Search the Community

Ciao @Alebit , il problema che descrivi è molto probabilmente causato da un conflitto o da un'incompatibilità emersa in seguito all'aggiornamento a Windows 11 Hai provato a disinstallare kaspersky e a reinstallarlo? ricorda che devi sempre usare l'ultima versione disponibile dell'applicazione. https://www.kaspersky.it/downloads#update-product Se hai già provato senza successo allora conviene usare il Kavremover ma per sicurezza contatta l'assistenza tecnica kaspersky anche via chat Orari: Lun - Ven, 09:00 - 17:00. Saluti

i noticed it recently. maybe after a microsoft update(and i say maybe because you also did a major update). i had made a folder in untrusted with full privilages and everithing else even in trusted didnt had any access to the network. and i puted what i wanted to that folder to have very basic internet and everything else to block. now everthing is unblocked without me changing anything.... even winrar ffs . network rules dont work anymore.... check the firewall ffs....

Hallo, ich kenne das Problem. Meist liegt es daran, dass das Gerät länger offline war. Andere Gründe könnten sein, dass die Kaspersky App einen Update benötigt. Da sie bei Android-Geräten nicht mehr im Play-Store zu finden ist, muss dies meist über einen andern installierten Store passieren, und manuell angestossen werden. Eine weiter Möglichkeit ist meist, dass man den neuen Lizenz Bedingungen in der Kaspersky App noch nicht zugestimmt hat. Falls ein PW-Manager installiert ist, gilt das auch für diese App mit den Zustimmungen.

https://forum.kaspersky.com/topic/kaspersky-update-utility-40-25435/

Thank you very much, this is really useful. But has Antivirus database update using Kaspersky Update Utility 4 （the second link) been completed? It only lists the applications that support updates but does not specify how to update them.

Hello, I’ve been facing a persistent issue with Kaspersky VPN Secure Connection on Windows 11. Whenever I enable Split Tunneling (for example, activating VPN only for Discord), some online games such as Battlefield and other titles freeze or get stuck at the loading screen after clicking “Ready”. Here are the details: Windows version: Windows 11 (latest updates installed) VPN: Kaspersky VPN Secure Connection (latest version) ISP: Turkcell / Superonline (Turkey) I tested the same configuration with another VPN that supports Split Tunneling — and everything worked perfectly fine. This problem seems to appear only when Kaspersky VPN is running. I have already: Tried disabling all Kaspersky protection features temporarily. Reinstalled the VPN. Reset network settings and cleared DNS. Tried different servers and protocols. This same problem happened to me a few months ago and it resolved itself automatically after an update, but now it’s back again. I am quite experienced with networking and system configuration, and I’ve verified that the issue is not related to Windows Firewall, routing, or game servers. It’s definitely connected to the Kaspersky VPN Split Tunneling behavior. Please investigate this issue or let me know if any logs or diagnostic traces would help.

Hello @Pandonus, Welcome back! What happened - what errors show when Kaspersky Premium fails to update anydesk? Please look in Kaspersky Reports for any anydesk events & post back? Note - please post images in English - to convert the Kaspersky Gui to English - by pressing SHIFT + F12 on the keyboard; to revert press SHIFT + F5 on the keyboard. Are (you) able to update anydesk manually? *Note* when posting images to a public forum, for *your* privacy & security - please hide all personal information - for example - email address. Please post back? Thank you🙏 Flood🐳+🐋

@SARDI02 Please select another update source ? Kaspersky update servers → https://support.kaspersky.com/common/start/6105

Очень вероятно, что про неё можно будет забыть. Относительно недавно был релиз 15.1 (update 2).

Hello @mox, Welcome back! Vista is not supported, Windows 7 is, with a *proviso*, please read: Kaspersky for Windows, Hardware and software requirements: "Kaspersky application cannot be installed on Microsoft Windows 7 without installed operating system updates: KB4490628 (March 12, 2019) and KB4474419 (September 23, 2019)." KIS subscriptions cannot be purchased online from Kaspersky websites, you may be able to purchase from third-party-merchants (please do not buy from eBay, the *same* activation-codes are frequently sold to multiple subscribers, people have been scammed on more than one occasion) OR you may be able to purchase KIS in a boxed version, from a local store. Also, please read: Where to buy an activation code? Also, note, Kaspersky uses an automatic & silent Total-Force-Upgrade (TFU), after installing KIS, the software may try to update unless (you) implement a manual hack to prevent updates of new versions & patches. Thank you🙏 Flood🐳+🐋

Hello. Please post in the forum language. Update directly through the web console in the plugin area and not through mmc. In this image, where the note is, it should probably say Update Plug-in.

You can download the installer from the official website and update manually.

