Jump to content

Search the Community

Showing results for 'Quick Launch Keyboard'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • English Forum
    • Products for Home
    • Products for Business
    • Kaspersky Anti-Ransomware Tool
    • Beta Testing Products for Home & Business
  • Русскоязычный форум
    • Продукты для дома
    • Продукты для бизнеса
    • KasperskyOS, Разработка
    • Kaspersky Anti-Ransomware Tool
    • Бета-тестирование продуктов для дома и бизнеса
  • Deutschsprachiges Benutzer-Forum
    • Für Privatanwender
    • Für Unternehmen
  • Forum para usuarios hispanohablantes
    • Para usuarios particulares
    • Para empresas
  • Forum des Utilisateurs Français
    • Pour particuliers
    • Pour les entreprises
  • Forum in Italiano
    • Utenti privati
    • Aziende
  • Fórum Brasileiro
    • Para casa
    • Para PMES e empresas
  • 中文论坛
    • 家用产品支持
    • 企业产品支持
  • Nederlands Gebruikersforum
    • Voor thuis
    • Voor bedrijven
  • Türkçe Forum
    • Ev için
    • İş için
  • Forum Knowledgebase
    • Instructions
    • Advice and solutions

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



  1. From time to time my keyboard (not the virtual keyboard) freezes and I have to restart Kaspersky to fix the problem. This problem has been happening for more than a year. Windows 10 x64 build 19044 Kaspersky Security Cloud
  2. Hello, Only quick reply. Kaspersky as many AV software uses AI long long years ago..... But it was called machine learning.
  3. Block the launch of the file? If you only use the basic functionality, you must have the application control component enabled. However, you will need to get SHA256 since MD5 was used by older versions. 0. Get SHA256 1. create a category to control such files. I skipped some of the steps, it's mostly just Next, Next, Ok. 2. Create a rule to prohibit application startup in the policy for KES, select the group we created 3. Test PS: in principle it is not necessary to use external tools ...if there is a sample file all data can be obtained directly from it when creating a category and use the parameters that suit you best.
  4. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) aescrypt.zip and TestProgExp.zip can be found here. Remote encryption test This test requires two participating workstations: an Attacker PC and a Victim PC. Behavior Detection component has to be configured on a Victim PC to detect malware activity, protect shared folders and block connections on detection of external encryption. Step-by-step guide On a Victim PC create folder with regular office-like files: *.DOC, *.DOCX, *.XLX, *.JPG Share folder on the Victim PC, ensure that the account logged on to the Attacker PC has full access to the shared folder. Map the shared folder as a network drive on the Attacker PC. Add/unpack the aescrypt.zip archive to the Attacker PC. Add contents to the list.txt file, based on the files in a mapped folder. Since the folder is mapped, paths will look like local ones, eg. Z:\Book1.xlsx. Use the contents of file example-list.txt as an example: On an Attacker PC, launch test.bat file to start encrypting files from list.txt . Behavior Detection in KES on the Victim PC will detect the attempt and will try to perform a rollback. Full access to a share on Victim PC for an Attacker PC will be blocked (if specified in KES policy). File restoring event is logged on a protected workstation Access to a folder is blocked from an attacker's point of view Local encryption test Step-by-step guide Prepare a folder with files to get encrypted, perform tests on files *.DOC, *.DOCX, *.XLX, *.JPG. Add/unpack to this folder the attached TestProgExp.zip utility. Launch TestProgExp utility to start the encryption. Files will be encrypted in a folder with test utility Allow some time for Behavior Detection in KES to detect the attempt and perform the rollback, as well as get rid of the suspicious software: Files get restored
