Jump to content

Search the Community

Showing results for 'Quick Launch Keyboard'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • English Forum
    • Products for Home
    • Products for Business
    • Kaspersky Anti-Ransomware Tool
    • Beta Testing Products for Home & Business
  • Русскоязычный форум
    • Продукты для дома
    • Продукты для бизнеса
    • KasperskyOS, Разработка
    • Kaspersky Anti-Ransomware Tool
    • Бета-тестирование продуктов для дома и бизнеса
  • Deutschsprachiges Benutzer-Forum
    • Für Privatanwender
    • Für Unternehmen
  • Forum para usuarios hispanohablantes
    • Para usuarios particulares
    • Para empresas
  • Forum des Utilisateurs Français
    • Pour particuliers
    • Pour les entreprises
  • Forum in Italiano
    • Utenti privati
    • Aziende
  • Fórum Brasileiro
    • Para casa
    • Para PMES e empresas
  • 中文论坛
    • 家用产品支持
    • 企业产品支持
  • Nederlands Gebruikersforum
    • Voor thuis
    • Voor bedrijven
  • Türkçe Forum
    • Ev için
    • İş için
  • Forum Knowledgebase
    • Instructions
    • Advice and solutions

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



  1. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) aescrypt.zip and TestProgExp.zip can be found here. Remote encryption test This test requires two participating workstations: an Attacker PC and a Victim PC. Behavior Detection component has to be configured on a Victim PC to detect malware activity, protect shared folders and block connections on detection of external encryption. Step-by-step guide On a Victim PC create folder with regular office-like files: *.DOC, *.DOCX, *.XLX, *.JPG Share folder on the Victim PC, ensure that the account logged on to the Attacker PC has full access to the shared folder. Map the shared folder as a network drive on the Attacker PC. Add/unpack the aescrypt.zip archive to the Attacker PC. Add contents to the list.txt file, based on the files in a mapped folder. Since the folder is mapped, paths will look like local ones, eg. Z:\Book1.xlsx. Use the contents of file example-list.txt as an example: On an Attacker PC, launch test.bat file to start encrypting files from list.txt . Behavior Detection in KES on the Victim PC will detect the attempt and will try to perform a rollback. Full access to a share on Victim PC for an Attacker PC will be blocked (if specified in KES policy). File restoring event is logged on a protected workstation Access to a folder is blocked from an attacker's point of view Local encryption test Step-by-step guide Prepare a folder with files to get encrypted, perform tests on files *.DOC, *.DOCX, *.XLX, *.JPG. Add/unpack to this folder the attached TestProgExp.zip utility. Launch TestProgExp utility to start the encryption. Files will be encrypted in a folder with test utility Allow some time for Behavior Detection in KES to detect the attempt and perform the rollback, as well as get rid of the suspicious software: Files get restored
  2. Thank you for your quick feedback. I will get back to you after trying the solutions.
  3. [code] System: Kernel: 5.15.0-57-generic x86_64 bits: 64 compiler: gcc v: 11.3.0 Desktop: Cinnamon 5.6.5 tk: GTK 3.24.33 wm: muffin dm: LightDM Distro: Linux Mint 21.1 Vera base: Ubuntu 22.04 jammy Machine: Type: Desktop System: Micro-Star product: MS-7D42 v: 1.0 serial: <superuser required> Mobo: Micro-Star model: MAG B660M MORTAR WIFI DDR4 (MS-7D42) v: 1.0 serial: <superuser required> UEFI: American Megatrends LLC. v: 1.40 date: 05/19/2022 Battery: Device-1: hidpp_battery_0 model: Logitech Wireless Mouse serial: <filter> charge: 55% (should be ignored) status: Discharging Device-2: hidpp_battery_1 model: Logitech Wireless Keyboard serial: <filter> charge: 55% (should be ignored) status: Discharging CPU: Info: quad core model: 12th Gen Intel Core i3-12100 bits: 64 type: MT MCP arch: Alder Lake rev: 5 cache: L1: 320 KiB L2: 5 MiB L3: 12 MiB Speed (MHz): avg: 4183 high: 4286 min/max: 800/5500 cores: 1: 4286 2: 4251 3: 4178 4: 4136 5: 4138 6: 4105 7: 4251 8: 4125 bogomips: 52838 Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx Graphics: Device-1: Intel vendor: Micro-Star MSI driver: i915 v: kernel ports: active: HDMI-A-1 empty: DP-1, DP-2, HDMI-A-2, HDMI-A-3, HDMI-A-4 bus-ID: 00:02.0 chip-ID: 8086:4692 Display: x11 server: X.Org v: driver: X: loaded: modesetting unloaded: fbdev,vesa gpu: i915 display-ID: :0 screens: 1 Screen-1: 0 s-res: 1920x1080 s-dpi: 96 Monitor-1: HDMI-1 mapped: HDMI-A-1 model: LG (GoldStar) W2363D res: 1920x1080 dpi: 96 diag: 587mm (23.1") OpenGL: renderer: Mesa Intel Graphics (ADL-S GT1) v: 4.6 Mesa 22.0.5 direct render: Yes Audio: Device-1: Intel vendor: Micro-Star MSI driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:7ad0 Sound Server-1: ALSA v: k5.15.0-57-generic running: yes Sound Server-2: PulseAudio v: 15.99.1 running: yes Sound Server-3: PipeWire v: 0.3.48 running: yes Network: Device-1: Intel driver: iwlwifi v: kernel port: N/A bus-ID: 00:14.3 chip-ID: 8086:7af0 IF: wlo1 state: down mac: <filter> Device-2: Realtek RTL8125 2.5GbE vendor: Micro-Star MSI driver: r8169 v: kernel pcie: speed: 5 GT/s lanes: 1 port: 4000 bus-ID: 03:00.0 chip-ID: 10ec:8125 IF: enp3s0 state: up speed: 100 Mbps duplex: full mac: <filter> Bluetooth: Device-1: Intel type: USB driver: btusb v: 0.8 bus-ID: 1-14:7 chip-ID: 8087:0033 Report: hciconfig ID: hci0 rfk-id: 0 state: up address: <filter> Drives: Local Storage: total: 589.69 GiB used: 14.44 GiB (2.4%) ID-1: /dev/nvme0n1 vendor: Kingston model: SKC3000S512G size: 476.94 GiB speed: 63.2 Gb/s lanes: 4 serial: <filter> temp: 23.9 C ID-2: /dev/sda vendor: A-Data model: SU650NS38 size: 111.79 GiB speed: 6.0 Gb/s serial: <filter> ID-3: /dev/sdb type: USB vendor: Silicon Power model: silicon -power size: 983 MiB serial: <filter> Partition: ID-1: / size: 237.08 GiB used: 14.41 GiB (6.1%) fs: ext4 dev: /dev/nvme0n1p5 ID-2: /boot/efi size: 95 MiB used: 30.2 MiB (31.8%) fs: vfat dev: /dev/nvme0n1p2 Swap: ID-1: swap-1 type: file size: 2 GiB used: 0 KiB (0.0%) priority: -2 file: /swapfile USB: Hub-1: 1-0:1 info: Hi-speed hub with single TT ports: 16 rev: 2.0 speed: 480 Mb/s chip-ID: 1d6b:0002 Device-1: 1-2:2 info: Micro Star MYSTIC LIGHT type: HID driver: hid-generic,usbhid rev: 1.1 speed: 12 Mb/s chip-ID: 1462:7d42 Hub-2: 1-3:3 info: Genesys Logic Hub ports: 4 rev: 2.1 speed: 480 Mb/s chip-ID: 05e3:0610 Device-1: 1-3.4:5 info: Kingston PS2232 flash drive controller type: Mass Storage driver: usb-storage rev: 2.0 speed: 480 Mb/s chip-ID: 13fe:1f23 Device-2: 1-8:4 info: Logitech Unifying Receiver type: Keyboard,Mouse driver: logitech-djreceiver,usbhid rev: 2.0 speed: 12 Mb/s chip-ID: 046d:c534 Hub-3: 1-11:6 info: Genesys Logic Hub ports: 4 rev: 2.0 speed: 480 Mb/s chip-ID: 05e3:0608 Device-1: 1-14:7 info: Intel type: Bluetooth driver: btusb rev: 2.0 speed: 12 Mb/s chip-ID: 8087:0033 Hub-4: 2-0:1 info: Super-speed hub ports: 9 rev: 3.1 speed: 20 Gb/s chip-ID: 1d6b:0003 Hub-5: 2-2:2 info: Genesys Logic USB3.2 Hub ports: 4 rev: 3.2 speed: 10 Gb/s chip-ID: 05e3:0625 Sensors: System Temperatures: cpu: 27.8 C mobo: N/A Fan Speeds (RPM): N/A Repos: Packages: apt: 2632 No active apt repos in: /etc/apt/sources.list Active apt repos in: /etc/apt/sources.list.d/official-package-repositories.list 1: deb http: //mirrors.powernet.com.ru/mint/packages vera main upstream import backport 2: deb http: //mirror.docker.ru/ubuntu jammy main restricted universe multiverse 3: deb http: //mirror.docker.ru/ubuntu jammy-updates main restricted universe multiverse 4: deb http: //mirror.docker.ru/ubuntu jammy-backports main restricted universe multiverse 5: deb http: //security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse Info: Processes: 277 Uptime: 5m Memory: 31.08 GiB used: 1.5 GiB (4.8%) Init: systemd v: 249 runlevel: 5 Compilers: gcc: 11.3.0 alt: 11 Client: Unknown python3.10 client inxi: 3.3.13 [/code]
  4. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. The article is giving a working configuration instructions for domain authentication by using NTLM and Kerberos protocols. NOTE: Domain authentication in OpenAPI over Kerberos protocol has the following restrictions: Administration Server address must be specified exactly as the address for which the Service Principal Name (SPN) is registered for domain account name. In the domain, you need to set the Service Principal Name (SPN) to publish the OpenAPI service on port 13299 for the machine with the Administration Server, the service of which is running under the name of the domain user <domain-user>. Kaspersky Security Center 13 Web Console user must be authenticated in Active Directory by using Kerberos protocol. Kerberos authentication should be allowed in web-browser. For details, refer to documentation of used web-browser. Details SPN - Service Principal Name Log in Domain Controller as Domain administrator. Open powershell as admin and run the following commands: Powershell setspn.exe -A HTTP/hostname-node-1.domain.local -u domain\user-ksc-service setspn.exe -A HTTP/hostname-node-2.domain.local -u domain\user-ksc-service Example setspn.exe -A HTTP/kscw-node-1.sales.lab -u sales\ksc setspn.exe -A HTTP/kscw-node-2.sales.lab -u sales\ksc setspn.exe -L -u sales\ksc #command for check spn records #Response Registered ServicePrincipalNames for CN=KSC Service,CN=Users,DC=sales,DC=lab: HTTP/kscw-node-1.sales.lab HTTP/kscw-node-2.sales.lab Enable Kerberos/NTLM authentication in web browsers Microsoft Edge \ Internet Explorer win + r => inetcpl.cpl Activate the Security tab. Select Local intranet and click Sites. In the opened dialog box click Advanced. Add the host name of Adaxes Web interface (e.g. host.company.com). Click Close and then click OK. Click Custom level. Navigate to Scripting and enable Active scripting. Navigate to User Authentication \ Logon. Select Automatic logon only in Intranet zone and click OK. Activate the Advanced tab. In the Settings list, navigate to the Security section. Select Enable Integrated Windows Authentication and click OK. Mozilla Firefox - https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication Launch Mozilla Firefox In the URL window, enter about:config and press Enter. In the filter text box, enter network.negotiate. Double-click the network.negotiate-auth.trusted-uris option and enter the host name of Adaxes Web interface (e.g. host.company.com). Repeat previous step for the network.negotiate-auth.delegation-uris option. Google Chrome Add the Software\Policies\Google\Chrome\AuthServerWhitelist key equal to *.<domain-name>.local to the registry Add the Software\Policies\Google\Chrome\AuthNegotiateDelegateWhitelist key equal to *.<domain-name>.local to the registry