TLDR: Kaspersky is blocking chromium developed app to access internet, didn't find any place to remove this blockage. Hi. I'm developer and i've working with Playwright. For those who don't know, Playwright uses headless browsers for automation testing in the front-end, it opens a pure chromium, a pure webkit and a firefox browser to run the tests. After a whole day using the Playwright, the next day stated my headaches, i've been receiving errors like: net::ERR_CONNECTION_RESET And others, tryied a lot of things, also figure out that visual studio was unable to access the internet with the same error ERR_CONNECTION_RESET... Also, Discord didn't update anymore and get stuck in the update screen. I have disabled all single button the kaspersky software have, that makes sense about firewall, also the windows firewall and still getting the same error. Runned a lot of commands on windows 11 terminal, like: Netsh winsock reset Netsh int ip reset ipconfig /renew ipconfig /flushdns And nothing... Today, on the second day, i realize that only chromium based apps are blocked, then i close the kaspersky app and all came back to life. Vscode is updating, discord app opens and Playwrite opens the chromium testing without errors. So, where is the config to remove chromium based apps on this network blocking?

what was the update name ?>

Hello, any update on this? Just need KPM on Linux. What make it soo hard? Hello, any update on this? Just need KPM on Linux. What make it soo hard? Hello, any update on this? Just need KPM on Linux. What make it soo hard? Hello, any update on this? Just need KPM on Linux. What make it soo hard?

Real-time protection and full scanning are different processes. Yes, it didn't have a malware file signature. You may install Kaspersky Free again, update the databases, and perform a full scan. If it finds nothing - you don't need anything else. Perhaps this file wasn't used at all, but only laid quietly in the folder. Most likely, everything is fine with files. If there are documents, photos, archives, etc. - just open some number of them and check.

because my kaspersky free, malwarebytes free, adwcleaner not detected i update definitions file AppData\Roaming\secure\QtWebKit4.dll (Trojan:Win32/Wacatac.C!ml) What is the real name and type of malware? in microsoft defender is Trojan:Win32/Wacatac.C!ml And does it modify, delete, or corrupt my personal files on my PC?

Добрый день! При попытке обновления веб консоль пишет превышено время ожидания. Служба kladminserver_srv.service выдает ошибки базы данных. Jul 25 08:12:41 ubuntu.packer.build klsecuritycenter_srv[255000]: Could not get primary index date. #2801 EkaMethodFailed: 'DoUpdate #1: UniversalUpdateAITask ##1: // updater // (KLUTIL::> Jul 25 08:12:41 ubuntu.packer.build klsecuritycenter_srv[255000]: >>> Update & retranslation task: One of subtasks failed (446F5570646174652023313A20556E6976657273616C557064617465414954> Jul 25 08:15:43 ubuntu.packer.build klserver[255000]: Debugging updater. Jul 25 08:16:19 ubuntu.packer.build kladminserver_srv[250689]: Database error occured: #1950 Generic db error: "[22003]`ERROR: integer out of range `, LastStatement=`CALL "licsrv_check"(110, -1, NULL);`" (D098D0BDD184D0BED180D0BCD0B0D186D0B8D18F20D0BED0B120D0BED188D0B8> Jul 25 08:16:19 ubuntu.packer.build kladminserver_srv[250689]: Database error occured: #1950 Generic db error: "[22003]`ERROR: integer out of range `, LastStatement=`CALL "licsrv_check"(100, 110, NULL);`" (D098D0BDD184D0BED180D0BCD0B0D186D0B8D18F20D0BED0B120D0BED188D0B> Jul 25 08:16:19 ubuntu.packer.build kladminserver_srv[250689]: Database error occured: #1950 Generic db error: "[22003]`ERROR: integer out of range `, LastStatement=`CALL "licsrv_check"(90, 100, NULL);`" (D098D0BDD184D0BED180D0BCD0B0D186D0B8D18F20D0BED0B120D0BED188D0B8> Jul 25 08:45:31 ubuntu.packer.build klsecuritycenter_srv[256017]: Could not get primary index date. #2801 EkaMethodFailed: 'DoUpdate #1: UniversalUpdateAITask ##1: // updater // (KLUTIL::> Jul 25 08:45:31 ubuntu.packer.build klsecuritycenter_srv[256017]: >>> Update & retranslation task: One of subtasks failed (446F5570646174652023313A20556E6976657273616C557064617465414954> Jul 25 08:48:33 ubuntu.packer.build klserver[256017]: Debugging updater. Также служба klwebrv_srv.service выдает ошибку /etc/systemd/system/klwebsrv_srv.service.d/override.conf:7: Unknown key name 'CapabilitiesParsec' in section 'Service', ignoring. С чем это может быть связано? Сервер на ubuntu 22.04, KSC 15.4

