Kaspersky
Question

Kaspersky Trace log ($Klriwrp.txt) file filled my server Hard Drive [moved]

  • 28 April 2021
  • 6 replies
  • 107 views

Hi 

 

I have issue with my server today, suddenly all my Windows servers 2016 had the C Drive Full

 

I trace to find why, and found a very large file of Trace Log for Kaspersky called 

$klriwrpt.txt and .bak file = 40 GB of size

 

I believe this generated by Kaspersky Remote installation LAB but I am not sure how to turn it off and why it’s taking this huge space? any help.???

 

Thanks

Munir Omar


6 replies

Userlevel 4
Badge +2

Hi @MunirOmar,

what security product did you install? In you screenshot I can see a file called KES.11.3. … so, I assume you installed Kaspersky Endpoint Security for Windows on your server? Did you recently try any troubleshooting using Remote Diagnostics? You could have left the traces ON..

KSC Remote Diagnostics Utility → traces

 

Cheers,
Milan

Hi @MilanBortel 

 

Thanks for your response, I was using Kaspersky Endpoint Security Cloud Plus.. Server Client is KEP 11.5  ( I updated to 11.6 after the incident) 

 

I have not run any tracing from the portal and I am not sure if there is one on the portal as well. I checked the security Profile in the portal and could not find anything.

 

Userlevel 4
Badge +2

Hi @MunirOmar,

thanks for clarification. Firstly, I’d recommend to use different Kaspersky product for servers (KSWS), as it’s designed and tested for that OS type. See this link for more details.

If you want to stay with KES, I’d try to pause protection for that host (via console or locally from system tray):

KES → Pause protection

When it’s paused, delete that log file, then enable protection and see if that log file is recreated again.. :nerd:

 

Cheers,
Milan 

Hi @MilanBortel 

 

I have done that, I already deleted the file and file is recreated again, now I know a tracing is enabled somewhere but I honestly could not find anything anywhere...It looks like this is enabled on the cloud level but I had no luck finding the spot or it’s been enabled by design from Kaspersky.

Userlevel 4
Badge +2

Hi @MunirOmar,

maybe you can check your registry keys → we can turn on/off trace files directly in registry :cowboy:

 

Follow instruction nr. 5) in this article:
 

Trace files using registry keys

Then delete the log file and see if it’s recreated again.

Good luck,
Milan

Userlevel 4
Badge +2

sorry, it will be better the first article, you don’t need to change the tracing level …

Trace files using registry keys

Cheers,
Milan

Reply