  5. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Using EDR, you may encounter an issue where you're unable to view incident card regarding a detection in KSC Web Console. It looks like this: Here we will discuss known causes of such behavior (several products are involved, so causes may be different). Possible causes and solutions MDR In MDR, incidents are to be viewed using the dedicated MDR Console, and KSC version 13 and newer with configured MDR plug-in. KSC 12.* Web Console will not receive the data; this is expected behavior. KES+KEA If you first install KES without EA component, and then a standalone KEA package, KES EDRO integration will be disabled and killchain will not work. Here is a quick way to determine if KEA was installed as a component of KES. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] "AntiAPTFeature" = "1" If the value is 0, proceed to the workaround to enable the component as described below. To fix this, we ran Change application components task on the host, enabling Endpoint Agent in KES. If KES/KEA integration is configured correctly, we can find the following in KES traces: 12:08:37.426 0x2a18 INF edr_etw Start processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, recordId = 6, taskId = 1128, result = 0 12:08:37.426 0x2a18 INF edr_etw Start processing actions = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, action = 4, recordId = 6, taskId = 1128, edrAction = 3489660999, result = 0 12:08:37.442 0x2a18 INF edr_etw Killchain is enabled! 12:08:37.442 0x2a18 INF edr_etw SystemWatcher is running! 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect end 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds end 12:08:37.442 0x2a18 INF edr_etw Finish processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com threat status = 1, recordId = 6, taskId = 1128,result = 0 12:08:37.458 0x1f18 INF edr_etw Finish processing AV detect result = 0 Searching for ThreatID in KEA traces: 12:08:37.426 0x2a18 INF amfcd ThreatsProcessingEventsLogic::OnTreatActionImpl: ctx:0x23d68510 [TI 0x1b8dd490: id = 0x6, : tdid = {7F620459-6C51-9E46-9A5D-689A9B0D0098}, name = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, add info: <none>, 0x0] 0x4 0x0 KES+KEA (upgrade from KESB to EDR Optimum) EDR Optimum requires KSC 12.1 or newer to work. This includes the Network Agent, which is a part of KSC, and is generally installed on the host alongside KES. Using an outdated version of Network Agent (10.5, 11, etc.) will lead to the mentioned error when opening incident cards. If Network Agents were not upgraded along KSC, it's better upgrading them for EDR Optimum. KES 11.7+ Check that EDR Optimum feature is enabled in registry (GSI > Registry > HKLM_Software_Wow6432Node_KasperskyLab.reg.txt ). [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] EdrOptimumFeature = 1 If value is 0, run Change application components task on the host, enabling EDR Optimum in KES. Also in traces (*.SRV.log) you can search for sentence bundles::InstalledFeaturesProvider::InstalledFeaturesProvider and check that EDROptimumFeature is there, for instance in example below such component is missing KES. 11:00:36.897 0x26a0 INF bundles::InstalledFeaturesProvider::InstalledFeaturesProvider{ 3 (AVScannerAndCoreFeature) 28 (AdaptiveAnomaliesControlFeature) 0 (AdminKitConnectorFeature) 24 (AdvancedThreatProtectionFeature) 27 (AmsiFeature) 7 (ApplicationControlFeature) 17 (BehaviorDetectionFeature) 30 (CloudControlFeature) 4 (CriticalScanTask) 6 (DeviceControlFeature) 23 (EssentialThreatProtectionFeature) 11 (ExploitPreventionFeature) 8 (FileThreatProtectionFeature) 19 (FirewallFeature) 5 (FullScanTask) 2 (HostIntrusionPreventionFeature) 16 (MailThreatProtectionFeature) 14 (NetworkThreatProtectionFeature) 12 (RemediationEngineFeature) 25 (SecurityControlsFeature) 18 (UpdaterTask) 21 (WebControlFeature) 20 (WebThreatProtectionFeature) 22 (WholeProductFeature) } KSWS+KEA The same rule applies: KEA component needs to be installed in KSWS. KSWS does not have a "Change application components" task in KSC, so this has to be taken into account during KSWS deployment. Here is a quick way to determine if KEA was installed as a component of KSWS. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\Software\Wow6432Node\KasperskyLab\\WSEE\11.0\Install] "Features"="AntiCryptorNAS=0;AntiCryptor=0;AntiExploit=0;AppCtrl=0;AVProtection=0;DevCtrl=0;Fim=0;Firewall=0;ICAPProt=0;IDS=0;Ksn=0;LogInspector=0;Oas=0;Ods=0;RamDisk=0;RPCProt=0;ScriptChecker=0;Soyuz=0;WebGW=0" (Soyuz needs to be set to 1) If Soyuz is set to 0, apply workaround to enable it. KSWS allows to change its components locally or via cli. Here is the example of how to set Soyuz=1 when KEA was installed not as a component of KSWS: 1. Locate ks4ws_x64.msi or ks4ws.msi (depends on OS architecture) 2. Create custom installation package based on ks4ws_x64.msi or ks4ws.msi from p.1 with parameters as per screenshot (add UNLOCK_PASSWORD= if KSWS is protected by password in policy) 3. Deploy package on problematic servers with KSWS and KEA, then check registry that Soyuz=1 4. Check host's properties at KSC side - EDRO should be in Running state in KEA If KSWS/KEA integration is configured correctly, we can find the following in KSWS traces: 19:57:04.577 7a8 1310 info [edr] Published ThreadDetected: VerdictName : HEUR:Win32.Generic.Suspicious.Access RecordId : 0 DatabaseTime : 18446744073709551615 ThreatId : {ffb58079-6d8d-4a62-8ab0-021ff4ed61c5} IsSilent : false Technology : 3489661023 ProcessingMode : 3489660948 ObjectType : 3489660934 ObjectName : C:\Windows\System32\wbem\WmiPrvSE.exe Md5 : e1bce838cd2695999ab34215bf94b501 Sha256 : 1d7b11c9deddad4f77e5b7f01dddda04f3747e512e0aa23d39e4226854d26ca2 UniquepProcessId: 0xf7c807730e051a0d NativePid : 3360 CommandLine : AmsiScanType : AmsiScanBlob : FileCreationTime: 1601-01-06T23:09:56.075520800Z Searching for ThreatID in KEA traces: 19:57:05.583 704 9b0 debug [bl] ThreatsHandler: detect v2 verdictName: HEUR:Win32.Generic.Suspicious.Access detectTechnology: 0xd000005f processingMode: 0xd0000014 objectType: 0xd0000006 objectName: C:\Windows\System32\wbem\WmiPrvSE.exe nativePid: 3360 uniquePid: 17854528913448180237 nativePidTelemetry: 3360 uniquePidTelemetry: 17854528913448180237 downloaderUniqueFileId: <none> downloadUrl: <none> isSilentDetect: false threatId: ffb58079-6d8d-4a62-8ab0-021ff4ed61c5 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59675, processed=59675, dropped=0, queueBytes=191 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59676, processed=59676, dropped=0, queueBytes=132 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59677, processed=59677, dropped=0, queueBytes=371 19:57:05.583 704 9b0 debug [bl] Threats Handler: event processed, id = 2 19:57:05.584 704 1fc debug [killchain] Message discarded: name = ThreatDetect The verdict is Message discarded, this means the detection won't trigger killchain generation. No such entries can be found in traces, which might mean that EPP integration is not configured correctly (EDR component is disabled in KSWS). Check killchain presence on the host If all pre-requisites are met, it's worth checking if killchain files are actually created on the host. To check that, run cmd.exe as Administrator and check the c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects folder contents. Archives with <threat_id>.zip names should be present in the folder: C:\WINDOWS\system32>dir "c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects" Volume in drive C has no label. Volume Serial Number is 8010-ADC0 Directory of c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects 08/16/2021 12:20 PM <DIR> . 08/16/2021 12:20 PM <DIR> .. 08/16/2021 09:34 AM 636 0349c190-4ac3-4da4-9b64-07835298660f.zip //this is an archive with killchain info 08/16/2021 12:18 PM 696 1d306aa7-f37f-4ab2-969e-d337d398a995.zip 08/16/2021 09:34 AM 637 23a5dc93-5776-43c8-b949-79c102aa1184.zip 08/16/2021 12:19 PM 691 27bc9ea3-200b-49d2-b8b0-df7954cd428a.zip 08/16/2021 12:19 PM 683 40673c70-9e8e-420f-b5ce-65b406862b94.zip 08/16/2021 12:19 PM 688 590b6e30-4509-4b25-bdb0-062f89b7e062.zip 08/16/2021 12:20 PM 693 67993612-dc82-45a2-9e5b-74756adc46eb.zip 08/16/2021 12:20 PM 685 6a892bd1-f452-42d0-80b0-cb953cd7fc26.zip 08/16/2021 12:19 PM 686 a63fbafa-fcef-46f7-935f-42be4392a172.zip 08/16/2021 12:19 PM 699 d9d4f5eb-42b2-4460-8f8a-eb63bbef8791.zip 08/16/2021 12:19 PM 686 f6042624-9840-4a6e-9b30-9270cce22236.zip 11 File(s) 7,480 bytes 2 Dir(s) 240,763,092,992 bytes free
  6. Hello Flood, Thanks for your quick reply. 1- I was having error on Sonoma 14.2 then reinstalled MacOS 13.6.2 Ventura but I'm having same error. It's not about my Operation System I guess. 2- Yeah I don't want to switch my Anti-Virus Product provider. I know that Kaspersky is the best and I'm an user of Kaspersky since 2008. 3- Today I renewed it. I still have around 364 days.