  5. Hello @Surfrat, Welcome back! Yes, you can choose how to open On-Screen Keyboard: Open On-Screen Keyboard by pressing CTRL+ALT+SHIFT+P. Show On-Screen Keyboard quick launch icon in data entry fields. The On-Screen Keyboard quick launch icon is displayed in the password input fields on web pages.Click the Edit categories link to open the Categories window. In this window, you can specify on which websites the On-Screen Keyboard quick launch icon for On-Screen Keyboard should be displayed. Click the Manage exclusions link in the Categories window to create lists of websites on which you want to enable or disable display of the On-Screen Keyboard quick launch icon irrespective of the selected website categories. You can use masks when adding exclusions. Resources: About protection of data entered on the computer keyboard About On-Screen Keyboard Thank you🙏 Flood🐳+🐋
  6. Hello @Nick Og, Welcome! (You) can't find the settings described in the topic raised by @booger, because it's for Kaspersky Internet Security, not Kaspersky Plus. Read: Show quick launch icon in data entry fields. If you mean the keyboard that overlays the KPM icon, uncheck Show quick launch icon in data entry fields, Shopping & payment systems (in this case for Amazon site; or select the filter that applies). ?(ioo) it's a very poor design? - if this is not the issue-> post an image of the icon\prompt that's concerning you; there's more than one icon/prompt - we need to see what you see, rather than guess; also, please make sure the image is of the full browser window, including the URL bar & the system date & time? Thank you? Flood?+? Resource: Read before you create a new topic!
  7. Guilhermesene, thanks for your reply. Very quick question is that the memory integrity box you suggest I uncheck is already unchecked ie showing as off. Whether the upgrade has changed this or whether this has always been the case I don`t know. Do you think checking or turning it on may help or should I give it a try? Thanks a lot.
  8. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Description FDE precheck is a utility used for advanced Full Disk Encryption compatibility testing. It contains latest drivers which will be implemented in future KES releases. FDE precheck also collects diagnostic data used to fix compatibility issues. Inability to use laptop keyboard and\or touch-pad is one of the most frequently met issues. Using FDE precheck you can understand if compatibility issue was already fixed and will be included in next release or it should be addressed. You can download latest FDE precheck utility using following links: For KES 11 - https://support.kaspersky.com/14328 System requirements Single operating system should be installed on the test machine, FDE Precheck can't properly function on a host with multiple operating systems. Use administrative account to run the utility. Read before proceeding Decrypt the test host and remove Kaspersky Endpoint Security and AES module. Do a backup of the critical data on the test machine. Follow the test sequence exactly as stated below. Do not manually stop the execution of the utility. The system will automatically restart several times, it is an expected behavior. Plug in laptop. Do not run test on battery. Failure to comply with steps above may lead to unpredictable consequences. Test sequence Make sure machine decrypted does not have KES or AES module installed not running any KL drivers has no critical data plugged in Reboot. Copy and unpack fde_precheck.zip archive. Run elevated fde_precheck.exe (either by right-clicking and choosing Run as administrator or by starting it from an elevated command prompt). If the program will not find any incompatibilities the following message box will appear: Press Yes, to initiate installation of the encryption drivers and initiation of the test. Wait for the automatic reboot, then login using the administrative user as was done earlier. Press OK on the pop-up that will appear shortly after the reboot: Press Yes in the UAC window if it will appear shortly after. Wait for several minutes (up to 10-15 minutes) until next automatic reboot will occur. Do not initiate reboot manually! It will be done automatically. Manual reboot at this stage may result in corruption of the OS. All preparations are run in background, it is normal that there will be no indication of activity on the desktop. After automatic reboot you will see the preboot agent, and it will require human presence to complete those tests. If possible, record the whole process on a camera of smartphone. You will be asked to enter random keystrokes using the keyboard and mouse. In case of successful keystroke registration you will see something like that: Just follow the instructions that will appear on the screen and press "NEXT >" when done with each test. In case FDE Precheck Preboot agent will fail booting or will freeze at some point, please take photo of the error message, or record the whole process on a camera and reboot the machine if necessary. OS will boot either way. Login using the administrative account that was used earlier. At this point drivers will be removed in the background and host will be rebooted one last time automatically. Wait for several minutes (up to 10-15 minutes) until next automatic reboot will occur. Do not initiate reboot manually! It will be done automatically. Manual reboot at this stage may result in corruption of the OS. All preparations are run in background, it is normal that there will be no indication of activity on desktop. The following three files are always created. All three files are mandatory to provide for analysis. fde_precheck_report.txt fde_precheck.log (will be located in the folder with fde_precheck.exe) Description of what have happened during tests (with screenshots and video if possible).