Symptoms OS hang, sometimes with open file errors in journals Customer application degrades with errors "unable to open file", "too many open files" Hangs and third-party (compatibility) issues often require advanced data collection and are sophisticated to investigate. However, a quick check is possible: On a system where KESL has worked for some time (not immediately after reboot/restart), validate the output of the following command, ran as root, for numerous records of /usr/bin or /usr/sbin folders lsof | grep -E 'kesl.+DIR.+\/usr\/s?bin' Root Cause Under heavy load, KESL may display linear increase in file descriptors usage (sysctl - fs.file-nr) up to system-wide limit (sysctl - fs.file-max) and eventually degradation. Workaround Schedule restart of KESL service every week/day, depending on intensity of descriptors growth. NB: KESL restart will also reset progress of certain tasks like "malware scan" and "database update". Schedule KESL restart outside of tasks timeframes. Solution This issue was fixed in KESL 12.1.0.1274, so an update to that or newer version should fix it.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Description, Symptoms & Impact It is not possible to use a proxy server for KATA 5.0 and/or KATA 5.1 CN on TCP ports 8080, 8090 or 8091. If you will configure in KATA 5.0/5.1 proxy server connection settings using one of those ports, then such configuration will result in KATA update task failure and KSN connection errors right after those settings will be applied. This happens due to the fact, that KATA uses ports 8080, 8090 and 8091 for it's internal services and there are preconfigured default iptable rules that prevent incoming and outgoing connection on those ports for external hosts outside of the KATA cluster, which in turn results in connection errors if those ports are also used by the product for outgoing connections to a proxy server. Diagnostics It can be easily confirmed if a KATA server will be facing those updater and KSN issues, by either checking the current proxy server configuration in the product's web interface: if either of the listed ports 8080, 8090 or 8091 is used, then the KATA server is probably facing the issue. Or alternatively you can run the iptables -nvL DOCKER-USER command and check if the number of the rejected packages in the corresponding rules for ports 8080, 8090 and 8091 steadily increases upon running update task in KATA: Workaround & Solution To avoid this issue use one of the following 2 options: Do not use proxy server for KATA connections, configure direct internet connection for KATA CN nodes. Use a proxy server on a different port, for example port 3128 is quite standard option in such cases.

