Task error protection is disabled kaspersky linux

Task error protection is disabled kaspersky linux

File Threat Protection prevents infection of the file system of the computer. The File Threat Protection task is automatically created with the default settings when you install Kaspersky Endpoint Security to the computer. By default, the File Threat Protection task starts automatically when Kaspersky Endpoint Security starts. The task resides in the computer’s RAM and scans all opened, saved, and active files.

While File Threat Protection task is running, Kaspersky Endpoint Security scans all namespaces on all supported operating systems if the general application setting NamespaceMonitoring is set to Yes .

Additionally for Astra Linux, a custom virus scan task (Scan_File) allows scanning files from another namespaces (within mandatory sessions).

You cannot create custom File Threat Protection tasks. You can modify the settings of the predefined File Threat Protection task.

File Threat Protection settings

File Threat Protection enabled / disabled

This toggle button enables or disables File Threat Protection on all managed devices.

The toggle button is switched on by default.

File Threat Protection mode

In this drop-down list, you can select the File Threat Protection mode:

• Smart check scans a file on the attempt to open it and scans it again on the attempt to close it, if the file has been modified. If a process accesses and modifies a file multiple times in a certain period, the application scans the file again only when the process closes it for the last time.
• On access scans the file on the attempt to open it for reading, execution, or modification.
• On access and modification scans a file on the attempt to open it, and scans it again on the attempt to close it, if the file has been modified.

The Smart check action is selected by default.

In this drop-down list, you can select the first action to be performed by Kaspersky Endpoint Security on an infected object that has been detected:

• Disinfect the object. A copy of the infected object will be saved in the Storage.
• Remove the object. A copy of the infected object will be saved in the Storage.
• Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
• Block access to the object.

Perform recommended action is selected by default.

In this drop-down list, you can select the second action to be performed by Kaspersky Endpoint Security on an infected object, in case the first action is unsuccessful:

• Disinfect the object. A copy of the infected object will be saved in the Storage.
• Remove the object. A copy of the infected object will be saved in the Storage.
• Perform recommended action on the object, based on data about the danger level of the threat detected in the file and about the possibility of disinfecting it.
• Block access to the object.

The Block action is selected by default.

Contains objects that are scanned by File Threat Protection.

Clicking the Configure scan scopes link opens the Scan scopes window. This window lets you configure the scan scopes.

The table contains the following columns:

• Scope name . This column contains the scan scope names.
• Path . This column contains paths to the scan scopes.
• Status . This column displays whether the scope is scanned. The Enabled status means that Kaspersky Endpoint Security scans this scope when running the task. The Disabled status means that Kaspersky Endpoint Security does not scan this scope when running the task.

To create a task, you need to add at least one scan scope.

Kaspersky Endpoint Security scans objects in the specified scopes in the order in which you enumerate these scan scopes in the list of scan scopes. To configure security settings for a subdirectory that are different from the security settings of the parent directory, place the subdirectory in the list higher than its parent directory.

By default, the table contains one scan scope with the default settings: scan all objects located on local drives of the computer, as well as all mounted and shared directories that are accessed via the SMB and NFS protocols, with the recommended security settings.

You can add, configure, delete, move up, or move down scan scopes in the table.

Clicking the Move down button moves the selected item down in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if only one item is selected in the table.

Clicking the Move up button moves the selected item up in the table.

Kaspersky Endpoint Security scans objects in the specified scopes in the order they are listed in the table of scan scopes. If you want to configure security settings for a subdirectory that are different from the security settings of the parent directory, you must place the subdirectory higher than its parent directory in the table.

This button is available if only one item is selected in the table.

Clicking the Delete button excludes the selected scope from scanning.

This button is available if at least one scan scope is selected in the table.

Clicking the scan scope name opens the window. In this window, you can modify the settings of the selected scan scope.

Clicking the Add button opens the window. In this window, you can define a new scan scope.

This check box enables or disables scan of archives.

If this check box is selected, Kaspersky Endpoint Security scans archives. The application detects infected objects in archives, but does not disinfect them. Select this action for a more detailed scan.

To scan an archive, the application has to unpack it first, which may slow down scanning. You can reduce the archive scan duration by enabling and configuring the Skip object if scan takes longer than (sec) and/or Skip objects larger than (MB) parameters.

If this check box is cleared, Kaspersky Endpoint Security does not scan archives.

This check box is cleared by default.

Scan SFX archives

This check box enables or disables scanning of self-extracting archives. Self-extracting archives are archives that contain an executable extraction module.

If this check box is selected, Kaspersky Endpoint Security scans self-extracting archives.

If this check box is cleared, Kaspersky Endpoint Security does not scan self-extracting archives.

This check box is available if the Scan archives check box is cleared.

This check box is cleared by default.

Scan mail databases

This check box enables or disables scan of mail databases of Microsoft Outlook, Outlook Express, The Bat!, and other mail applications.

