Search the Community

My company wants to avoid exposing data to the public internet, so we prefer to deploy the KSC server on the internal network. However, to obtain the latest updates, we plan to deploy another Kaspersky Update Utility server on the external network as an update server. I have enabled the FTP service on the external Kaspersky Update Utility server, with the shared folder set as "Updates folder," and FileZilla has verified it as accessible. In the internal KSC web console, I configured the task as shown in Figure 3 and set up the update source, but it still failed. Is it because some files were not downloaded in the Kaspersky Update Utility? Or is the FTP configuration incorrect? Or are there other issues?

Hello, I am writing to report a malicious sample currently circulating in pirated game distribution channels. It masquerades as the legitimate libEGL.dll file but contains a cryptocurrency miner. Currently, it has a very low detection rate on VirusTotal (detected only by Huorong and Rising), and it bypasses most major AV engines. Technical Details: Malicious File: libEGL.dll File Size: Approximately 525 KB (Note: Legitimate versions are typically around 377 KB). SHA256: 8bacb2082eb37fd7aed5bb6a7fc766d9937d9f3ed926ae82420d37af754a216c Behavioral Analysis: File Dropping: Creates a directory at: C:\Users\%USERNAME%\AppData\Local\syscacheapp. Drops a large executable named cacheapp64.exe (approx. 750 MB). Characteristics of dropped file: Compiled with GCC/MinGW, extremely high entropy (packed/obfuscated), accompanied by numerous fake DLLs. Persistence: Achieves auto-start by modifying the Registry: Key: HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell Distribution & Context: Vector: Confirmed presence in unauthorized/pirated releases of games (specifically those using RPGMaker or TyranoScript engines). Sources: Widely distributed via major sharing communities such as anime-sharing, hentai-share, and ggbases. Origin: The widespread nature suggests a potential "supply chain" poisoning within the upper-level crack/distribution groups. Sample Download: Link: [ https://files.catbox.moe/jmn65o.7z ] Password: 123 Archive Structure: 1.7z contains libEGL.7z (The malware sample) and Attachment.7z (Screenshots and structural analysis). Please analyze this sample and update the database. Thank you. https://metadefender.com/results/file/bzI1MTIyOHM0RHlFWkdCazQ4emVMdGdZM2w https://www.virustotal.com/gui/file/021b7a9269bc251e66c4de170c7e81e7e9df482c386c84b7db6e86e986dcda10 https://www.virustotal.com/gui/file/8bacb2082eb37fd7aed5bb6a7fc766d9937d9f3ed926ae82420d37af754a216c https://forum.kaspersky.com/topic/游戏libegldll存在挖矿病毒-57734/

We've been experiencing the same critical issue for almost a month, during this period you managed to fix it and broke it back again with the latest update, it's affecting multiple users, devices, networks and platforms. Support keep asking for the same, switch networks, try other locations, send screenshots of the same behavior, at this point all the info you're gathering for users don't move the investigation forward and only delay escalation. This issue is reproducible, affects all sites and services, affects multiple platform and has been ongoing for weeks. That clearly indicates a backend / infrastructure / core client issue not a configuration mistake. We respectfully ask Kaspersky to: Acknowledge the incident publicly, an provide with a timeline for a fix or a temporary workaround or at least an official status update. Many of us rely on this service daily and right now is unusable. We are asking for transparency, escalation an a real resolution.

Hello @DigitFish, Welcome! Please share the *full* Win11 25H2 *version & build* information, in Windows *Search* type WINVER, open the WINVER app, post back the information shown in the WINVER popup please? In the troubleshooting & problem determination/steps to resolve - has the computer ever been SHUTDOWN - using the *Shutdown* option - not Restart, a time delay of at least five minutes - then the computer restarted by pressing the power button ON & logging in? For *our* clarity, when (you) say: "Actually when I use Kaspersky Internet Security, sometimes this problem appeared. " - does that mean the red-icon issue pre-existed the install of Kaspersky Standard? Has Kaspersky Standard been fully *uninstalled* using Windows - Add & remove programs, the computer shutdown, using SHUTDOWN - not Restart, powered ON by pressed the power button, logged into & a *new* Kaspersky Standard downloaded & installed from (your) MyKaspersky account? IF 'no', please do this procedure, after installing the *new* Kaspersky Standard, make sure: The Kaspersky Standard is signed into so it synchronises with (your) MyKaspersky account. A Full scan is run. Run a manual Database update -> -> when these steps are complete - shutdown the computer *again*, using SHUTDOWN - not Restart, then power ON by pressed the power button, login, recheck the red-icon? IF the red-icon persists OR returns within the next 48hours & is not related to an app or module-update, log a support request, on the Kaspersky Customer Service page: https://support.kaspersky.com/b2c/global#contacts, select Email & fill in the template as shown; provide a *detailed-history* *Note: do not select the AI-bot to log the case* Please share the outcome with the Community, when it's available? Thank you🙏 Flood🐳+🐋