  9. Greetings folks, I think I asked this question years ago on the old forums, and I can't remember the answer. Does Quick scan and Full scan include a rootkit scan? I only ever run Quick scans, the only time I will run a Full scan is if Kaspersky detects something in a Quick scan. I also have background/rootkit scan turned off, as I prefer to run all scans manually. It occurred to me the other day that if this function is turned off and Quick scans don't include Rootkit scans then I'm never actually scanning my PC for rootkits.
  10. I recently purchased a Crumar Performer that has some keyboard issues. The bottom C is completely dead and the other 4 C's have a very long sustain, regardless of where the slider is positioned in the Strings section. All the other keys are fine. I've taken it apart and cleaned the contacts but that hasn't helped at all. Any ideas? Thanks!
  11. I purchased kaspersky total internet security few weeks ago. I did this because I was going to do a clean reinstall of windows ten pro on a laptop and want more security. I did the clean reinstall and installed kaspersky total and it was good. Now just recently, my keyboard when entering into the address bar of firefox, chrome and even edge does not work. I did install the kaspersky extension for weeks ago for each of these browsers. I mainly been using firefox because I read its the safest browser. The thing is for some reason, keys like pageup, pagedown, backspace, enter, Caps Lock, ` and several of the function keys seem to work on the keyboard. And by keyboard, im talking about the laptop keyboard and also an external keyboard connected via usb. I use this laptop while connected to an external monitor almost always. The weird thing however is… if I am on www.google.com and move my mouse to the search option on google… my keyboard does work. I could type any character. But when I move my mouse anywhere else, whether its the address bar or an application of a program I open, my keyboard does not work. If I do turn on the windows on screen keyboard, well that does work no matter where I type. Now when I turned on the kaspersky on screen keyboard, it seems to work everywhere… except the address bar of firefox/chrome/edge. Also as of now, I have bitlocker enabled and a windows ten password enabled. My concern is if I turn off my laptop or restart it, when it ask me for my bitlocker pin, isn’t that going to be a big issue if my keyboard does not work? Thus I can’t type my pin in? Could you even get the windows on screen keyboard open at the part where it ask your bitlocker pin? I assume not right? So to be on the safe side now, suspend bitlocker and no windows ten password because if I do that… then when I do a restart of my laptop, then it would go to the main screen? I did not even turn off my laptop since yesterday because of this. Also I am traveling abroad so this happening now is very frustrating as I do not have any computer. Can you tell me what is the best advice on this? Is this a kaspersky related issue? It makes no sense why so few keys work on the address bar and some function keys work but none of the letters/numbers work. Yet they work while entering in the google search menu? Is this related to the kaspersky enable keyboard or the kaspersky enabled web browser? Would turning those off make it work? How do you even turn it off? I checked online and the instructions have you going to settings and I don’t even see that when opening kaspersky total security.
  12. During installation, you had to set a password for the admin account, and after the first launch, log in under it and pre-configure the solution (in terms of performance) If this stage is passed, then to enter Administrator mode, enter your credentials login - Administrator password - Administrator Also, don’t forget to check the local login checkbox. After logging in, you can change this password to the one you need https://support.kaspersky.ru/KATA/6.0/en-US/247449.htm
  13. Kaspersky Virus Removal Tool (KVRT) does not have a command line interface that allows fine-grained control over certain scanning components such as system memory, startup items, and boot sectors. However, you can influence the behavior of KVRT by adjusting settings through the interface. If you want to perform a targeted scan of specific folders and exclude other components, try the following steps: 1. Open Kaspersky Virus Removal Tool: – Kaspersky Launch the virus removal tool. Applications on your computer. 2. Configure scan settings:- Look for options that allow you to customize scan settings. This is usually available in the application's settings or preferences section. 3. Exclude system memory, startup items, and boot sectors: - Check your settings to see if there is an option to exclude specific components from scanning. Look for a checkbox or setting to scan system memory, startup items, and boot sector. Disable or disable these options if available. 4. Set scan destination: - Set the scan destination to the specific folder you want to scan. Most antivirus tools allow you to specify a custom scan path. 5. Start scan: - After adjusting settings to exclude unnecessary components and specifying folders to scan, start the scan. Please note that the exact steps and options may vary depending on the version of the Kaspersky Virus Removal Tool you are using. We recommend that you refer to your product documentation or help resources for detailed instructions specific to your version. If you're looking for a lightweight and customizable command-line antivirus tool, consider checking out other antivirus solutions that offer command-line options for targeted scanning. Please note that the specific features and options available may vary depending on your antivirus product.
