Jump to content

Search the Community

Showing results for tags 'kes 11.11'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • English Forum
    • Products for Home
    • Products for Business
    • Kaspersky Anti-Ransomware Tool
    • Beta Testing Products for Home & Business
  • Русскоязычный форум
    • Продукты для дома
    • Продукты для бизнеса
    • KasperskyOS, Разработка
    • Kaspersky Anti-Ransomware Tool
    • Бета-тестирование продуктов для дома и бизнеса
  • Deutschsprachiges Benutzer-Forum
    • Für Privatanwender
    • Für Unternehmen
  • Forum para usuarios hispanohablantes
    • Para usuarios particulares
    • Para empresas
  • Forum des Utilisateurs Français
    • Pour particuliers
    • Pour les entreprises
  • Forum in Italiano
    • Utenti privati
    • Aziende
  • Fórum Brasileiro
    • Para casa
    • Para PMES e empresas
  • 中文论坛
    • 家用产品支持
    • 企业产品支持
  • Nederlands Gebruikersforum
    • Voor thuis
    • Voor bedrijven
  • Türkçe Forum
    • Ev için
    • İş için
  • Forum Knowledgebase
    • Instructions
    • Advice and solutions

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 7 results

  1. Dear Forum, I am currently looking into whether it is viable to use Kaspersky Endpoint Security for Linux (KESL) on one of our Linux servers. As I have seen that a (Docker-)containerized solution is available, I started looking into that one first. The REST-API is looking great on paper because of it is looking simple enough to be stable. But unfortunately it does not work for me I therefore have two questions: What am I doing wrong? Does the REST-API indeed not work? Here some information what I have done so far: I have successfully built a local container image for KESL 11.3.0.7441 based on the official downloads. Furthermore I got that running: $ podman run --name kesl-service -it --rm -p 8085:8085 --init -e KRAS4D_PORT=8085 -e KRAS4D_LOGLEVEL='debug' -e KRAS4D_FORCEUPDATE=True -v ./kesl_env/bases:/var/opt/kaspersky/kesl/common/updates localhost/kesl-service:latest unable to open file /root/kesl-service/config/kesl-service.config, use default configuration before apply environments /opt/kaspersky/kesl/shared/init/updates/ --> /var/opt/kaspersky/kesl/common/updates/ startup script code: 0 startup script info: create service dir's update storage.conf klnagent: klnagent.conf not found, klnagent disabled kesl: configure kesl start /opt/kaspersky/kesl/bin/kesl-setup.pl --autoinstall=kesl-setup.conf update av bases. please, wait... update complete with code: 0 Unfortunately the REST API flags basically every file as "CLEAN"; here the output of a REST-API-Request for the EICAR-Test-File: $ curl -H "Content-Type: application/octet-stream" --data-binary "${eicar}" "http://127.0.0.1:8085/scans?wait=1" {"completed":"2023-01-25T12:34:11.986569+00:00","created":"2023-01-25T12:34:10.414443+00:00","progress":100,"scan_result":{"noname":{"started":"2023-01-25T12:34:11+00:00","stopped":"2023-01-25T12:34:11+00:00","verdict":"clean"}},"status":"completed","verdicts":["clean"]} I even used "live" Viruses, of which I knew that Kaspersky would detect. If I copy an EICAR-File to the running Container and scan it, it is properly detected as such: $ podman cp eicar.com kesl-service:/tmp $ podman exec -it kesl-service kesl-control --scan-file /tmp/eicar.com Scanned objects : 1 Total detected objects : 1 Infected objects and other objects : 1 Disinfected objects : 0 Moved to Storage : 1 Removed objects : 1 Not disinfected objects : 0 Scan errors : 0 Password-protected objects : 0 Skipped objects : 0 $ podman exec -it kesl-service kesl-control -B --query ObjectId: 1 FileName : /tmp/eicar.com DangerLevel : High DetectType : Virware DetectName : EICAR-Test-File CompoundObject : No AddTime : 2023-01-25 12:38:21 FileSize : 69 Looking a bit into the Podman log output and the code, I found out, that the REST-API does not use the 'kesl-control --scan-file'-Call directly. DEBUG:main.app:REQUEST: /SCANS GET from 10.0.2.100 force:True DEBUG:main.scan_mgr:re-read scans database DEBUG:main.app:scan_request