We are using KES18.104.22.168 for Windows and got the situation that the Network Threat Protection Module kills the OpenVPN connection under certain conditions. OpenVPN isn't even aware of it and still says it's connected but nothing goes through the VPN tunnel.
It consistently happens with all Systems from one remote branches and them all having 11.x.x.x. KES installed but also to some people working from home.
They dial in via OpenVPN and try to access virtual machines via RDP which are hosted on an older ESXi 5.1 machines. Newer ESXi hosts do not cause a problem when they try to access VMs hosted there
It also only happens if they try to use Remote Desktop. They can access shares or the Webserver (:80) of these virtual machines just fine.
If they use Remote Desktop they can login, but before the remote Desktop is even fully available (background might load, but Desktop Icons do not) they already get the “connection lost, trying to reconnect.” At that point the VPN tunnel is already inaccessible. If reconnecting to VPN and RDP is still doing it’s reconnect attempts, the tunnel will be made inaccessible momentarily as soon as rdp attempts to connect again.
I tried to replicate the issue on other systems but i failed to pinpoint it as of now. I tried with different 11.x KES Versions, tried with newer and older OpenVPN Clients and different Windows 10 Versions 1709, 1803, 1909.
What also adds to the problem is that nothing gets logged in Kaspersky. So i didn't even know which module caused this behavior initially.
Network Threat Protection Module has very few Options for changing the behavior.
Any ways how i can further analyse this problem?