Description and cautions The article shares working example of using KSC API calls for one of the available scenarios - retrieving events, HW and/or SW inventory data. For the Windows version of cURL, you need to specify that the arguments need to be escaped with "\", otherwise there will be an error. For example: 'Authorization: KSCBasic user=\"YXBpLXVzZXI=\", pass=\"cGFzc3dvcmQ=\", internal=\"1\"' Details Prerequisites internal user: api-user Examples: KSC address - 127.0.0.1 (the address can also be external) API Port - 13299 (default) User: api-user (intrental KSC user), base64: YXBpLXVzZXI= Password: password, base64: cGFzc3dvcmQ= Credentials: User Password api-user password Base64: YXBpLXVzZXI= cGFzc3dvcmQ= Authentication, type: Authenticated session, other types: KSC Open API description All requests are in cUrl format, as an alternative it is also possible to use Python library (KlAkOAPI Python package) Login Start connection to KSC (Session::StartSession ) Session::StartSession curl --location --request POST 'https://127.0.0.1:13299/api/v1.0/Session.StartSession' \ --header 'Authorization: KSCBasic user="YXBpLXVzZXI=", pass="cGFzc3dvcmQ=", internal="1"' Username and password should be encoded to base64 format as part of a secure HTTPS session. For example, https://www.base64encode.org/ can be used for encoding. Response { "PxgRetVal": "nsPbUpP1oAVZlM1lODEbg8A==" } Use below token in request header Find Host Find host by filter string (HostGroup::FindHosts) Filter string contains a condition over host attributes, see also Search filter syntax. We use "KLHST_WKS_DN" - Host display name HostGroup::FindHosts curl --location --request POST "https://127.0.0.1:13299/api/v1.0/HostGroup.FindHosts" --header "X-KSC-Session: nqepy9ZpZZ/2tiWXhil5cBg==" --header "Content-Type: application/json" --data-raw "{ \"vecFieldsToReturn\":[\"KLHST_WKS_HOSTNAME\",\"KLHST_WKS_DN\",\"KLHST_WKS_IP_LONG\",\"KLHST_WKS_PRODUCT_TAG_NAME\",\"KLHST_WKS_RTP_AV_VERSION\",\"KLHST_WKS_NAG_VERSION\",\"KLHST_WKS_LAST_UPDATE\",\"KLHST_WKS_LAST_UPDATE\",\"KLHST_WKS_VIRUS_COUNT\"], \"lMaxLifeTime\":1200, \"wstrFilter\":\"(KLHST_WKS_DN=\\"WIN10-OPTIMUM-1\\")\" #"KLHST_WKS_DN" - Host display name }" Response ID Response {"strAccessor":"ppYeO5rmkvKcMUm8vQzOK2","PxgRetVal":1} Copy Accessor for next request (ChunkAccessor::GetItemsChunk ) ChunkAccessor::GetItemsChunk curl -L -X POST "https://127.0.0.1:13299/api/v1.0/ChunkAccessor.GetItemsChunk" -H "X-KSC-Session: noOxgI9Ny7O5Whg/97qvcVg==" -H "Content-Type: application/json" --data-raw "{ \"strAccessor\":\"fb07haDqXIKZbQzyDsMwx1\", \"nStart\": 0, \"nCount\": 100 }" Response info about host: Response {"pChunk":{"KLCSP_ITERATOR_ARRAY":[{"type":"params","value":{"KLHST_WKS_DN":"WIN10-OPTIMUM-1","KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","KLHST_WKS_IP_LONG":{"type":"long","value":172250504},"KLHST_WKS_LAST_UPDATE":{"type":"datetime","value":"2022-02-17T13:00:01Z"},"KLHST_WKS_NAG_VERSION":"13.2.0.1511","KLHST_WKS_RTP_AV_VERSION":"11.7.0.669","KLHST_WKS_VIRUS_COUNT":{"type":"long","value":9}}}]},"PxgRetVal":1} Copy value "KLHST_WKS_HOSTNAME" for user in the next request Hardware Inventory SrvView Find srvview data by filter string (SrvView::ResetIterator) "wstrViewName" - see List of supported srvviews. "vecFieldsToReturn" - see https://support.kaspersky.com/help/KSC/13.1/KSCAPI/a00307.html "wstrFilter":"(KLHST_WKS_HOSTNAME=\"c0816918-fbc5-4fbc-8fed-6f245756120e\")" SrvView::ResetIterator curl -L -X POST "https://127.0.0.1:13299/api/v1.0/SrvView.ResetIterator" -H "X-KSC-Session: noOxgI9Ny7O5Whg/97qvcVg==" -H "Content-Type: application/json" --data-raw "{ \"wstrViewName\":\"HWInvPCSrvViewName\", \"vecFieldsToReturn\":[\"KLHST_WKS_HOSTNAME\",\"dev_id\",\"RamType\",\"dev_type\"], \"vecFieldsToOrder\":[{\"type\":\"params\",\"value\":{\"Name\":\"dev_id\",\"Asc\":\"true\"}}], \"lifetimeSec\":100, \"pParams\":{\"TOP_N\":\"yes\",\"USE_DISTINCT\":\"true\"}, \"wstrFilter\":\"(KLHST_WKS_HOSTNAME=\\"c0816918-fbc5-4fbc-8fed-6f245756120e\\")\" # KLHST_WKS_HOSTNAME from the previous request }" Response ID Response {"wstrIteratorId":"466579A79FA755D69B94EC60A5B04744"} GetRecordRange from Response data (SrvView.GetRecordRange ) SrvView.GetRecordRange curl -L -X POST "https://127.0.0.1:13299/api/v1.0/SrvView.GetRecordRange" -H "X-KSC-Session: noOxgI9Ny7O5Whg/97qvcVg==" -H "Content-Type: application/json" --data-raw "{ \"wstrIteratorId\":\"50054D2A2D7A93DCEBFA3BE6F7E21D5E\", \"nStart\": 0, \"nEnd\": 100 }" Response info about hardware with specific filter: Response {"pRecords":{"KLCSP_ITERATOR_ARRAY":[{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"ABE3CC21B521C704DA4FC63BD5698F71","dev_type":1}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"DISPLAY\\DEFAULT_MONITOR\\1&1F0C3C2F&0&UID256","dev_type":7}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"DISPLAY\\DEFAULT_MONITOR\\4&31BE19FA&0&UID0","dev_type":7}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"E05564F28A7EBE312D1326FD0D1A8479","dev_type":1}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"E69E8830E7D33F96BF1E21996A7D73CA","dev_type":0}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"PCI\\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\\3&18D45AA6&0&78","dev_type":4}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"PCI\\VEN_8086&DEV_10D3&SUBSYS_07D015AD&REV_00\\005056FFFF87CC6600","dev_type":6}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"Physical Memory 0","dev_type":2}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"SCSI\\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\\5&A629540&0&000000","dev_type":8}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"SCSI\\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\\5&1982005&0&000000","dev_type":3}},{"type":"params","value":{"KLHST_WKS_HOSTNAME":"c0816918-fbc5-4fbc-8fed-6f245756120e","dev_id":"SWD\\REMOTEDISPLAYENUM\\RDPIDD_INDIRECTDISPLAY&SESSIONID_0002","dev_type":4}}]}} Software Inventory Acquire software applications which are installed on specified host. (InventoryApi::GetHostInvProducts) "szwHostId" - WKS_HOSTNAME form previosly request InventoryApi::GetHostInvProducts curl -L -X POST "https://127.0.0.1:13299/api/v1.0/InventoryApi.GetHostInvProducts" -H "X-KSC-Session: noOxgI9Ny7O5Whg/97qvcVg==" -H "Content-Type: application/json" --data-raw "{ \"szwHostId\":\"c0816918-fbc5-4fbc-8fed-6f245756120e\", # KLHST_WKS_HOSTNAME