Jump to content

KES 12.1 built-in agent "Internal data incompatible with this application" license error [KATA/KEDRE]


Recommended Posts

Antipova Anna
Posted

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Problem Description, Symptoms & Impact

When trying to activate KES with valid License for KATA EDR (License contains Licensing object 184), Activation Task results in error "Internal data incompatible with this application".

image.thumb.png.830965c513c698b285a2031c6fbb6f47.png

Cause

The KATA Built-In KES component EDR (KATA) responsible for integration is not installed on target machine.

Diagnostics

  1. In KSC -> Application properties, Endpoint Detection and Response (KATA) component version is listed as <N/A>, "Not installed" may be masked with "Not supported by license".
    image.thumb.png.b26d9f46e464310471d486bde00ba7c4.png
  2. In registry, [HKEY_LOCAL_MACHINE\Software\Wow6432Node\KasperskyLab\\protected\KES.21.13\Installer\features]
    Key "AntiAPTFeature"=dword:00000001 is missing
  3. In logs:
    in *.SRV.log (trace file) line for bundles::BundlesControllerImpl::GetNotInstalledFeatures lists  (1) and 1 is missing from bundles::InstalledFeaturesProvider::InstalledFeaturesProvider line

    09:58:42.239    0x2bf4    INF    bundles    bundles::BundlesControllerImpl::GetNotInstalledFeatures Not installed features (1): 1
    09:54:03.788    0x2050    INF    bundles::InstalledFeaturesProvider::InstalledFeaturesProvider{ 3 (AVScannerAndCoreFeature)  0 (AdminKitConnectorFeature)  24 (AdvancedThreatProtectionFeature)  27 (AmsiFeature)  7 (ApplicationControlFeature)  17 (BehaviorDetectionFeature)  4 (CriticalScanTask)  23 (EssentialThreatProtectionFeature)  11 (ExploitPreventionFeature)  8 (FileThreatProtectionFeature)  19 (FirewallFeature)  5 (FullScanTask)  14 (NetworkThreatProtectionFeature)  12 (RemediationEngineFeature)  25 (SecurityControlsFeature)  18 (UpdaterTask)  22 (WholeProductFeature) }

    in *.SRV.log (trace file) for good machine bundles::InstalledFeaturesProvider::InstalledFeaturesProvider will list  1 (AntiAPTFeature)

    08:14:31.733    0x1e30    INF    bundles::InstalledFeaturesProvider::InstalledFeaturesProvider{ 3 (AVScannerAndCoreFeature)  0 (AdminKitConnectorFeature)  24 (AdvancedThreatProtectionFeature)  1 (AntiAPTFeature)  7 (ApplicationControlFeature)  15 (BadUSBAttackPreventionFeature)  17 (BehaviorDetectionFeature)  4 (CriticalScanTask)  6 (DeviceControlFeature)  23 (EssentialThreatProtectionFeature)  11 (ExploitPreventionFeature)  8 (FileThreatProtectionFeature)  5 (FullScanTask)  16 (MailThreatProtectionFeature)  14 (NetworkThreatProtectionFeature)  12 (RemediationEngineFeature)  25 (SecurityControlsFeature)  18 (UpdaterTask)  21 (WebControlFeature)  20 (WebThreatProtectionFeature)  22 (WholeProductFeature) }

Solution

NB!

EDR Optimum, EDR Expert and EDR (KATA) components are not compatible with each other. Only one can be installed.

  1. Create Change Components Task for affected machines
  2. Execute Task
  3. Verify the component is installed.

How to check that KES 'KATA' component is enabled, up and running

1) Let's check that component is enabled first

In GSI > Registry > HKLM_Software_Wow6432Node_KasperskyLab.reg.txt > [HKEY_LOCAL_MACHINE\Software\Wow6432Node\KasperskyLab\\protected\KES.21.13\Installer\features] > "AntiAPTFeature"=dword:00000001 (should be like this)

2) Search in *.SRV.log (trace file) for bundles::InstalledFeaturesProvider::InstalledFeaturesProvider

08:14:31.733    0x1e30    INF    bundles::InstalledFeaturesProvider::InstalledFeaturesProvider{ 3 (AVScannerAndCoreFeature)  0 (AdminKitConnectorFeature)  24 (AdvancedThreatProtectionFeature)  1 (AntiAPTFeature)  7 (ApplicationControlFeature)  15 (BadUSBAttackPreventionFeature)  17 (BehaviorDetectionFeature)  4 (CriticalScanTask)  6 (DeviceControlFeature)  23 (EssentialThreatProtectionFeature)  11 (ExploitPreventionFeature)  8 (FileThreatProtectionFeature)  5 (FullScanTask)  16 (MailThreatProtectionFeature)  14 (NetworkThreatProtectionFeature)  12 (RemediationEngineFeature)  25 (SecurityControlsFeature)  18 (UpdaterTask)  21 (WebControlFeature)  20 (WebThreatProtectionFeature)  22 (WholeProductFeature) }

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...