Jump to content

KSWS frequent exploit and malware detections - troubleshooting [Kaspersky Security for Windows Server]


Recommended Posts

Antipova Anna
Posted

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Problem

KSWS detects certain exploit or malware frequently with N/A as an action in KSC reports.

Solution

1. Download the latest patch for our product on the machine which detects the issue.

2. Download the latest Windows security updates on the machine to cover the potential vulnerabilities.

3. Make sure that the product has the latest updates from KLABs servers.

4. Check the events on the impacted server as sometimes KSC report shows "detection events" only with action N/A while KSWS already takes the action. 

     i. If you find a blocking event, it’s probably N/A on the report (Cause the blocking event appears in the next warning event at the same moment).

    ii. If you couldn’t find a blocking event:

            a. Enable KSWS traces https://support.kaspersky.com/15618

            b. In case the exploit or malware impacts system memory or the object path is .exe, download and run ProcMon (Process Monitor) https://support.kaspersky.com/common/diagnostics/10935

            c. Restart the product’s agent.

            d. Simulate the issue and wait till correlated event being generated.

            e. Stop product’s traces and ProcMon.

            f. Collect export from server's events and GSI report including event logs and AVZ. https://support.kaspersky.com/common/diagnostics/3632#block7

            g. Get KSWS reports if exists {c:\ProgramData\Kaspersky Lab\Kaspersky Security for Windows Server\11.0\Reports}

             i. Submit an issue to Kaspersky Support.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...