Hallo . Vor kurzen musste ich meine Windows 21H2 auf 25H2 Version aktualisieren . Dafür musste ich in BIOS TPM2.0 aktivieren . Aktualisierung hat gut geklappt . Aber, so lange ich Kaspersky installiere kommen ständige PC Abstürze wenn Windows neu Update bekommt und versucht die zu installieren . Selbst abschalten vom Antivirusschutz hilft nicht . Nur wenn Kaspersky vollständig deinstalliert wird kann man in Ruhe kommende Update installieren und darnach wieder Kaspersky drauf machen . Dabei kommt von Antivirus die Meldung, das nicht alle Optionen jetzt bei Kaspersky genutzt werden können . Kann mir jemand dabei helfen ?

I read some threads about notifications and disabled ALL of them in the Kaspersky settings but problem still exists I am using Kaspersky Basic for one or two years and was happy about seeing nearly no notifications but this has changed some months ago by a Kaspersky update maybe and has become quite annoying, many times I get this kind of notifications which I do not need see the picture attached just using programs I trust and use for many years making a software report, searching for duplicate files and many other things and nearly always Kaspersky thinks that it must warn me but it just disturbs me. Even worse that I have to use a rather low screen resolution because of my old eyes so I often cannot close these windows even after changing to a higher resolution see the picture again, no OK, no ESC, no close button, I just have to wait if these Kaspersky windows close, sometimes they do, sometimes not, I even cannot stop the programs Kaspersky warns me about in these situations using Task Manager or System Informer etc. So is there a way to disable this kind of notifications completely ? I would be very happy about this

How to know the exact version in the control panel, it shows 19.0.0.1088. As far as I know, it's KSOS 6 I will try to update now then I will let you know

Hola, Adicionalmente, parece ser que están realizando cambios en la VPN, algunos clientes han recibido esta notificación: Important information about your Kaspersky VPN Dear customer, We’d like to inform you that we’re currently transitioning Kaspersky VPN to a new infrastructure to ensure a smooth and reliable experience for all our users. During this short transition period, some temporary issues may occur. These issues may affect users of Kaspersky VPN Secure Connection, Kaspersky Plus, and Kaspersky Premium. We’re doing our best to resolve everything as quickly as possible. Most users will receive the required update automatically. However, if you are facing any issues, please update the app to the latest version on all your devices. You can download the newest version here: Update We apologize for any inconvenience caused and are working hard to resolve it, The Kaspersky Team Saludos

Hi nonanche9200, Please understand that this is a problem at Kaspersky's end caused entirely by an external service migration i.e the integration of PureVPN's services into Kaspersky VPN's architecture. No amount of tinkering with your systems configuration will fix the issue as there is likely nothing wrong with you system's configuration. You should have received a notification about this via email, but if not I have pasted it below for you. The only thing to do is to return your configuration settings back to where they were and ... wait. It has been 7 days for me now, but it is better each day. You may wish to lodge a support ticket as this will give Kaspersky information on how widespread the issue is and what kind of problems are most common amongst users. * The error message you posted: "error ID 4311 NetBt it says : "Initialization failed because the device driver could not be created." is a Windows message about its native networking component (NetBT) failing to initialize because of a virtual network adapter that is being created and destroyed repeatedly. This is almost certainly the Kaspersky VPN WG Nt Adapter getting stuck in a loop creating a virtual adapter, failing, aborting, and repeating and perhaps failing to clean up perfectly, leaving ghost entries or creating new ones each time. This is why you have 173 (or more now) new Local Area Connection connections. Again there is nothing wrong at your end and you can't fix it, it would be like taking your car to a mechanic because a major road has been blocked by an earth slide. * The 256 DNS errors you've had in the last 24 hours are also related to the Kaspersky VPN issues, you can't change this either. Open a command prompt and type in: ping 1.1.1.1 <Enter> and ping 8.8.8.8 <Enter> You should get normal round trip times of around 10 to 80 ms or so. This will show there is nothing wrong with your DNS settings or the Cloudfare and Google DNS servers. I hope this helps. Ironically I had to type this out twice because when I posted it the first time the VPN cut out! 🙄 Important information about your Kaspersky VPN Dear customer, We’d like to inform you that we’re currently transitioning Kaspersky VPN to a new infrastructure to ensure a smooth and reliable experience for all our users. During this short transition period, some temporary issues may occur. These issues may affect users of Kaspersky VPN Secure Connection, Kaspersky Plus, and Kaspersky Premium. We’re doing our best to resolve everything as quickly as possible. Most users will receive the required update automatically. However, if you are facing any issues, please update the app to the latest version on all your devices. You can download the newest version here: Update We apologize for any inconvenience caused and are working hard to resolve it, The Kaspersky Team