content-type(application/octet-stream sync-scan(False) DEBUG:main.db_conn:add new scan with guid a60735e2-2c60-4b3c-819b-e3ebc3511186 result: 0 DEBUG:main.control:run command(kesl-control --create-task kras4d_a60735e2_2c60_4b3c_819b_e3ebc3511186_1 --type ODS, timeout=600) DEBUG:main.control:run command(kesl-control --set-set kras4d_a60735e2_2c60_4b3c_819b_e3ebc3511186_1 FirstAction=Skip SecondAction=Skip ScanScope.item_0000.Path=/root/kesl-service/tmp/488dd961-fb50-47ed-9b48-a0eb189813fc , timeout=600) DEBUG:main.kesl-control:start task: <kesl-control --start-task kras4d_a60735e2_2c60_4b3c_819b_e3ebc3511186_1 -W> DEBUG:main.control:run command(kesl-control --delete-task kras4d_a60735e2_2c60_4b3c_819b_e3ebc3511186_1, timeout=600) Thus I have tried to call those logged commands manually, which did work: $ podman exec -it kesl-service kesl-control --create-task kras4d_a60735e3_2c61_4b3d_819c_e3ebc3511187_1 --type ODS The task has been created (task ID: 103) $ podman exec -it kesl-service kesl-control --set-set kras4d_a60735e3_2c61_4b3d_819c_e3ebc3511187_1 FirstAction=Skip SecondAction=Skip ScanScope.item_0000.Path=/tmp/eicar.com $ podman exec -it kesl-service kesl-control --start-task kras4d_a60735e3_2c61_4b3d_819c_e3ebc3511187_1 -W Waiting for events from Event Manager [...] EventType=ThreatDetected EventId=3950 Initiator=Product Date=2023-01-25 13:23:27 DangerLevel=Critical DetectName=EICAR-Test-File DetectType=Virware DetectCertainty=Sure DetectSource=Local FileName=/tmp/eicar.com ObjectName=File TaskId=103 RuntimeTaskId=10 TaskName=kras4d_a60735e3_2c61_4b3d_819c_e3ebc3511187_1 TaskType=ODS ObjectId=1 Md5Hash=69630e4574ec6798239b091cda43dca0 Sha256Hash=131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267 UniqueFileId=b3910f2cb271f9a3d2af2c74aa56a31d56395510daa8b74071255ce9643d1268 AccessUser=root AccessUserId=0 FileOwner=root FileOwnerId=0 FileSize=69 [...] $ podman exec -it kesl-service kesl-control --delete-task kras4d_a60735e3_2c61_4b3d_819c_e3ebc3511187_1 Looking at the event log output for the EICAR-File that has been uploaded through the REST-API, I have found that there has been a successful scan, but not detection. EventType=TaskStateChanged EventId=3928 Initiator=User UserName=root UserId=0 Date=2023-01-25 12:34:00 DangerLevel=Informational TaskName=kras4d_a60735e2_2c60_4b3c_819b_e3ebc3511186_1 SCTaskName=kras4d_a60735e2_2c60_4b3c_819b_e3ebc3511186_1 RuntimeTaskId=7 TaskId=100 TaskState=Started PrevTaskState=Starting TaskType=ODS EventType=TaskStateChanged EventId=3929 Initiator=Product Date=2023-01-25 12:34:00 DangerLevel=Informational TaskName=kras4d_a60735e2_2c60_4b3c_819b_e3ebc3511186_1 SCTaskName=kras4d_a60735e2_2c60_4b3c_819b_e3ebc3511186_1 RuntimeTaskId=7 TaskId=100 TaskState=Stopped PrevTaskState=Started TaskType=ODS I have tinkered a little bit with the included 'application.py' so that a copy of the scanned file would be saved: git diff kesl-service/application.py diff --git a/kesl-service/application.py b/kesl-service/application.py index d1369c4..197d296 100644 --- a/kesl-service/application.py +++ b/kesl-service/application.py @@ -233,6 +233,7 @@ class Application(CommonErrorResponse): except (OSError, ValueError, Exception) as ex: self.log.error(f"unable to create file from octet-stream: {str(ex)}", exc_info=True) return self.make_error(self.ERR_INTERNAL_SERVER_ERROR, str(ex)) + shutil.copy2(path, '/root/') elif content_type.startswith('multipart/form-data'): scan_session['session_info'].update({ 'type' : 'stream', When I compared the saved file with the actual 'eicar.com' that was uploaded, I found, that an additional backslash must have been added somewhere: $ diff <(podman exec -it kesl-service cat /root/1e479f8f-a825-4082-92ca-234bd3072924) <(cat eicar.com) 1c1 < X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* \ No newline at end of file --- > X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* At this point, I became afraid that cURL has done something wrong while uploading; but looking into recorded TCP-Traffic, that has not been the case: # Client POST /scans?wait=1 