  7. Thanks for quick reply 🙂 To arrive to this window: there are too many steps to do: 1) CLICK ICON SYSTRAY 2) OPTIONS 3) FIREWALL 4) APPLICATION RULES Is there any shortcuts? 🙂 thanks!
  8. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Description FDE precheck is a utility used for advanced Full Disk Encryption compatibility testing. It contains latest drivers which will be implemented in future KES releases. FDE precheck also collects diagnostic data used to fix compatibility issues. Inability to use laptop keyboard and\or touch-pad is one of the most frequently met issues. Using FDE precheck you can understand if compatibility issue was already fixed and will be included in next release or it should be addressed. You can download latest FDE precheck utility using following links: For KES 11 - https://support.kaspersky.com/14328 System requirements Single operating system should be installed on the test machine, FDE Precheck can't properly function on a host with multiple operating systems. Use administrative account to run the utility. Read before proceeding Decrypt the test host and remove Kaspersky Endpoint Security and AES module. Do a backup of the critical data on the test machine. Follow the test sequence exactly as stated below. Do not manually stop the execution of the utility. The system will automatically restart several times, it is an expected behavior. Plug in laptop. Do not run test on battery. Failure to comply with steps above may lead to unpredictable consequences. Test sequence Make sure machine decrypted does not have KES or AES module installed not running any KL drivers has no critical data plugged in Reboot. Copy and unpack fde_precheck.zip archive. Run elevated fde_precheck.exe (either by right-clicking and choosing Run as administrator or by starting it from an elevated command prompt). If the program will not find any incompatibilities the following message box will appear: Press Yes, to initiate installation of the encryption drivers and initiation of the test. Wait for the automatic reboot, then login using the administrative user as was done earlier. Press OK on the pop-up that will appear shortly after the reboot: Press Yes in the UAC window if it will appear shortly after. Wait for several minutes (up to 10-15 minutes) until next automatic reboot will occur. Do not initiate reboot manually! It will be done automatically. Manual reboot at this stage may result in corruption of the OS. All preparations are run in background, it is normal that there will be no indication of activity on the desktop. After automatic reboot you will see the preboot agent, and it will require human presence to complete those tests. If possible, record the whole process on a camera of smartphone. You will be asked to enter random keystrokes using the keyboard and mouse. In case of successful keystroke registration you will see something like that: Just follow the instructions that will appear on the screen and press "NEXT >" when done with each test. In case FDE Precheck Preboot agent will fail booting or will freeze at some point, please take photo of the error message, or record the whole process on a camera and reboot the machine if necessary. OS will boot either way. Login using the administrative account that was used earlier. At this point drivers will be removed in the background and host will be rebooted one last time automatically. Wait for several minutes (up to 10-15 minutes) until next automatic reboot will occur. Do not initiate reboot manually! It will be done automatically. Manual reboot at this stage may result in corruption of the OS. All preparations are run in background, it is normal that there will be no indication of activity on desktop. The following three files are always created. All three files are mandatory to provide for analysis. fde_precheck_report.txt fde_precheck.log (will be located in the folder with fde_precheck.exe) Description of what have happened during tests (with screenshots and video if possible).
