How to configure KEA exclusions required for KEA on AD controllers [Kaspersky Endpoint Agent]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Problem

How to configure KEA exclusions required for KEA installed on AD controllers to prevent its slowdown and high hardware resources consumption.

Step-by-step guide

Add the following registry key to affected AD controller registry:

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\SOYUZ\4.0\Environment]
"EnablePorts"=dword:00000001
"EnableSignatureLevel"=dword:00000001
"ServerProfile"=dword:0000000a

This operation should be done as Local System account (either locally via psexec or via .bat script (attached) deployed via KSC and Network Agent).

Please restart Endpoint Agent service after this change.

This option will make KEA exclude the ports:

Exclusions WinRM Exclution DHCP Exclude DNS Exclude SSDP Exclude mDNS Exclude LLMNR Exclusions RPC/NetBios Exclude LDAP Exclude Kerberos Networking and RabbitMQ Exclude     Delivery Optimization for Windows 10[244] Exclusions Microsoft SQL Server database management system (MSSQL) server Exclusions In Windows Server 2008 (and Windows Vista), the dynamic port range is 49152-65535, for both TCP and UDP.