkey on Lenovo System Update, which is an official driver updater and the installation was fully monitored by Kaspersky Internet Security. I think the problem may be due to KIS incorrectly classifying some important driver to be unknown during the ELAM stage. But I could not find anything about it: no related event logged, no KIS report and even no dump file for the bluescreen. The compromise in ELAM policy is just a workaround. Could anyone give more help?

Ok here are the steps I had to do . 1. removed McAfee from add and remove programs. It appeared to be successful . Started the Kaspersky standard installation , it detected McAfee WebAdvisor was still detected . and incompatable . I was not really surprised about that WebAdvisor was not removed by just deleting from the add and remove 2 So I cancelled installation , and use the McAfee tool and ran. Then went back to install Kaspersky . 3. Installation went well , already ran quick scan all is good , so no more issues Just wanted to update how it went for me on windows 11. Thanks again 😃

Merhabalar, age of empires 4 oyununu Steam dan satın alıp indirdim. Fakat oyun başlangıçta yükleme ekranında kalıyor ve ileri gitmiyor . Fakat Windows+ r den Kaspersky nin hizmetlerini kapatınca serverı aramaya başliyor . Nasıl son verebilirim Windows 11 CoreSinglelanguage x64 Kaspersky plus üyelik Sürüm : 21.14.5.462

I have Kaspersky Premium. "Previous application launch failed". Apparently after few minutes when Windows boots, Kaspersky crashes and opens up again and displays this error. And it does the same several times again during the day. It's really annoying. I have contacted customer support and gave them all the necessary files (dump and system info files), It's been 3 weeks and I haven't heard anything back. I went so far as to fresh install the latest Windows 11 (ISO on Microsoft's website), but nothing changes. I do not have any cracked software and everything I installed are genuine and properly bought. I thought the issue may be due to system stability, so I did a memory test overnight and did some burn-in benchmarks and there are no errors. No other program on my system acts weirdly. I have also tried "Kaspersky removal tool" and did another installation of Kaspersky, but the issue persists. I am very close to uninstalling this for good, and I don't want to, I really like Kaspersky. Please help!

When I try to open the Valorant game I get a message saying "Cannot guarantee authenticity of the domain to which an encrypted connection is being established", and even if I click continue the game does not open, and not only that, but from then on the game never opens unless I restart the computer and I get the message again. SSL connection with invalid certificate detected;Riot Client;RiotClientServices.exe;

In what respect @tunathefish? Most people know not to use anything other than the *recommended* OS. Read: Smart Home Monitor resources. Read: Wi-Fi Analyzer resources. Also, there's many Smart Home Monitor topics in the Forums - you can refine the search according to your requirements: https://forum.kaspersky.com/search/?q=Smart Home Monitor&quick=1 Thank you🙏 Flood🐳+🐋

I always try to not use KavRemover, it usually breaks USB keyboard and mouse drivers, so it would even add a new issue to the current one...

Hi, Thanks for your quick answer. Unfortunately, it doesn't correct my problem. Obviously, I tried once again to disable AV and upload. The problem is still here. I was too quick in my conclusions to think the VA was the culprit.

I found myself without a working keyboard or mouse after installing Kaspersky Free. LUCKILY, the mouse worked when I unplugged it since it's wired and wireless. I scoured the internet for a solution to my problem and quickly learned that has been an issue with Kaspersky since as early as 2016!? I saw that while keyboard input seemed, blocked, I was still able to communicate between PC and keyboard adjusting volume and opening calculator, for example. Moving forward, I tried uninstalling the devices multiple times and reinstalling them (after system restart), I tried modifying the registry, I tried running several different scans... ZERO luck. Then I thought, "Maybe disable Kaspersky?" Still nothing. I uninstalled, restarted, nothing. Windows troubleshoot was unable to fix my "driver error". I caved and called Kaspersky - this seemed promising since the rep sounded friendly! Alas, they told me the problem was not due to Kaspersky (I KNOW it was since that was the only significant change I made to my system), they could not help me and that I might need to contact Microsoft (ROFL, no)... Solution: Hold the shift key and restart the PC. Select a restore point from before installing Kaspersky. Wait about 10 minutes (will vary by system). Thanks for nothing, rep! ZERO effort. I hope you are shown this and not reprimanded, but at least LEARN to apply yourself to help customers. Call Ref #: 14316475