from previuosly reqest \"pParams\":{\"KLEVP_EA_PARAM_1\":\"\"} }" Response info about software: Response {"PxgRetVal":{"GNRL_EA_PARAM_1":[{"type":"params","value":{"ARPRegKey":"{F4ECE08F-50E9-44E2-A2F3-2F3C8DDF8E16}","CleanerProductName":"","Comments":"","DisplayName":"Kaspersky Endpoint Security for Windows","DisplayVersion":"11.7.0.669","HelpLink":"https://click.kaspersky.com/?hl=en&link=support&pid=kes&version=21.4.20.669","HelpTelephone":"","InstallDate":"20211002","InstallDir":"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Endpoint Security for Windows\\","InstanceID":{"type":"binary","value":"AA=="},"LangId":1033,"PackageCode":"","ProductID":"4E8A2680B3C78565814848DB5ED35C83","Publisher":"AO Kaspersky Lab","QuietUninstallString":"msiexec.exe /X {F4ECE08F-50E9-44E2-A2F3-2F3C8DDF8E16} /quiet /norestart","UninstallString":"msiexec.exe /x {F4ECE08F-50E9-44E2-A2F3-2F3C8DDF8E16}","VapmBuild":{"type":"long","value":0},"bIsMsi":true}},{"type":"params","value":{"ARPRegKey":"{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}","CleanerProductName":"","Comments":"","DisplayName":"Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.20.27508","DisplayVersion":"14.20.27508.1","HelpLink":"","HelpTelephone":"","InstallDate":"20210512","InstallDir":"","InstanceID":{"type":"binary","value":"AA=="},"LangId":0,"PackageCode":"","ProductID":"2E30B54FFAFE11F6DEDB0A31EA8CD6D1","Publisher":"Microsoft Corporation","QuietUninstallString":"\"C:\\ProgramData\\Package Cache\\{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}\\VC_redist.x86.exe\" /uninstall /quiet","UninstallString":"\"C:\\ProgramData\\Package Cache\\{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}\\VC_redist.x86.exe\" /uninstall","VapmBuild":{"type":"long","value":0},"bIsMsi":false}}, ....... Tasks Operations #strTask - open task in nmc-web-console - 1326 (for example: https://localhost:8080/#/management/tasks/148) Get Task Acquire attributes of specified task. (Tasks::GetTask) Response Response {"PxgRetVal":{"DisplayName":"KEA - Isolation ON","PRTS_TASK_CREATION_DATE":{"type":"datetime","value":"2022-02-10T13:57:34Z"},"TASKID_PRODUCT_NAME":"1093","TASKID_VERSION":"1.0.0.0","TASK_NAME":"Remote Installation","TASK_UNIQUE_ID":"1326"}} Run task Run remote installation task. Start specified task. Tasks::RunTask curl -L -X POST "https://127.0.0.1:13299/api/v1.0/Tasks.RunTask" -H "X-KSC-Session: nGPT3zYhYOveOJ9qnbRAjpQ==" -H "Content-Type: application/json" --data-raw "{ \"strTask\":\"1326\" # From NWC-web-cosnole ksc }" Update Task Get Data Task Acquire task settings. Tasks::GetTaskData GetData Task curl -L -X POST "https://localhost:13299/api/v1.0/Tasks.RunTask" -H "X-KSC-Session: nGPT3zYhYOveOJ9qnbRAjpQ==" -H "Content-Type: application/json" --data-raw "{ \"strTask\":\"1326\" }" Response all parameters and some of them we must use in next request. Modify task settings. Tasks::UpdateTask Update Task POST /api/v1.0/Tasks.UpdateTask HTTP/1.1 Host: localhost:13299 X-KSC-Session: n8quj71CtoWbYijcBHY6FvA== Content-Type: application/json Content-Length: 3477 { "strTask":"1338", "pData":{ "TASKID_COMPONENT_NAME":"87", "TASKID_PRODUCT_NAME":"1093", "TASKID_VERSION":"1.0.0.0", "TASK_NAME":"Remote Installation", "TASKSCH_TYPE":0, "TASK_ADDITIONAL_PARAMS":{"type":"params","value":{"KLNAG_TASK_REMOTE_INSTALL_ACCOUNT":"","KLNAG_TASK_REMOTE_INSTALL_ACCOUNT_PSWD":{"type":"binary","value":""},"KLSRV_COUPLED_NAGT_TSID":"9066e3c9-c709-434f-9196-88dcf4c70c23","KLTSK_RI_CHECK_OS":true,"KLTSK_RI_GROUP_TO_MOVE_HOST":-1,"KLTSK_RI_MAX_DOWNLOADS":5,"KLTSK_RI_MGD_BY_OTHER_SERVER":0,"KLTSK_RI_PACKAGES_GUIDS":["e71217d1-4a96-462c-a56a-6112bdc5369b:65"],"KLTSK_RI_PACKAGES_IDS":[65],"KLTSK_RI_ROOT":{"type":"binary","value":""},"KLTSK_RI_SKIP_PRESENT_PRODS":true,"KLTSK_RI_TMP_FOLDER":"","KLTSK_RI_USE_NAGENT":true,"KLTSK_RI_USE_SHARE":true,"KLTSK_RI_USE_SHARE_SRV":true,"KLTSK_RI_USE_SHARE_UA":false,"MaxTryCount":3,"UseGPO":false,"klprts-TaskAccountUser":"","klprts-TaskAccounts":[],"klprts-TaskMaxRunningTime":7200000,"klprts-TaskStorageId":"dd64d20d-c529-4d47-a854-38c1c2c77a77"}}, "PRTS_TASK_GROUPID":-1, ".HstQueryId":0, "TASK_INFO_PARAMS":{"type":"params","value":{"DisplayName":"KEA - Isolation ON for specific host","HostList":[{"type":"params","value":{"HostDispName":"WIN10-KES-11OLD","HostName":"6294f978-292d-4b5f-aa57-bb429147687b","Preliminary":false}},{"type":"params","value":{"HostDispName":"ATM-01","HostName":"ba973373-8120-47a0-9989-686cba2430af","Preliminary":false}}],"KLEVP_NOTIFICATION_DESCR_ID":"9b84b28a-e47b-4120-8147-bb67fef681ea","KLPRSS_EVPNotifications":{"type":"params","value":{"ERR":[{"type":"params","value":{"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}}],"INF":[{"type":"params","value":{"KLEVP_ND_BODY_FILTER":{"type":"params","value":{"KLPRCI_newState":2}},"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}},{"type":"params","value":{"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLEVP_GroupTaskSyncState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}},{"type":"params","value":{"KLEVP_ND_BODY_FILTER":{"type":"params","value":{"KLPRCI_newState":4}},"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}},{"type":"params","value":{"KLEVP_ND_BODY_FILTER":{"type":"params","value":{"KLPRCI_newState":1}},"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}}],"WRN":[{"type":"params","value":{"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}}]}},"KLSRV_PRTS_TASK_ENABLED_FLAG":true,"KLTSK_ALLOW_AUTO_RANDOMIZATION":true,"PRTS_TASK_CREATION_DATE":{"type":"datetime","value":"2022-02-15T11:40:43Z"},"PRTS_TASK_GROUPID":-1,"PRTS_TASK_TARGET_COMPUTERS_TYPE":0,"klprts-DontApplyToSlaveServers":true,"klprts-TaskMaxRunningTime":7200000,"klprts-TaskScheduleSubtype":256,"klprts-TaskScheduleSubtypeEx":0}} } } Change values for HostList and enter specific host. For example: "HostList":[{"type":"params","value":{"HostDispName":"WIN10-KES-11OLD","HostName":"6294f978-292d-4b5f-aa57-bb429147687b","Preliminary":false}},{"type":"params","value":{"HostDispName":"ATM-01","HostName":"ba973373-8120-47a0-9989-686cba2430af","Preliminary":false}}] { "strTask":"1338", "pData":{ "TASKID_COMPONENT_NAME":"87", "TASKID_PRODUCT_NAME":"1093", "TASKID_VERSION":"1.0.0.0", "TASK_NAME":"Remote