Kaspersky
Question

Kaspersky Endpoint Security 11.6.0.394 and access to the server or to other servers too

  • 11 August 2021
  • 4 replies
  • 50 views

Good afternoon.

       There is a server platform with installed windows server 2008r2 - 2012r2 x64 bit. All servers are located in the same domain, universal security policy settings are applied everywhere, without group support and pairing with kaspersky security center 11. All servers have the built-in windows firewall and KES firewall disabled.

The problem itself: Internet access is lost - not a single browser page is opened, smb access to shared folders does not work (ports both new and old - smb v2-v3), consultant +, 1c enterprise does not function properly (you cannot see contractors online or regional exchange does not work).

An attempt to solve the problem was, initially, adding ip-addresses to exceptions as well as folders with software. - did not help.
It helped either to completely turn off the Kaspersky antivirus on the server, or to reboot the server, it was enough for 2-3 days, maximum.
We tried to disable it in the “protection against network threats” tab - consider port scanning and intensive network requests as attacks, it did not help
We tried to disable it in the “Network Threat Protection” tab - add the attacking computer to the block list for 60 minutes (default -) - did not help
It helped as a temporary solution - a complete shutdown of the component - protection against network threats, but there is no benefit, then there is no benefit from this component.
p.s .: This problem was not observed on either KES 10.3 or KES 11.2-11.4. We did not try version 11.5, but immediately jumped with a patch from 11.4 to 11.6.


This topic has been closed for comments

4 replies

Userlevel 3
Badge +1

Hello,

what do you mean by “universal security policy settings are applied everywhere”. Kindly make sure you are using 2 different policies for servers and clients. And also, those policy must correspond their respective ones. Both the policies are different as far as there settings are concerned.

You can check this by going into the policy tab on managed devices. From my experience this happens when you use client policies on server.

Hello,

what do you mean by “universal security policy settings are applied everywhere”. Kindly make sure you are using 2 different policies for servers and clients. And also, those policy must correspond their respective ones. Both the policies are different as far as there settings are concerned.

You can check this by going into the policy tab on managed devices. From my experience this happens when you use client policies on server.

Policies on the servers are applied by their own, on client computers - different, they are different.

Userlevel 3
Badge +1

Hello there, 

Thanks for confirming. Then for the next steps you can check the logs or the events triggered when such blockage are encountered. Isolate the server and check for any such findings.

Hello there, 

Thanks for confirming. Then for the next steps you can check the logs or the events triggered when such blockage are encountered. Isolate the server and check for any such findings.

Good afternoon, the funny thing is that there is no information in the magazines, I have reviewed it, up and down.