  14. Hello @ahmad98, Welcome! Not enough information, please share with us: OS version & build, refer: https://support.kaspersky.com/common/diagnostics/15026 Kaspersky Free version, refer: on the Windows Taskbar or hidden icons, rightclick the Kaspersky icon, select About? Error or errors when Keyboard does not work - post full-screen screen prints? In Windows Device Manager - what is the Keyboard status? In Windows Device Manager - has Scan for changes been run? Has the Windows Keyboard Troubleshooter been run - what are the results? Which solutions have been tried - provide details of each solution please? Read: keyboard stopped working topics. Please post back? Thank you? Flood?+?
  15. Hello @Killeriguana, Thank you for posting back, the information & the image👌 We contacted support, they said: The quick launch icon in the data entry field is referring to the tiny keyboard icon (number 1 in our image), where you may click and open the On-Screen Keyboard. If you uncheck “Show quick launch icon in data entry fields” option, the tiny keyboard icon will not show. Support went on to say: We (Kaspersky) do not have an option to turn off the pop-up (number 2 in our image), if the Secure Keyboard is turned on in the background. All you can do is to close (click x) the pop-up notice. That's the only way you can make the pop-up disappear as this is a feature by design. We asked: Don't you think, if *Show quick launch icon in data entry fields* is unchecked & the tiny keyboard icon is *no longer visible*, it would make sense that the Secure keyboard input is enabled pop-up would also not show? Isn't that commonsense? Support said: That's two different things. On-Screen Keyboard allows users to use the on-screen keyboard to type without using a physical keyboard. Secure Data Input is a protection feature that prevents keylogging applications to capture keystrokes. As I said before, we do not have the option to make the pop-up disappear. The user can just close the prompt and that's it. I will suggest this feedback to our team. Note, (ioe) “suggestions” don’t get very far in the Kaspersky bubble; they appear to dedicate a lot of resources to implementing cosmetic changes, not fixing things that would help their subscribers? Thank you🙏 Flood🐳+🐋
  16. Your app is a disgrace Kaspersky. It has been quiet for 2 days, I thought that was it, and I was minding my own business watching a movie on amazon prime when what did I get? A big popup on the bottom right covering a quarter of the screen asking me if I wanted to install Kaspersky on my mobile. Sure, there was an option for "don't ask me this again" but I have no idea how many more different messages I am going to get before this stops happening, or if it WILL stop. I am going back to the combo of defender and Malwarebytes and getting a refund on Kaspersky for a second time. There won't be a third. I have compiled a list of grievances I have with the operation of the product, that I wanted to talk to support about, specifically how you can't enable outbound internet connection notifications without enabling the main app interaction notification which notifies you about EVERYTHING an app tries to do (launch, modify registry, access said folder, etc etc). All I want is an "this app is trying to access the internet, deny or allow" but I have to click 9 different allows just to get ONE game to run, it's crazy. So anyone who wants to keep their sanity just disables all outbound notifications. Sure you can trust an app but not even that is foolproof, I have trusted HD Sentinel 100 times and it disappears from trusted on every launch and I get registry access popups, so I just gave up and disabled those notifications. Why you don't have a "depth of notifications" and for example "alert on internet access only attempt" option, in SUCH a deep program, I have no idea. You've made the outbound notifications all but useless as it stands. And who wants to completely trust every app on their system anyway? I had been compiling all the data and how it could be made more user friendly but I don't think there's a point. At this stage the program is as bad as Mcafee and Norton in the spam department and doing the things I specifically want an AV app to NEVER do. I have no idea why someone like Kaspersky who I always trusted and respected would resort to these childish tactics, but, that's it for me. All I want to know is how to remove the program with NO trace in my registry and without messing anything up that would make me think I need to format and re install windows 11. Anyone with knowledge on that? How to truly and completely uninstall this adware? (it's adware by its very definition, as I have unticked all the notification popups and it's still behaving as adware would, as I have explained. Advertising the mobile app while I am on a PC, is adware. I took pics for proof also).