Installation", "TASKSCH_TYPE":0, "TASK_ADDITIONAL_PARAMS":{"type":"params","value":{"KLNAG_TASK_REMOTE_INSTALL_ACCOUNT":"","KLNAG_TASK_REMOTE_INSTALL_ACCOUNT_PSWD":{"type":"binary","value":""},"KLSRV_COUPLED_NAGT_TSID":"9066e3c9-c709-434f-9196-88dcf4c70c23","KLTSK_RI_CHECK_OS":true,"KLTSK_RI_GROUP_TO_MOVE_HOST":-1,"KLTSK_RI_MAX_DOWNLOADS":5,"KLTSK_RI_MGD_BY_OTHER_SERVER":0,"KLTSK_RI_PACKAGES_GUIDS":["e71217d1-4a96-462c-a56a-6112bdc5369b:65"],"KLTSK_RI_PACKAGES_IDS":[65],"KLTSK_RI_ROOT":{"type":"binary","value":""},"KLTSK_RI_SKIP_PRESENT_PRODS":true,"KLTSK_RI_TMP_FOLDER":"","KLTSK_RI_USE_NAGENT":true,"KLTSK_RI_USE_SHARE":true,"KLTSK_RI_USE_SHARE_SRV":true,"KLTSK_RI_USE_SHARE_UA":false,"MaxTryCount":3,"UseGPO":false,"klprts-TaskAccountUser":"","klprts-TaskAccounts":[],"klprts-TaskMaxRunningTime":7200000,"klprts-TaskStorageId":"dd64d20d-c529-4d47-a854-38c1c2c77a77"}}, "PRTS_TASK_GROUPID":-1, ".HstQueryId":0, "TASK_INFO_PARAMS":{"type":"params","value":{"DisplayName":"KEA - Isolation ON for specific host","HostList":[{"type":"params","value":{"HostDispName":"WIN10-KES-11OLD","HostName":"6294f978-292d-4b5f-aa57-bb429147687b","Preliminary":false}},{"type":"params","value":{"HostDispName":"ATM-01","HostName":"ba973373-8120-47a0-9989-686cba2430af","Preliminary":false}}],"KLEVP_NOTIFICATION_DESCR_ID":"9b84b28a-e47b-4120-8147-bb67fef681ea","KLPRSS_EVPNotifications":{"type":"params","value":{"ERR":[{"type":"params","value":{"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}}],"INF":[{"type":"params","value":{"KLEVP_ND_BODY_FILTER":{"type":"params","value":{"KLPRCI_newState":2}},"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}},{"type":"params","value":{"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLEVP_GroupTaskSyncState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}},{"type":"params","value":{"KLEVP_ND_BODY_FILTER":{"type":"params","value":{"KLPRCI_newState":4}},"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}},{"type":"params","value":{"KLEVP_ND_BODY_FILTER":{"type":"params","value":{"KLPRCI_newState":1}},"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}}],"WRN":[{"type":"params","value":{"KLEVP_ND_DAYS_TO_STORE_EVENT":7,"KLEVP_ND_EVETN_TYPE":"KLPRCI_TaskState","KLEVP_ND_STORE_AT_CLIENT_LOG":false,"KLEVP_ND_STORE_AT_CLIENT_PRES":false,"KLEVP_ND_STORE_AT_SERVER_LOG":false}}]}},"KLSRV_PRTS_TASK_ENABLED_FLAG":true,"KLTSK_ALLOW_AUTO_RANDOMIZATION":true,"PRTS_TASK_CREATION_DATE":{"type":"datetime","value":"2022-02-15T11:40:43Z"},"PRTS_TASK_GROUPID":-1,"PRTS_TASK_TARGET_COMPUTERS_TYPE":0,"klprts-DontApplyToSlaveServers":true,"klprts-TaskMaxRunningTime":7200000,"klprts-TaskScheduleSubtype":256,"klprts-TaskScheduleSubtypeEx":0}} } } Run Task Host Events Create event processing iterator with filter (EventProcessingFactory::CreateEventProcessing2 ) pFilter (params) object containing values for attributes to filter events. Only events with matching attribute values will be returned. If empty all events will be returned. See List of event filter attributes for attribute names. "GNRL_EA_SEVERITY" paramInt Event severity. May have the following values: 0 - Constant to be used as invalid event severity value 1 - Severity "Information" 2 - Severity "Warning" 3 - Severity "Error" 4 - Severity "Critical" vecFieldsToReturn (array) array of attribute names to return. See List of event attributes for attribute names #host id - FindHost EventProcessingFactory::CreateEventProcessing2) POST /api/v1.0/EventProcessingFactory.CreateEventProcessing2 HTTP/1.1 Host: localhost:13299 X-KSC-Session: nvLZ4Hwi5VAL7XIiMwPaxPw== Content-Type: application/json Content-Length: 440 { "pFilter": { "KLEVP_EVENT_HOST":"a537ddc0-b84b-488a-993c-9f76e62036e9", #host id "GNRL_EA_SEVERITY":4 #Critical Event }, "vecFieldsToReturn": [ "GNRL_EA_SEVERITY", "event_db_id", "rise_time", "hostname", "event_type", "event_type_display_name", "GNRL_EA_DESCRIPTION", "group_id", "group_name" ], "vecFieldsToOrder": [], "lifetimeSec": 1000 } Response ID Response {"strIteratorId":"A07B69A5347CF435DB66C0FA826371FF"} Get result from Response data ( ReportManager::GetStatisticsData) : EventProcessing::GetRecordRange curl --location --request POST 'https://localhost:13299/api/v1.0/EventProcessing.GetRecordRange' --header 'X-KSC-Session: nT0T9KvkIKlgHGGaZ60j38Q==' --header 'Content-Type: application/json' --data-raw '{ "strIteratorId":"A07B69A5347CF435DB66C0FA826371FF", "nStart": 0, "nEnd": 100 }' Response critical events: Response {"pParamsEvents":{"KLEVP_EVENT_RANGE_ARRAY":[{"type":"params","value":{"GNRL_EA_DESCRIPTION":"Event type: KSN servers unavailable\r\nName: avp.exe\r\nApplication path: C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Endpoint Security for Windows\r\nProcess ID: 18446744073709551615\r\nUser: SALES\\markovets (Active user)\r\nComponent: Protection","GNRL_EA_SEVERITY":4,"event_db_id":{"type":"long","value":119829},"event_type":"000007e7","event_type_display_name":"KSN servers unavailable","group_id":5,"group_name":"KEDR-O","hostname":"a537ddc0-b84b-488a-993c-9f76e62036e9","rise_time":{"type":"datetime","value":"2022-03-04T09:10:44Z"}}},{"type":"params","value":{"GNRL_EA_DESCRIPTION":"Event type: KSN servers unavailable\r\nName: avp.exe\r\nApplication path: C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Endpoint Security for Windows\r\nProcess ID: 18446744073709551615\r\nUser: SALES\\markovets (Active user)\r\nComponent: Protection","GNRL_EA_SEVERITY":4,"event_db_id":{"type":"long","value":119818},"event_type":"000007e7","event_type_display_name":"KSN servers unavailable","group_id":5,"group_name":"KEDR-O","hostname":"a537ddc0-b84b-488a-993c-9f76e62036e9","rise_time":{"type":"datetime","value":"2022-03-04T09:05:34Z"}}},{"type":"params","value":{"GNRL_EA_DESCRIPTION":"Event type: KSN servers unavailable\r\nName: avp.exe\r\nApplication path: C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Endpoint Security for Windows\r\nProcess ID: 18446744073709551615\r\nUser: SALES\\markovets (Active user)\r\nComponent: Protection","GNRL_EA_SEVERITY":4,"event_db_id":{"type":"long","value":119807},"event_type":"000007e7","event_type_display_name":"KSN servers unavailable","group_id":5,"group_name":"KEDR-O","hostname":"a537ddc0-b84b-488a-993c-9f76e62036e9","rise_time":{"type":"datetime",........ Close Session to KSC (Session::EndSession) : Session::EndSession curl --location --request POST 'https://127.0.0.1:13299/api/v1.0/Session.EndSession' --header 'X-KSC-Session: nsPbUpP1oAVZlM1lODEbg8A==' #PxgRetVal from Session.StartSession