  9. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Security administrator can create KSWS Application Control rules based on Digital Certificate. What does product actually checks and how it is related to the file itself? First of all, product checks whether the file matches certificate. Secondly, whether certificate is valid. If any of verifications fail - launch of the file will be denied. And vice versa. If signed file which execution was allowed by certificate has been modified, will execution of the file be allowed? Altering the file signed by the certificate will cause its certificate to no longer confirm the integrity of this file. As a result "Allowing" rule will no longer be applied to the file. How the control of the revoked certificates operates, if such a control exist? Certificates revocation in the operation system is implemented through OS updates. When a certificate becomes revoked, it can no longer pass validation checks. Thus file execution will be blocked. When both the subject of the certificate and its thumbprint verifications are selected, then product checks that the file is signed by an exact "version" of certificate. In other words, it will not be enough to make a self-signed certificate with the Subject field equal to "Redmont, Microsoft" - such a certificate does not coincide with the real thumbprint of Microsoft.
  10. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. While removing Kaspersky Security for Windows Server Console removal log may contain a message: Error 1336. There was an error creating a temporary file that is needed to complete this installation. Folder: C:\Program Files (x86)\Common Files\Kaspersky Lab\Kaspersky Security for Windows Server\. System error code: 5 And if you launch removal process using an appwiz.cpl a popup will be displayed stating : “There was an error creating a temporary file that is needed to completed this installation” This may happen because KES is installed in the system, so far the workaround is the following: Disable self-defense in KES and perform removal one more time.
  11. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Sometimes Anti-Cryptor task in KESL won't be able to launch after the OS is started. This may happen because Anti-Cryptor needs all the protected network resources to be up before KESL service is started. In other words, Samba or NFS services should be started before KESL service. Solution To resolve this problem you need to make sure that services start in the correct order. For Systemd systems: 1. Create a file /etc/systemd/system/kesl.service.d/override.conf # touch /etc/systemd/system/kesl.service.d/override.conf 2. Add the following to /etc/systemd/system/kesl.service.d/override.conf: [Unit] After=nfs-server.service smb.service [Service] TimeoutSec=300 3. Reload services # systemctl daemon-reload For Sys V init systems: Rename Samba and NFS init files to make those services start earlier. E.g. # mv /etc/rc3.d/<smb_init_file> /etc/rc3.d/S49smb # mv /etc/rc3.d/<nfs_init_file> /etc/rc3.d/S49<nfs_init_file> Where <smb_init_file> and <nfs_init_file> stand for current init files present in the system. NFS init file may have different name depending on your environment - nfs, nfs3 or nfs-server.
  12. Hello @Bukkdog, Welcome back! 1. Post an image of "opening menu, where you select graphical mode, not graphical mode, hardware info, etc." - BEFORE the reboot - we need to see what you saw please? 2. KRD is still supported, looking at (your) search - it appears as tho the starting point may have been Showing results for 'Rescue Disk' in content posted in Kaspersky: Basic, Standard, Plus, Premium - instead of generically: Home: https://forum.kaspersky.com/search/?q=RESCUE DISK&quick=1 Either search from Home or change the search criteria to Everywhere or, 3rd option, search directly in the KRD topic: https://forum.kaspersky.com/forum/kaspersky-rescue-disk-78/ (which is not represented by our image) ☢️@Crylune, Kaspersky Support is *not* available for Kaspersky's free software - read: Support Rules for Kaspersky Software☢️ @Bukkdog, don't waste (your) time contacting Kaspersky Customer Service > Kaspersky Support is *not* available for Kaspersky's free software -> prepare 1. 2. & 3. below, then wait for Support to respond, they have been advised, they respond when they are available. Copy the Hardware information file from the USB drive. Trace files, How to enable tracing in Kaspersky Rescue Disk 18 & How to create a full report about a scan performed in the system with Kaspersky Rescue Disk 18 ***Don't share the logs or trace files here in the Community, wait for instructions from the Kaspersky Team please*** Thank you🙏 Flood🐳+🐋
  13. Windows Defender has an early launch module that allows it to start pretty much before the OS does - but with Kaspersky I’ve noticed it takes 1 or 2 seconds after I reach the desktop for the app to show up in the tray. Is that just the app starting late, or the protection modules as well? Do Kaspersky protection modules start early like Defender’s? If the modules start with the app then that’s… not great. Isn’t that a security risk? Malware could start before the AV, disabling its self-defense.