  17. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. When administrator attempts to establish a connection between KS4O365 workspace and their Exchange online organization by doing the following in the administration console: Office 365 connection → Exchange Online connection → Grant Access → passes the consent validation algorithm but in the end gets the Error processing the request error: This error is usually triggered by the browser settings on the client host that is performing the consent validation. Upon executing consent validation algorithm we get the access token from Microsoft. Then we redirect browser to our web site's URL and attach access token as a cookie. Upon redirecting, cookie with access token is lost/blocked somehow, usually this is caused by one of the following reasons: Browser filters cookies on its own. For instance due to some extensions, browser settings, or due to some beta version of browser with paranoid default security settings. Some 3rd party program, for example a file anti-virus, is blocking access to the file with the browser's cookies on the local hard drive. Thus, the following action plan is suggested. Step-by-step guide Clear all history, cache and cookie in the web-browser, restart it and check the reproduction. If it doesn’t help, then please make sure that the same error occurs if you try to do the same operation in another web-browser supported by the product (https://support.kaspersky.com/KS4MO365/1.2/en-US/141858.htm) or in incognito mode of the browser. Also, temporarily disabling anti-malware solutions or any 3-rd party products that might be blocking/locking/inspecting browser's cookie files is called for. If the issue will persist, then please do the following: 1. Open Google Chrome web-browser. 2. Press F12 keyboard button. 3. Enable Preserve log option in Network tab. 4. Reproduce the whole scenario from the begging (log into business hub account) and the issue itself. 5. Make an error screenshot with time stamp. 6. Export Network debugging results to HAR-file. 7. Provide HAR-file + screenshot to the Kaspersky Support. Also we will be interested in the URL that will be shown when the error will pop-up in the browser.
  18. Hello @jbqld Welcome! So we don't have to guess, please: Read before you create a new topic! by Danila T. & provide the information? In the Kaspersky main window, are there any colours other than *green* & OR are there any *Notifications*? When the 'Windows Security to turn on Virus & Threat Protection' alert happens, in Windows hidden icons, when you look at the Kaspersky icon, what do you see? In Windows Task-manager - when the 'Windows Security to turn on Virus & Threat Protection' alert happens - how many Kaspersky application processes are running? Check & make sure Performance, PC resource consumption -> Launch Kaspersky at computer startup (recommended) is *enabled*? Has the computer been shutdown, using Shutdown, not Restart, then powered on by pressing the Power button & logging in at the login prompt - IF 'NO', please proceed with this *Shutdown* & power on procedure. Please post back? Thank you🙏 Flood🐳+🐋
  19. Quick fix: You can use OpenVPN Connect with configuration for router. https://my.kaspersky.com/VPN#/portal/pages/ksec
  20. hello You 5.02.2024 23:13 How may i assist you today? Operator 5.02.2024 23:13 i was recently told to make a chat for a problem whit kapersky Threat Intelligence Portal You 5.02.2024 23:13 by a forum master You 5.02.2024 23:13 Okay, let me check on the issue details for you Operator 5.02.2024 23:14 ok You 5.02.2024 23:14 If you could please hold on for 1-3 minutes and I will check for you. Operator 5.02.2024 23:14 ok ill hold You 5.02.2024 23:15 Thank you, please wait Operator 5.02.2024 23:16 Thank you for waiting patiently Operator 5.02.2024 23:18 We are just trying to get more details on this, is that will be okay if I update you with an email within 24hours? Operator 5.02.2024 23:19 ok You 5.02.2024 23:19 We are just trying to get more details on this, is that will be okay if I update you with an email within 24hours? Operator 5.02.2024 23:19 like for messeges? You 5.02.2024 23:19 we will update you on email Operator 5.02.2024 23:19 well yes its okay You 5.02.2024 23:20 Sorry for the inconvenience caused. Operator 5.02.2024 23:20 Is there anything else I can help with before we end the chat? Operator 5.02.2024 23:20 no thats it thank you for the help You 5.02.2024 23:20 No worries. Please take note of the reference number for this chat: INC000016171813 If that is all for now, I will end this chat here and I would appreciate it if you could complete a quick survey about the support that I have provided. 😊 Thank you for contacting Kaspersky and have a nice day. 😉 Operator 5.02.2024 23:21 The conversation has been completed. Please feel free
  21. was doing some research for work, which involved visiting different companies websites. I was using Google Chrome when I was doing my research and when I was viewing this website I received 11 notifications in a row saying Malicious Object Detected from chrome.exe, unluckily all of them were allowed by Kaspersky. I performed a quick scan, restarted my computer, and did a full scan and all came out cleaned. . Since the results of all my scans are clean I was wondering if I have to be worried about anything. I'm not sure how to send reports, but I've attached screenshots of my Kaspersky reports:
  22. Hello @Rich_in_HaPA, Welcome! Yes. Ok. OK. You can't - it's by design. There's been a multitude of complaints, Kaspersky appears not to have heard them. You may wish to log a request, on the support page, fill in an Email or Chat, then select Feedback, I have a Suggestion, or Feedback, I have a Complaint template - provide a detailed history & explanation/reasons for the request. Support may communicate with you & discuss the proposal. All requests go thru the relevant team/s, not all requests are successful & even successful requests may take a long time to be implemented. Please share the outcome with the Community, when it's available? Thank you? Flood?+? Resources: Very little info for Secure Keyboard Input - in Kaspersky Internet Security for Mac library. Existing Community topics, generic filter: Secure Keyboard Input is enabled Quick Launch Keyboard
  23. I have faced an issue which may be related and which is really impairing my hardware keyboard. This is the thing and it is related to the “Secure Keyboard input” and NOT to the “Onscreen Keyboard” When I used the alibaba.com website the “Secure Keyboard input” kicked in when i tried to enter a search. When I shifted to Microsoft Office 2019 applications I noticed that my hardware keyboard froze except for the “enter” and “backspace” keys. I chatted with “Support” and after several attempts, they deduced that the issue was related to the website and not Kaspersky. The best solution offered was to exclude this website from the “Secure Keyboard Input” protection. Which we tested. The result is that after this, only when I revert to the alibaba.com website and type a search without the “Secure Keyboard Input” protection will my hardware keyboard unfreeze. So I kept the exclusion awaiting a better solution. Then something worst happened. Any time I type on any website triggering the “Secure Keyboard Input” my hardware keyboard freezes and only when I reopen the alibaba.com webpage and type a search on it does my hardware keyboard unfreeze on this page and subsequently on the Microsoft Office 2019 applications. You can imagine what this does. I have serious doubts that this website does not tolerate “Secure Keyboard Input” and may have injected some form of keylogger which is affecting “Secure Keyboard Input” altogether. Any Thoughts?