Problem Description Unexpectedly it can be observed that KSV AL 6.1 starts to be unavailable in Kaspersky Security Center as shown on the screenshot. Root cause The most probable cause of this issue is expired Kaspersky Security Certificate and new generated one is not transferred to KSV AL 6.1. KSV AL 6.1 does not have functionality to automatically update certificate from Kaspersky Security Center. Workaround The script klmover should be launched on KSV AL 6.1 to reconnect to the Kaspersky Security Center. This script performs some steps, including a certificate update. The script resides in /opt/kaspersky/klnagent64/bin.

You may have purchased both the KATA and KWTS(Kaspersky Web Traffic Security) products. Since KWTS has built-in KATA integration, you may want to integrate KATA and KWTS. Problems after integration Shortly after integration you may notice that on KWTS side, there is an error about sending objects to KATA, and dashboards look similar to this: Resolution Prerequisite for successful integration with KWTS is KATA version 3.6.1.752 or higher. KATA side To clean tasks, stuck in 'processing' state, do the following: 1) Find out KWTS ID: sudo -u kluser psql antiapt -c "select id, sensor_type, sensor_name, ip from lms.client;" On KATA4: docker exec -it `docker ps | grep kedr_database| awk '{print $1}'` psql -U kluser antiapt -c "select id, sensor_type, sensor_name, ip from lms.client;" Name and IP of KWTS will be the same as in Administrator Web UI, External Systems section. Then, clean up tasks that may be stuck in 'processing state': sudo -u kluser psql antiapt -c "update lms.task set state = 'error', has_error = True where client_id = <KWTS ID> and state = 'processing' and update_time < now() - interval '1 hour';" On KATA4: docker exec -it `docker ps | grep kedr_database| awk '{print $1}'` psql -U kluser antiapt -c "update lms.task set state = 'error', has_error = True where client_id = <KWTS ID> and state = 'processing' and update_time < now() - interval '1 hour';" This command is safe to execute, it will do no harm even if there are no stuck tasks. To view all active tasks from KSMG/KLMS/KWTS/Other external systems without modifying their states, run the command: docker exec -it `docker ps | grep kedr_database| awk '{print $1}'` psql -U kluser antiapt -c "select count(*) from lms.task where client_id=<KSMG ID>;" The two commands above can be used to remove tasks stuck in processing from other types of external systems as well. KWTS side On KWTS side, it is important to exclude certain type of objects from being scanned in KATA: In file /var/opt/kaspersky/kwts/kata-filters.json remove the lines, containing keywords: ArchiveGzip ArchiveCab ExecutableJs After applying changes, restart kwts service: systemctl restarts kwts After these changes, KWTS and KATA integration is expected to work normally further on.