  14. https://learn.microsoft.com/en-us/windows-hardware/drivers/install/early-launch-antimalware
  15. Hello, Which edition of Kaspersky is it? Basic, Standard, Plus or Premium? Are you sure that Kaspersky isn’t scanning? No app vulnerability, quick or background scan ongoing? Have you already done the age old solution of restoring to default settings?
  16. Hello, Assistive Ball is a feature on Oppo phones. You should be able to disable it in the Android quick settings that you get by sliding down from the top of the screen. Disable it and see if the issue persists. As for the contact form, the issue is known and in the process of being resolved.
  17. Os Version : Windows 11 22621.2283 Application version : Good morning, For 2 days my Kaspersky total security has been in complete disarray. It starts by having the Kaspersky icon which begins to multiply in the notification bar between 3 to 5 times, then when I hover my mouse over it it all disappears. From this moment on, I have no access to internet surfing or the ability to open the Kaspersky interface. When I try to launch it the icon appears gray and the service does not start. I restarted the PC several times, the problem ended up reappearing quite quickly. I reinstalled kaserperky twice, 1 time while keeping my configuration parameters 1 time with nothing saved I tried to analyze in the Windows logs if I can see the causes of the application shutdown or the causes of its multiple launches but without success. Do you have any idea of the problem or a solution to enable more verbosity in logs so that we can carry out an analysis of this please? Thanks in advance
  18. Estimado soporte, Desde hace un tiempo vengo experimentando un bug al abrir el teclado virtual de Kaspersky. Al abrirlo y pasar el puntero del ratón se oculta y no se ve sobre el teclado hacdiendo imposible su uso. Un saludo, José Carlos
  19. Hello @wildafrica, Thank you for posting back & the information! Read: Kaspersky Protection browser extension - it works, with the following modules: Inform about suspected phishing, Inform about website problem, Open On-Screen Keyboard, no Private Browsing & no Anti-Banner. Is claripi a Medical Imaging Solution - provider? We just need to make sure we're checking the right site - from the image you posted? What does "PC's for a 10-year-old." mean please - is a child going to be using the computer - please clarify? *Where* in the EU please? Please post back? Thank you🙏 Flood🐳+🐋
  20. Operating sysyem: Windows 11 but it was happening on Windows 10 as well Name: Kaspersky Internet Security Version: Ever since I installed Kaspersky I'm having trouble launching Modern Warfare/Warzone. When I somehow get in after fiddling within Kaspersky exceptions and whatnot it doesn't let my game save, so it's blocking the game making changes on my PC I guess, and every time I restart PC I start having trouble again. Today it didn't even let me download an update for Warzone from Battle.net. No idea what to do anymore, I've put Warzone into exceptions or something, marked it as trustworthy, but none of it helped, and I'm stuck. Thank you for your replies in advance, hopefully someone else can find your information useful down the line.
  21. Greetings folks, I think I asked this question years ago on the old forums, and I can't remember the answer. Does Quick scan and Full scan include a rootkit scan? I only ever run Quick scans, the only time I will run a Full scan is if Kaspersky detects something in a Quick scan. I also have background/rootkit scan turned off, as I prefer to run all scans manually. It occurred to me the other day that if this function is turned off and Quick scans don't include Rootkit scans then I'm never actually scanning my PC for rootkits.
  22. Hi Kaspersky: We are a small company and only have 2 IT engineers. Therefore, we use KES + EDR Optimum + MDR as our solution. Next year we want one platform to monitor every endpoint security status. 1. Kaspersky XDR I have read the datasheet of XDR. It seems like an unified platform to monitor everything. In the datasheet, there is a quote: For advanced network management, KATA is an additional option.But the infrastructure shows that KATA will send information to XDR. My questions are: 1. Is XDR a basic KATA or just KUMA system? 2. Is Kaspersky XDR like CrowdStrike Falcon platform, which approaches "Unified platform. Complete protection"? 2. KATA Since we lack of IT engineer, there is no time to deal with incident by ourselves. That's the reason we use MDR. But KATA has a lot of component like EDR Expert and additional sandbox function. We can test unknown threat by ourselves and have quick response. My question is: 1. Does KATA like a small automatic analysis system of KSN? Therefore we can add IoC or YARA rule easily and quickly. Because we just get a little information of Kaspersky XDR from local reseller. The product is too new and no Chinese version. They will send detail information next year. I want to know in advanced so we can evaluate which product is suit for us. Thank you.