I want to configure a KSC as an update server on the external network and a KSC as a functional server on the internal network to distribute agents. After completing the initial setup, I found in the help documentation that I need to configure it in "General," but I couldn’t find the "General" section—where is it? Additionally, I've granted myself all roles，why are the "Infrastructure" and "Console Settings" options grayed out? Currently, the only account I can log in with is the local account using the local machine password—what are the passwords for the other accounts?

I've install a Kaspersky Endpoint Security for Linux 12.2 on a Ubuntu 22.04 LTS. The network agent 15.1 was installed too. I have a KSC 15.1 on Windows. We already But the protection seems to be stopped and the policy that I've created is not appliyng. The thing that called my attention is: "Application license information: Inconsistent udpate" /opt/kaspersky/kesl/bin/kesl-control --app-info Name: Kaspersky Endpoint Security 12.2 for Linux Version: 12.2.0.2412 Policy: Not applied Application license information: Inconsistent update

I bought two years of Kaspersky Internet Security, I entered the activation code and unfortunately every week I find myself with the update changing the version to Kaspersky standard. How can I prevent this?

Hello, I cannot update my AV database. I'm from Myanmar and I'm trying the premium trial to see whether its' AV and VPN works properly. I tried with both my home wifi and my data hotspot. It always stopped at 8%. I have attached screeshots. the vpn is also not working, stuck at introduction page. 😞 Operating system: Windows10 V22H2 (OS Build 19045.5854)

Es scheint wirklich wieder zu funktionieren mit dem neuen Update.

Gibt es irgendwelche Möglichkeit, nach diesem neuem Update, das VPN zu erstellen, ohne den Standort mitzuteilen?