Please use caution when following the steps. This article is applicable to KATA 3.7.2 and KATA 4.0/4.1 In KATA 3.7, EDR stack is based on microservice architecture, it utilizes Docker Swarm. Containers have their own internal networking, which may cause issues in infrastructure, if the same networks are already used. Docker uses 4 different networks: Name Subnet bridge 172.16.0.0/16 OR 172.17.0.0/16 (depending on KATA version) docker_gwbridge 172.18.0.0/16 ingress 10.255.0.0./16 kataedr_main_1_kata_network 10.0.0.0/16 This article describes the way to change Docker network settings. You should select networks that are not used in the infrastructure, to avoid issues with routing. In most cases, there're overlaps with bridge and docker_gwbridge networks, and changing these networks' subnets resolves the issues. Step-by-step guide Change bridge and docker_gwbridge address pools All the steps must be performed as root. Networks 172.26.0.0 and 172.24.0.0 are used as an example. Default addresses for these networks are 172.16.0.0/16 and 172.18.0.0/16. Obviously, the subnets you select as replacements must not overlap. Create file /etc/docker/daemon.json with the following content: KATA 3.7: { "bip": "172.26.0.1/16" } KATA 4.0: { "shutdown-timeout": 200, "bip": "172.26.0.1/16" } Confirm the config validity (there should be no errors in the output of the following command): cat /etc/docker/daemon.json | python -m json.tool Restart docker: systemctl restart docker If docker isn't able to start after subnets' change, change, to find the cause check tail -n 100 /var/log/dockerd.log If you see a line "failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Pool overlaps with other one on this address space" This indicates the subnet you have selected for bridge is already occupied, you need to select the one that is available. Disconnect the node from Swarm: docker node ls --format {{.ID}} | xargs docker node update --availability drain Ensure all containers are down (there should be no entries in the list of running containers): watch docker ps Run this command and wait until the list of containers is empty, then exit it with CTRL+C Remove docker_gwbridge: docker network disconnect -f docker_gwbridge gateway_ingress-sbox docker network rm docker_gwbridge Create new docker_gwbridge with new network settings: SUBNET=172.24.0.0/20 GATEWAY=172.24.0.1 docker network create \ --subnet=${SUBNET} \ --gateway ${GATEWAY} \ -o com.docker.network.bridge.enable_icc=false \ -o com.docker.network.bridge.name=docker_gwbridge \ docker_gwbridge Connect the node back to Swarm: docker node ls --format {{.ID}} | xargs docker node update --availability active Restart docker: systemctl restart docker Validate your success (command should complete successfully): apt-kafka-util list-topics Change ingress network subnet Sometimes 10.255.0.0/16 subnet is used for KATA CN. This might cause problems as this subnet overlaps with docker's ingress network. To change its settings, modify the script /bin/apt-init-docker-stack: locate and change the constants: INGRESS_SUBNET = '10.255.0.0/16' INGRESS_GATEWAY = '10.255.0.1' Save your changes and run apt-sedr-reset.

@MirceaForce A family member encountered this problem, I uninstalled the preview Windows update … problem fixed.