If this check box is selected, Kaspersky Endpoint Security scans mail database files.

If this check box is cleared, Kaspersky Endpoint Security does not scan mail database files.

This check box is cleared by default.

Scan mail formats

This check box enables or disables scan of files of plain-text email messages.

If this check box is selected, Kaspersky Endpoint Security scans plain-text messages.

If this check box is cleared, Kaspersky Endpoint Security does not scan plain-text messages.

This check box is cleared by default.

Skip object if scan takes longer than (sec)

The field for specifying the maximum time to scan an object, in seconds. After the specified time is reached, Kaspersky Endpoint Security stops scanning the object.

Available values: 0 – 9999 . If the value is set to 0 , the scan time is unlimited.

Default value: 60 .

Skip objects larger than (MB)

The field for specifying the maximum size of an archive to scan, in megabytes.

Available values: 0 – 999,999 . If the value is set to 0 , Kaspersky Endpoint Security scans objects of any size.

Default value: 0 .

Log clean objects

This check box enables or disables logging the events of the ObjectProcessed type.

If this check box is selected, Kaspersky Endpoint Security logs the events of the ObjectProcessed type for any scanned object.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the ObjectProcessed type for any scanned object.

This check box is cleared by default.

Log unprocessed objects

This check box enables or disables logging the events of the ObjectNotProcessed type if a file cannot be processed during the scan.

If this check box is selected, Kaspersky Endpoint Security logs the events of the ObjectNotProcessed type.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the ObjectNotProcessed type.

This check box is cleared by default.

Log packed objects

This check box enables or disables logging the events of the PackedObjectDetected type about any packed objects that are detected.

If this check box is selected, Kaspersky Endpoint Security logs the events of the PackedObjectDetected type.

If this check box is cleared, Kaspersky Endpoint Security does not log the events of the PackedObjectDetected type.

This check box is cleared by default.

Use iChecker technology

This check box enables or disables scan of only new and modified since the last scan files.

If the check box is selected, Kaspersky Endpoint Security scans only new or modified since the last scan files.

If the check box is cleared, Kaspersky Endpoint Security scans files regardless to the date of creation or modification.

This check box is selected by default.

Use heuristic analysis

This check box enables or disables heuristic analysis during an object scan.

This check box is selected by default.

Heuristic analysis level

If the Use heuristic analysis check box is selected, you can select the heuristic analysis level in the drop-down list:

• Light is the least detailed scan, minimum system load.
• Medium is a medium scan, balanced system load.
• Deep is the most detailed scan, maximum system load.
• Recommended is the optimal level recommended by Kaspersky’s experts. It ensures an optimal combination of quality of protection and impact on the performance of protected servers.

The Recommended option is selected by default.

Источник

Task error protection is disabled kaspersky linux

Поддержка продуктов для бизнеса

Kaspersky Endpoint Security 11 для Linux

Основные шаги диагностики проблем с Kaspersky Endpoint Security 11 для Linux

Если у вас возникли проблемы при работе с Kaspersky Endpoint Security для Linux, перед обращением в техническую поддержку «Лаборатории Касперского» вы можете выполнить диагностику проблемы и попробовать решить ее самостоятельно.

Основные шаги для диагностики проблем с Kaspersky Endpoint Security для Linux представлены на схеме. Более подробную информацию о шагах смотрите ниже.

Шаг 1. Завершение работы Kaspersky Endpoint Security для Linux

1. Завершите работу Kaspersky Endpoint Security для Linux:

sudo systemctl stop kesl

1. Проверьте, воспроизводится ли проблема. Если нет, перейдите к шагу 2. Если проблема сохраняется, Kaspersky Endpoint Security для Linux не является ее причиной.

Шаг 2. Запуск Kaspersky Endpoint Security для Linux

1. Запустите Kaspersky Endpoint Security для Linux:

sudo systemctl start kesl

1. Если проблема связана:
   • с производительностью, перейдите к шагу 3;
   • с сетью, перейдите к шагу 4;
   • со взаимодействием с Kaspersky Security Center, перейдите к шагу 5;
   • в остальных случаях перейдите к шагу 6.

Шаг 3. Диагностика проблем с производительностью

1. Определите задачу, которая вызывает проблему. Для этого выключите по очереди задачи Защита от файловых угроз (File_Threat_Protection) и Анализ поведения (Behavior_Detection), проверяя, сохраняется ли проблема:

sudo kesl-control —stop

1. Где — идентификатор задачи, который вы можете узнать при помощи команды sudo kesl-control —get-task-list.

1. Чтобы собрать диагностическую информацию, запустите проблемную задачу заново:

sudo kesl-control —start

1. Соберите трассировку работы Kaspersky Endpoint Security для Linux во время воспроизведения проблемы в течение 10-20 минут, инструкция в статье.
2. Перейдите к шагу 7.