Hallo zusammen, ich spiele derzeit wieder mal Call of Duty MW3. Um das Spielerlebnis zu verbessern nutze ich einen legalen FoV Changer (Field of View), der mein Sichtfeld erweitert (herauszoomt). Dieses Programm hooked sich in das Game ein und modifziert es, indem es wohl einen Wert für eben den FoV ändert. Kaspersky hat, bevor ich den FoV Changer zu den Ausnahmen hinzugefügt habe, regelmäßig mein Game gecrashed (als Info, falles das relevant ist). Jetzt aber crashed mein Spiel, weil Kaspersky irgendwelche Trojaner erkannt haben möchte. Dieser soll sich in der "Update.exe" (siehe Log) befinden. Es gibt in diesem besagten Ordner keine exe, die so heißt. Ich bin völlig planlos. (ein schön von mir formatiertes Log bzw. Bild davon hängt an - ihr braucht drei Bildschirme um alles zu lesen...) Was mir zu diesem Zusammenhang noch einfällt: Ich war vor ein paar Wochen in einer Lobby als plötzlich mein Game mit einer sehr seltsamen, vom Gamedeveloper wohl eincodierte Fehlermeldung, gecrashed ist. Im Anschluss musste ich meinen Rank resetten und alles (Fortschritt, Waffen, Rang etc.) war weg. Im nachhinein habe ich mich in einer anderen Lobby darüber beschwert und es antwortete jemand an, der sagt er könne mir alles wieder zurückgeben (Items, Waffen etc.) und ich solle ein paar Sekunden warten. Dann erscheint "Rank up" auf meinem BIldschirm und siehe da, es ist alles wieder da (ich habe wohl einen full-unlock von einem Fremden bekommen). Das Game ist wohl so dermaßen löchrig, dass jeder etwas mit meinem Game anstellen kann (es ist peer to peer hosted; keine dedizierten Server) und jetzt frage ich mich, ob ich mir darüber irgendwelche Viren, Trojaner, Malware eingefangen habe. Ich habe bereits die Kaspersky Rescue Disk über mein System laufen lassen - nichts. Außerdem habe ich die Game files über Steam verifizieren lassen. "All 453 files successfully validated". Wenn was fehlt, steht da normalerweise noch wieviel heruntergeladen wurde, oder? Windows 10 Home Version 2009 Kaspersky Plus 21.20 (laut log) Log ist angehängt Vielen Dank für eure Hilfe 🙂 Tom Auszug aus Log, weil die Screenshots ganz mies sind: 13 May 2025 19:34:03 Schädliches Objekt gefunden Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Gefunden: PDM:Trojan.Win32.Generic Gefunden PDM:Trojan.Win32.Generic Trojaner Hoch Genau Update.exe Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 Prozess Verhaltensanalyse 13 May 2025 19:34:03 Prozess beendet Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Beendet: PDM:Trojan.Win32.Generic Beendet PDM:Trojan.Win32.Generic Trojaner Hoch Genau Update.exe Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 Prozess 13 May 2025 19:34:04 Eine Backup-Kopie des Objekts wurde angelegt Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Backup-Kopie angelegt: PDM:Trojan.Win32.Generic Backup-Kopie angelegt PDM:Trojan.Win32.Generic Trojaner Hoch Genau Update.exe Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 Prozess 13 May 2025 19:34:27 Objekt gelöscht Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Gelöscht: PDM:Trojan.Win32.Generic Gelöscht PDM:Trojan.Win32.Generic Trojaner Hoch Genau Update.exe Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 Prozess 13 May 2025 19:35:00 Eine Backup-Kopie des Objekts wurde angelegt Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Backup-Kopie angelegt: PDM:Trojan.Win32.Generic Backup-Kopie angelegt PDM:Trojan.Win32.Generic Trojaner Hoch Genau startup.vbs startup.vbs C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Prozess 13 May 2025 19:35:20 Schädliches Objekt gefunden Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Gefunden: PDM:Trojan.Win32.Generic Gefunden PDM:Trojan.Win32.Generic Trojaner Hoch Genau Update.exe Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 Prozess Verhaltensanalyse 13 May 2025 19:35:20 Prozess beendet Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Beendet: PDM:Trojan.Win32.Generic Beendet PDM:Trojan.Win32.Generic Trojaner Hoch Genau Update.exe Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 Prozess 13 May 2025 19:35:21 Objekt gelöscht Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Gelöscht: PDM:Trojan.Win32.Generic Gelöscht PDM:Trojan.Win32.Generic Trojaner Hoch Genau Update.exe Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 Prozess 13 May 2025 19:35:20 Objekt wird beim Neustart gelöscht Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Wird beim Neustart gelöscht Wird beim Neustart gelöscht Trojaner Informativ Genau startup.vbs startup.vbs C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Datei 13 May 2025 19:35:20 Rollback ausgeführt Node.js JavaScript Runtime Update.exe C:\Steam\steamapps\common\Call of Duty Modern Warfare 3 8644 PC Initiator Rollback von Programmaktionen: PDM:Trojan.Win32.Generic Rollback von Programmaktionen PDM:Trojan.Win32.Generic Trojaner Hoch Genau update.exe update.exe c:\steam\steamapps\common\call of duty modern warfare 3 Prozess

I have a Primium Licence not a Standard - how to get updates for premium version or is this update for premium also? - I'm wondering about namings tthe change often, but are not clearly understandable in practice

I have reinstalled via the link in the red "update to the latest version" box at the top of the page and it has installed the same version (21.23.6.614-2)

You can install this below version Kaspersky VPN Latest Version This version also solves many issues related to Kaspersky VPN , you can give a try and share the update with us.

Hallo, in 14 Tagen läuft meine Lizenz aus und ich möchte updaten. Wenn ich auf "Verlängern" tippe, werden mir für diese Version 35 € angezeigt. gehe ich auf die Homepage, dann wird dort für 25 € angeboten. So sollte Kaspersky eigentlich nicht mit langjährigen Kunden umgehen. Vorsichtshalber habe ich meine Version zum Laufzeitende gekündigt. Wie soll ich weiter vorgehen, was schlagt Ihr vor?

Здравствуйте. Я бы пошел по такому пути: 1. Создание резервной копии в 14.2 (базу данных не меняем); 2. Обновление поверх до 15.1 (update 2). Необходимо убедиться заранее, что версия MS SQL не ниже 2016 версии и с последним CU; 3. Создание резервной копии в 15.1 со сменой типа СУБД; 4. Удаление MS SQL, переустановка KSC, создание бустой базы в MySQL 5. Восстановление из резервной копии на шаге 3.

Both my Kaspersky Premium and Standard got updated to the latest version and after update it showing in Changelogs that Windows Sleep mode is delayed until a full scan is complete. Does this mean I can't put Windows to sleep unless I do a full scan?