  23. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Description and cautions This article describes how to configure dump for capturing memory dumps, including application memory. To create a memory dump of a virtual machine: HOWTO: Get a memory dump of a virtual machine from its hypervisor. Details The recommended text editor is nano, below is a quick tutorial on how to use it if you are using it for the first time. Quick description of nano's basic functions Configure kdump Altlinux There is no kdump-tools package in the default repository, so it has to be downloaded from the sisyphus repository: Go to https://packages.altlinux.org/en/sisyphus/srpms/kdump-tools/ In List of rpms provided by this srpm select the kdump-tools package for the required architecture (can be checked by running uname -m) Download the package from the Download link Install it by running apt-get update && apt-get install <path to the downloaded rpm> After that, follow the Debian instruction from Edit /etc/default/kdump-tools step Red Hat based distributions (tested on Fedora 38, Rocky Linux 9, Red OS) Install kexec-tools sudo dnf install kexec-tools Edit /etc/kdump.conf. In the configuration file edit the core_collector setting: option -d should be set to 17 instead of 31 Edit /etc/default/grub. Edit GRUB_CMDLINE_LINUX, add crashkernel=256M to reserve enough RAM for the dump kernel to run, and nmi_watchdog=1, to capture a dump in case of a system hang Run sudo grub2-mkconfig -o /boot/grub2/grub.cfg Reboot Enable kdump service sudo systemctl enable --now kdump.service Debian based distributions (tested on Debian, Astra CE, Alt Linux) Install kdump-tools sudo apt update && sudo apt install kdump-tools -y Edit /etc/default/kdump-tools. In the configuration file edit the MAKEDUMP_ARGS variable: option -d should be set to 17 instead of 31 Configure the bootloader In /etc/default/grub edit GRUB_CMDLINE_LINUX_DEFAULT, add nmi_watchdog=1 to capture a dump in case of a system hang In /etc/default/grub.d/kdump-tools.cfg change crashkernel value to 384M-:256M (default is 384M-:128M) Expected result: GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT crashkernel=384M-:256M" ave and run sudo update-grub SUSE Linux Install kdump sudo zypper in kdump kexec-tools Edit /etc/sysconfig/kdump Change KDUMP_DUMPLEVEL variable to 17 Edit /etc/default/grub Edit GRUB_CMDLINE_LINUX_DEFAULT, add crashkernel=256M to reserve enough RAM for the dump kernel to run, and nmi_watchdog=1, to capture a dump in case of a system hang Update the bootloader configuration sudo grub2-mkconfig -o /boot/grub2/grub.cfg Reboot Enable kdump service sudo systemctl enable --now kdump.service Configure SysRq dump trigger To enable SysRq trigger, these key combinations 'kernel.sysrq = 8'(without quotes) has to be added to /etc/sysctl.conf. In SUSE the value of kernel.sysrq has to be changed in /usr/lib/sysctl.d/50-default.conf instead of /etc/sysctl.conf Reboot or run sudo sysctl --system After the set up above is complete, to manually trigger a dump press Alt+SysRq, Alt+C. Alternatively: echo 8 | sudo tee /proc/sys/kernel/sysrq (Command above is only needed if kernel.sysrq is not set in /etc/sysctl.conf) echo c | sudo tee /proc/sysrq-trigger Location of the dump files may vary between different Linux versions, it is configurable in the kdump configuration file. In Debian based distributions it is set by KDUMP_COREDIR variable. In Red Hat based distributions it is set by the path setting, generally the default location is /var/crash. Make sure that the dump folder has enough free space for the dump to be written. You may search by filemask: vmcore.
  24. Many thanks for the quick resolution of the matter. Top notch! 😎
  • Create New...