  24. Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Using EDR, you may encounter an issue where you're unable to view incident card regarding a detection in KSC Web Console. It looks like this: Here we will discuss known causes of such behavior (several products are involved, so causes may be different). Possible causes and solutions MDR In MDR, incidents are to be viewed using the dedicated MDR Console, and KSC version 13 and newer with configured MDR plug-in. KSC 12.* Web Console will not receive the data; this is expected behavior. KES+KEA If you first install KES without EA component, and then a standalone KEA package, KES EDRO integration will be disabled and killchain will not work. Here is a quick way to determine if KEA was installed as a component of KES. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] "AntiAPTFeature" = "1" If the value is 0, proceed to the workaround to enable the component as described below. To fix this, we ran Change application components task on the host, enabling Endpoint Agent in KES. If KES/KEA integration is configured correctly, we can find the following in KES traces: 12:08:37.426 0x2a18 INF edr_etw Start processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, recordId = 6, taskId = 1128, result = 0 12:08:37.426 0x2a18 INF edr_etw Start processing actions = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, action = 4, recordId = 6, taskId = 1128, edrAction = 3489660999, result = 0 12:08:37.442 0x2a18 INF edr_etw Killchain is enabled! 12:08:37.442 0x2a18 INF edr_etw SystemWatcher is running! 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect end 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds end 12:08:37.442 0x2a18 INF edr_etw Finish processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com threat status = 1, recordId = 6, taskId = 1128,result = 0 12:08:37.458 0x1f18 INF edr_etw Finish processing AV detect result = 0 Searching for ThreatID in KEA traces: 12:08:37.426 0x2a18 INF amfcd ThreatsProcessingEventsLogic::OnTreatActionImpl: ctx:0x23d68510 [TI 0x1b8dd490: id = 0x6, : tdid = {7F620459-6C51-9E46-9A5D-689A9B0D0098}, name = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, add info: <none>, 0x0] 0x4 0x0 KES+KEA (upgrade from KESB to EDR Optimum) EDR Optimum requires KSC 12.1 or newer to work. This includes the Network Agent, which is a part of KSC, and is generally installed on the host alongside KES. Using an outdated version of Network Agent (10.5, 11, etc.) will lead to the mentioned error when opening incident cards. If Network Agents were not upgraded along KSC, it's better upgrading them for EDR Optimum. KES 11.7+ Check that EDR Optimum feature is enabled in registry (GSI > Registry > HKLM_Software_Wow6432Node_KasperskyLab.reg.txt ). [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] EdrOptimumFeature = 1 If value is 0, run Change application components task on the host, enabling EDR Optimum in KES. Also in traces (*.SRV.log) you can search for sentence bundles::InstalledFeaturesProvider::InstalledFeaturesProvider and check that EDROptimumFeature is there, for instance in example below such component is missing KES. 11:00:36.897 0x26a0 INF bundles::InstalledFeaturesProvider::InstalledFeaturesProvider{ 3 (AVScannerAndCoreFeature) 28 (AdaptiveAnomaliesControlFeature) 0 (AdminKitConnectorFeature) 24 (AdvancedThreatProtectionFeature) 27 (AmsiFeature) 7 (ApplicationControlFeature) 17 (BehaviorDetectionFeature) 30 (CloudControlFeature) 4 (CriticalScanTask) 6 (DeviceControlFeature) 23 (EssentialThreatProtectionFeature) 11 (ExploitPreventionFeature) 8 (FileThreatProtectionFeature) 19 (FirewallFeature) 5 (FullScanTask) 2 (HostIntrusionPreventionFeature) 16 (MailThreatProtectionFeature) 14 (NetworkThreatProtectionFeature) 12 (RemediationEngineFeature) 25 (SecurityControlsFeature) 18 (UpdaterTask) 21 (WebControlFeature) 20 (WebThreatProtectionFeature) 22 (WholeProductFeature) } KSWS+KEA The same rule applies: KEA component needs to be installed in KSWS. KSWS does not have a "Change application components" task in KSC, so this has to be taken into account during KSWS deployment. Here is a quick way to determine if KEA was installed as a component of KSWS. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\Software\Wow6432Node\KasperskyLab\\WSEE\11.0\Install] "Features"="AntiCryptorNAS=0;AntiCryptor=0;AntiExploit=0;AppCtrl=0;AVProtection=0;DevCtrl=0;Fim=0;Firewall=0;ICAPProt=0;IDS=0;Ksn=0;LogInspector=0;Oas=0;Ods=0;RamDisk=0;RPCProt=0;ScriptChecker=0;Soyuz=0;WebGW=0" (Soyuz needs to be set to 1) If Soyuz is set to 0, apply workaround to enable it. KSWS allows to change its components locally or via cli. Here is the example of how to set Soyuz=1 when KEA was installed not as a component of KSWS: 1. Locate ks4ws_x64.msi or ks4ws.msi (depends on OS architecture) 2. Create custom installation package based on ks4ws_x64.msi or ks4ws.msi from p.1 with parameters as per screenshot (add UNLOCK_PASSWORD= if KSWS is protected by password in policy) 3. Deploy package on problematic servers with KSWS and KEA, then check registry that Soyuz=1 4. Check host's properties at KSC side - EDRO should be in Running state in KEA If KSWS/KEA integration is configured correctly, we can find the following in KSWS traces: 19:57:04.577 7a8 1310 info [edr] Published ThreadDetected: VerdictName : HEUR:Win32.Generic.Suspicious.Access RecordId : 0 DatabaseTime : 18446744073709551615 ThreatId : {ffb58079-6d8d-4a62-8ab0-021ff4ed61c5} IsSilent : false Technology : 3489661023 ProcessingMode : 3489660948 ObjectType : 3489660934 ObjectName : C:\Windows\System32\wbem\WmiPrvSE.exe Md5 : e1bce838cd2695999ab34215bf94b501 Sha256 : 1d7b11c9deddad4f77e5b7f01dddda04f3747e512e0aa23d39e4226854d26ca2 UniquepProcessId: 0xf7c807730e051a0d NativePid : 3360 CommandLine : AmsiScanType : AmsiScanBlob : FileCreationTime: 1601-01-06T23:09:56.075520800Z Searching for ThreatID in KEA traces: 19:57:05.583 704 9b0 debug [bl] ThreatsHandler: detect v2 verdictName: HEUR:Win32.Generic.Suspicious.Access detectTechnology: 0xd000005f processingMode: 0xd0000014 objectType: 0xd0000006 objectName: C:\Windows\System32\wbem\WmiPrvSE.exe nativePid: 3360 uniquePid: 17854528913448180237 nativePidTelemetry: 3360 uniquePidTelemetry: 17854528913448180237 downloaderUniqueFileId: <none> downloadUrl: <none> isSilentDetect: false threatId: ffb58079-6d8d-4a62-8ab0-021ff4ed61c5 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59675, processed=59675, dropped=0, queueBytes=191 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59676, processed=59676, dropped=0, queueBytes=132 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59677, processed=59677, dropped=0, queueBytes=371 19:57:05.583 704 9b0 debug [bl] Threats Handler: event processed, id = 2 19:57:05.584 704 1fc debug [killchain] Message discarded: name = ThreatDetect The verdict is Message discarded, this means the detection won't trigger killchain generation. No such entries can be found in traces, which might mean that EPP integration is not configured correctly (EDR component is disabled in KSWS). Check killchain presence on the host If all pre-requisites are met, it's worth checking if killchain files are actually created on the host. To check that, run cmd.exe as Administrator and check the c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects folder contents. Archives with <threat_id>.zip names should be present in the folder: C:\WINDOWS\system32>dir "c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects" Volume in drive C has no label. Volume Serial Number is 8010-ADC0 Directory of c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects 08/16/2021 12:20 PM <DIR> . 08/16/2021 12:20 PM <DIR> .. 08/16/2021 09:34 AM 636 0349c190-4ac3-4da4-9b64-07835298660f.zip //this is an archive with killchain info 08/16/2021 12:18 PM 696 1d306aa7-f37f-4ab2-969e-d337d398a995.zip 08/16/2021 09:34 AM 637 23a5dc93-5776-43c8-b949-79c102aa1184.zip 08/16/2021 12:19 PM 691 27bc9ea3-200b-49d2-b8b0-df7954cd428a.zip 08/16/2021 12:19 PM 683 40673c70-9e8e-420f-b5ce-65b406862b94.zip 08/16/2021 12:19 PM 688 590b6e30-4509-4b25-bdb0-062f89b7e062.zip 08/16/2021 12:20 PM 693 67993612-dc82-45a2-9e5b-74756adc46eb.zip 08/16/2021 12:20 PM 685 6a892bd1-f452-42d0-80b0-cb953cd7fc26.zip 08/16/2021 12:19 PM 686 a63fbafa-fcef-46f7-935f-42be4392a172.zip 08/16/2021 12:19 PM 699 d9d4f5eb-42b2-4460-8f8a-eb63bbef8791.zip 08/16/2021 12:19 PM 686 f6042624-9840-4a6e-9b30-9270cce22236.zip 11 File(s) 7,480 bytes 2 Dir(s) 240,763,092,992 bytes free
  25. Well, it didn't last long... After a couple of days working, I'm now back with the same problem. This time, I can access the list of country servers, but if I select a different one, it does not change. If I click on the on/off toggle switch, the button disappears and the switch background turns green-red and it hangs forever until I quite with the "close" (X) icon. It states underneath that "Your connection is secure". A quick check of my IP address shows that the VPN is not working. I attach before click (left) and after click photos.
  • Create New...