Greetings. Yesterday just before going to sleep i was surprised with a strange Pop-up from Kaspersky, it said my antivirus wasn't activated and that my protection was disabled. It was odd since my signature will last until october. A quick look made me realize that after a update, the antivirus just expelled my activation key and downgraded back to Kaspersky Free. I entered my account and had to manually disconnect my computer so i could install once again in the same computer. I'm wondering if this will be a recurring problem, because most of the time I ignore all the annoying pop-ups of Kaspersky, but luckily this time i paid attention since the colors had change from the ones i used to see. PS: Second problem, if you have time: How do i get hid of all the annoying pop-ups that Kaspersky seems to be throwing at me? I know about the configurations inside the program, but i only have the system ones activated, all the others about promotions and news are disabled, but i still get a lot of irritating pop-ups every now and then, even when I'm in fullscreen. I remember Kaspersky being all quiet in the computer back in the day, but now it seems that more and more irrelevant pop-ups are appearing on the screen.

Hello @User23837, Thank you for update! You've been an incredibly *proactive* user, personally we wish more subscribers were like you - however - you also need to email thru (your) observations - changes - to the support team - so the data can be recorded in (your) incident request; the 'devs' don't have time to do that, and with the complexities of the VPN transition they've barely had time to scratch-their-ar*es*. The current status for the DNS leak, as advised by Kaspersky is "sorry for any delays, still being worked on". We're delighted to read Fastest-server is fixed by the update. Regarding TLS, please submit that to the Kaspersky Customer Service team, they may ask for data; we *know* raising incidents can be a pain but they're essential for Kaspersky's problem management process -> please post back the INC0000? Thank again🙏 Flood🐳+🐋

In certain cases, ‘Install updates and fix vulnerabilities’ task might fail with some error. Below example contains ‘Error verifying file signature’ error but you may use mentioned keywords and overall approach for investigation of other errors met while running ‘Install updates and fix vulnerabilities’ task. Here are some steps to investigate such problems: First of all view list of updates aimed at installation on client. For this purpose in network agent trace file search for ‘Update to install:’ without quotes. You will get results similar to: etc. Some of found updates are skipped by filters so pay attention to skipped updates and to overall number of updates that should be installed. Some updates might already be downloaded to the target system so at the second step identify which update files are already downloaded and which should be downloaded. In network agent trace file search for ‘is already downloaded’ and ‘needs to be downloaded’ without quotes. In our sample traces results are: Match code of update which needs to be downloaded (79ae03df-d6eb-4de2-b59f-37e963d7a69e) with results detected at step 1 and you will see that KB907417 needs to be downloaded. Open MS Update catalog and search for KB907417. In search results click ‘Download’ button and observe window with results: Name of archive containing required update KB907417 is: otkloadr_c87e2fe94dd873224afa65e2af2473ca3e307a37.cab Search for c87e2fe94dd873224afa65e2af2473ca3e307a37.cab in WindowsUpdate.log from client machine. Pay attention to the found lines: Search for otkloadr_c87e2fe94dd873224afa65e2af2473ca3e307a37.cab in administration server trace file to find URL used by administration server to download required update from MS servers: Now once we know the name of problem update you may offer the customer to temporarily exclude KB907417 from update installation task to let other updates to be installed. Then proceed with investigation. On Administration server use web browser to download problem update from the link identified at step 6 and make sure that its signature is valid. It should look like on below screenshots In case if Digital Signatures tab is not present in properties of this file or signature is invalid then try to re-download with disabled AV solution. If this does not help then make sure that no proxy/firewall affect this issue. Verify that MS certificates are up to date on KSC server. In MMC console / Software updates node right click on KB907417 and ‘Delete update files’. Try to launch updates installation task again. On client machine use web browser to download problem update using link identified at step 5. Verify its signature and proceed same way as in step 8. Additionally compare downloaded file with C:\WINDOWS\SoftwareDistribution\Download\48ec39650764ea7a46ebe67ecf3b6f47\OTKLOADR.CAB. Verify diginal signature of OTKLOADR.CAB You may use signtool.exe to verify signature of .cab files on server and client: signtool.exe verify /pa otkloadr_c87e2fe94dd873224afa65e2af2473ca3e307a37.cab The utility signtool.exe goes as part of Windows SDK. It is available at C:\<Path to Windows SDK>\<version>\bin\<build number>\x64\signtool.exe In case if digital signature appears to be correct then use standard recommendations for resetting WUA: net stop wuauserv net stop cryptSvc net stop bits net stop msiserver Rename folders Del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat" net start wuauserv net start cryptSvc net start bits net start msiserver After resetting WUA launch ‘Find updates and critical vulnerabilities’ task. It might fail several times because WUA cache was cleared. So after getting error just re-launch task again. Once 'find updates' task completes successfully launch task to install updates and fix vulnerabilities (problem update should be included in task scope this time). Observe the results.