KSC OpenSSL protcomp vulnerabilities [KSC for Windows]

By Antipova Anna
October 28, 2023 in Advice and solutions for Kaspersky Security Center

https://forum.kaspersky.com/topic/ksc-openssl-protcomp-vulnerabilities-ksc-for-windows-36907/

Followers 1

Recommended Posts

Antipova Anna

Posted October 28, 2023

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

When running security analyzers on KSC server you may occasionally get warnings about outdated OpenSSL libraries. Normally these vulnerabilities can not be exploited as the OpenSSL library is used in a very specific way.

If vulnerable OpenSSL libraries were found in C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\protcomp then there is actually no way to exploit it. Due to this fact this library is usually updated with major releases of KSC.

What is protcomp

Protcomp is a common code used by the following KSC components.

vapm: searches for vulnerabilities, local service, does not establish connections (all information transferred to the server via NAgent traffic);
up2date: does not work with SSL;
klfc: application categorization, local service, does not establish connections;
ksnproxy: establishes network connection, but does not use Open SSL;
cm_um: encryption, local encryption service, does not establish connections.

Why OpenSSL is used

Open SSL has non-networking functions like randomizer and encryption.

Please sign in to comment

You will be able to leave a comment after signing in

https://forum.kaspersky.com/topic/ksc-openssl-protcomp-vulnerabilities-ksc-for-windows-36907/

Followers 1

Go to topic listing

KSC OpenSSL protcomp vulnerabilities [KSC for Windows]

Recommended Posts

Antipova Anna

What is protcomp

Why OpenSSL is used

Please sign in to comment

Forum

Products

Support

Personal Account