Kaspersky
Solved

How to disable KES on a host via Open KSC API?

  • 14 July 2021
  • 3 replies
  • 68 views

Badge

I am automating the infrastructure and for the script I need to temporarily suspend the antivirus on the host.

I found a description of the (terrible) API and in two days I came to the following:

  1. Use Session.StartSession -> get “sessionID”
  2. With “sessionID” ->  use HostGroup.FindHosts -> get “RequestID”
  3. With “sessionID”, “RequestID” -> use ChunkAccessor.GetItemsChunk -> get “hostnameID”
  4. With “sessionID”, “hostnameID” -> use CgwHelper.GetNagentLocation -> get “locationObj” :
    1. {
      "PxgRetVal": {
      "GwLocHostId": "4f0737f2-9885-46f4-8437-3ba72e50103c",
      "GwLocIndirect": true,
      "GwLocLocation": "http://172.20.23.121:15000",
      "GwLocSignUdp": true,
      "GwLocTargetComponent": "1103;86;1.0.0.0;b736452e-8f9d-42b0-a6bc-251535210f7a",
      "GwLocUseCompression": true
      }
      }

       

  5. With “locationObj” as array → trying to use GatewayConnection.PrepareGatewayConnection:
    1. {
      "pLocations":
      [{
      "GwLocHostId": "4f0737f2-9885-46f4-8437-3ba72e50103c",
      "GwLocIndirect": true,
      "GwLocLocation": "http://172.20.23.121:15000",
      "GwLocSignUdp": true,
      "GwLocTargetComponent": "1103;86;1.0.0.0;b736452e-8f9d-42b0-a6bc-251535210f7a",
      "GwLocUseCompression": true
      }]
      }

      And I get the error:

    2. {
      "PxgError": {
      "code": 1192,
      "file": "c:\\a\\b\\a_6vlf7p9h\\s\\csadminkit\\development2\\kloapi\\contentstream\\sax_handler.cpp",
      "line": 314,
      "message": "Field 'type' is not found for the value with name: ",
      "module": "KLSTD",
      "subcode": 0
      }
      }

      At the same time, there is nothing useful in the documentation in this regard:

What to do?

icon

Best answer by Danila 15 July 2021, 10:06

I wrote earlier that the API is terrible. Now I confirm - it is disgusting and the documentation for it is the same.

I am writing an answer for my current question:

How to get GatewayConnection.PrepareGatewayConnection to work

Answer:

 After getting locationObj via CgwHelper.GetNagentLocation:

{
"PxgRetVal": {
"GwLocHostId": "4f0737f2-9885-46f4-8437-3ba72e50103c",
"GwLocIndirect": true,
"GwLocLocation": "http://172.20.23.121:15000",
"GwLocSignUdp": true,
"GwLocTargetComponent": "1103;86;1.0.0.0;b736452e-8f9d-42b0-a6bc-251535210f7a",
"GwLocUseCompression": true
}
}

 Call the GatewayConnection.PrepareGatewayConnection method with the following body:

{
"pLocations":[{
"type":"params",
"value":{
"GwLocHostId": "4f0737f2-9885-46f4-8437-3ba72e50103c",
"GwLocIndirect": true,
"GwLocLocation": "http://172.20.23.121:15000",
"GwLocSignUdp": true,
"GwLocTargetComponent": "1103;86;1.0.0.0;b736452e-8f9d-42b0-a6bc-251535210f7a",
"GwLocUseCompression": true
}
}]
}

 

That is not just sending:

{
"pLocations":[{ %DATA% }]
}

And forming a structure that is not written in the documentation:

{
"pLocations":[{
"type":"params",
"value":{
%DATA%
}
}]
}
View original

3 replies

Userlevel 2
Badge +1

Greetings Danila,

Can you provide the document that you are following? I found this one:

https://support.kaspersky.com/KESWin/11.6.0/en-US/189442.htm

Regards,

Badge

Greetings Danila,

Can you provide the document that you are following? I found this one:

https://support.kaspersky.com/KESWin/11.6.0/en-US/189442.htm

Regards,

https://support.kaspersky.com/help/KSC/13/KSCAPI/annotated.html

Badge

I wrote earlier that the API is terrible. Now I confirm - it is disgusting and the documentation for it is the same.

I am writing an answer for my current question:

How to get GatewayConnection.PrepareGatewayConnection to work

Answer:

 After getting locationObj via CgwHelper.GetNagentLocation:

{
"PxgRetVal": {
"GwLocHostId": "4f0737f2-9885-46f4-8437-3ba72e50103c",
"GwLocIndirect": true,
"GwLocLocation": "http://172.20.23.121:15000",
"GwLocSignUdp": true,
"GwLocTargetComponent": "1103;86;1.0.0.0;b736452e-8f9d-42b0-a6bc-251535210f7a",
"GwLocUseCompression": true
}
}

 Call the GatewayConnection.PrepareGatewayConnection method with the following body:

{
"pLocations":[{
"type":"params",
"value":{
"GwLocHostId": "4f0737f2-9885-46f4-8437-3ba72e50103c",
"GwLocIndirect": true,
"GwLocLocation": "http://172.20.23.121:15000",
"GwLocSignUdp": true,
"GwLocTargetComponent": "1103;86;1.0.0.0;b736452e-8f9d-42b0-a6bc-251535210f7a",
"GwLocUseCompression": true
}
}]
}

 

That is not just sending:

{
"pLocations":[{ %DATA% }]
}

And forming a structure that is not written in the documentation:

{
"pLocations":[{
"type":"params",
"value":{
%DATA%
}
}]
}

Reply