HTTP/1.1 Host: 127.0.0.1:8085 User-Agent: curl/7.82.0 Accept: */* Content-Type: application/octet-stream Content-Length: 67 X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* # Server HTTP/1.1 200 OK Content-Length: 272 Content-Type: application/json Date: Wed, 25 Jan 2023 14:02:50 GMT Server: waitress {"completed":"2023-01-25T14:02:51.584964+00:00","created":"2023-01-25T14:02:50.129862+00:00","progress":100,"scan_result":{"noname":{"started":"2023-01-25T14:02:51+00:00","stopped":"2023-01-25T14:02:51+00:00","verdict":"clean"}},"status":"completed","verdicts":["clean"]} So apparently, the REST-API is not saving the files properly – at least in my case. Before I deep dive into the Python-Code of the REST-API I was wondering: What I am possibly doing wrong? Whether anyone here is using the KESL Container successfully (Version 11.3)? Is the REST-API still supported/ maintained? Thank you very much for any useful comment on this issue.
  2. I am trying to push the KS for windows server in Huawei Cloud VM (connected via VPN tunnel) but the KSC is not able to search the machine. I manually tried to install the package then too it is not able to find it. The req. ports 13000, 14000 and 15000 are already open. what else do we need that I am missing on?
  3. I want to change the IP address of our KSC, It is 192.168.1.6 I added a new network adapter with new IP address 172.17.30.22 to the KSC VM. Both IP addresses are reachable. I searched the web and found the KLMover tool, but running this command did not change the administration server address. old IP address of KSC was: 192.168.1.6 new IP address of KSC is: 172.17.30.22, but I used DNS address: kaspersky.ourdomain.local , The client can resolve the name and ping the KSC server. Result of klnagchk (before running klmover): Result of klmover: Result of klnagchk (after running klmover): where is the problem?
  4. 🔔 У нас состоялся релиз (Kaspersky Endpoint Security 11 для Windows (версия 11.11.0.452). 🔧 В этой версии мы: — Добавили компонент Анализ журналов и Мониторинг файловых операций для серверов. — Улучшили интерфейс для решения Kaspersky Endpoint Detection and Response Optimum (EDR Optimum). — Добавили другие изменения, о которых вы можете узнать в справке. ❓ Вы можете найти дополнительную информацию в базе знаний и справке. Скачать < Предыдущая версия || Навигатор || Следующая версия >
  5. День добрый. Подскажите. есть лицензии на KES 11 и на серверную версию тоже, будет ли работать на старых ОС Windows XP или Windows 2000? Заранее спасибо
  6. Помогите пожалуйста, не могу понять от каких настроек зависит требование пароля от архива в KES 11.11, все настройки уже посмотрел в KSC, так и не помогло. Уведомления выскакивают каждый день
  7. Kaspersky Security for Windows Server (11.0.1.897) is finishing support. Then, we are changed our servers to Kaspersky Endpoint Security for Windows (11.11.0.452). We find a issue with scan Scheduled Tasks. Kaspersky Security for Windows Server (11.0.1.897) has more granularity, with a frequency of a scan (Hour,Daily,Weekly) and a period that start a task (Every hour,Every daily,every weekly) and can be defined as exactly period that want start a scan task. With Kaspersky Endpoint Security for Windows (11.11.0.452) we can choose only a day o week and hour. I Know that has another options as: Every Montlhy, but in every Montly it´s only possible choose a day of the montly, but not a day of week. For us, is important to can choose a week day to do a scan, because, we have a big disks in several servers, and this tasks take days to finish, and we can avoid to scan in weekend because in weekend runs backups of all ours servers. To support a server product, Kaspersky Endpoint Security for Windows (11.11.0.452) must have a iqual scan schedule task as Kaspersky Security for Windows Server (11.0.1.897) . We want can to define, a day of week to start a scan task, and frequency (every) that task just as it's done with Kaspersky Security for Windows Server (11.0.1.897).
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.