Шаг 4. Диагностика проблем с сетью

1. Определите задачу, которая вызывает проблему. Для этого выключите по очереди задачи Управление сетевым экраном (Firewall_Management), Защита от шифрования (Anti_Cryptor), Защита от веб-угроз (Web_Threat_Protection) и Защита от сетевых угроз (Network_Threat_Protection), проверяя, сохраняется ли проблема:

sudo kesl-control —stop

1. Где — идентификатор задачи, который вы можете узнать при помощи команды sudo kesl-control —get-task-list.

1. Чтобы собрать диагностическую информацию, запустите проблемную задачу заново:

sudo kesl-control —start

sudo tcpdump tcp port 443 -i lo -i -w /tmp/kesl.tcpdump

1. Где — задействованный сетевой интерфейс, который вы может уточнить при помощи команды ifconfig.

1. Соберите трассировку работы Kaspersky Endpoint Security для Linux во время воспроизведения проблемы, инструкция в статье.
2. Перейдите к шагу 7.

Шаг 5. Диагностика взаимодействия с Kaspersky Security Center

1. Включите сбор трассировки работы Kaspersky Endpoint Security для Linux, инструкция в статье.
2. Включите сбор трассировки работы Aгента Администрирования, инструкция в статье. Укажите уровень детализации 5, для этого вместо строчки echo -n 4 > /etc/opt/kaspersky/klnagent/1103/1.0.0.0/Debug/TraceLevel внесите:

echo -n 5 > /etc/opt/kaspersky/klnagent/1103/1.0.0.0/Debug/TraceLevel

1. Включите сбор трассировки работы Kaspersky Security Center, инструкции в статьях для Windows и Linux.
2. Воспроизведите проблему.
3. Остановите сбор трассировок и перейдите к шагу 7.

Источник

В последние месяцы меня преследуют проблемы с вирусами на моих файловых серверах. То Nod32 блокирует поддомены, то Касперский вносит сайт в черный список. Меня это никак не может радовать и я принял решение настроить какой нибудь антивирус.

На всех серверах уже установлен и настроен Clam AntiVirus. Его я использовал несколько лет назад, но вирусы класса Trojan-SMS.J2ME он к сожалению не всегда находит.

Изучив результаты Google я толком так ничего и не нашел.

Обращаясь в очередной раз в службу поддержки Касперского с просьбой убрать сайт из списка подозрительных я наткнулся на пунктик kaspersky for linux file server. Его то я и решил протестировать.

Поход в Google за помощью в установке и настройке этого антивируса тоже не дал результата. Все результаты ведут на сайт поддержки Касперского.

Неужели никто не ставил их дистрибутив на своих файловых серверах? Может есть какие то другие решения?

Ответы на эти вопросы для меня останутся тайной. Я остановился на указанном выше продукте и решил его протестировать.

Тестовый файл лицензии запрашиваем на сайте тех поддержки. Ответ приходит через несколько часов.

Приступим к установке

# dpkg -i kav4fs_8.0.1-145_i386.deb

dpkg: error processing kav4fs_8.0.1-145_i386.deb (--install):

 package architecture (i386) does not match system (amd64)

Errors were encountered while processing:

 kav4fs_8.0.1-145_i386.deb

Упс. У нас же amd64. А других дистрибутивов то у Касперского нет. Google тоже не отвечает.

#dpkg -i --force-architecture kav4fs_8.0.1-145_i386.deb

(Reading database ... 38907 files and directories currently installed.)

Unpacking kav4fs (from kav4fs_8.0.1-145_i386.deb) ...

Setting up kav4fs (8.0.1-145) ...

Starting Kaspersky Lab Framework Supervisor: kav4fs-supervisor.

Kaspersky Anti-Virus for Linux File Server has been installed successfully,

but it must be properly configured before using.

Please run /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl script manually to

configure it.

Прокатило :). Пробуем настроить.

# /opt/kaspersky/kav4fs/bin/kav4fs-setup.pl



Kaspersky Anti-Virus for Linux File Server version 8.0.1.145/RELEASE



Installing the license



The key file (a file with the .key extension) contains information about

your license. You need to install it to use the application.

To install it now, enter the path to your key file (or enter an empty

string to continue without installing the key file):

/xxx/xxx.key

The license from /xxx/xxx.key has been
installed.

Configuring the proxy settings to connect to the updates source

If you use an HTTP proxy server to access the Internet, you need to specify

its address to allow the application

to connect to the updates source.

Please enter the address of your HTTP proxy server in one of the following

formats: proxyIP:port or user:pass@proxyIP:port.

If you don't have or need a proxy server to access the Internet, enter 'no'

here, or enter 'skip' to use current settings without changes. [no]:


Downloading the latest application databases


The latest databases are an essential part of your server protection.

Would you like to download the latest databases now?

(If you answer 'yes', make sure you are connected to the Internet): [yes]:


nabling scheduled updates of the application databases



Would you like to enable scheduled updates? [N]:


Setting up the kernel-level real-time protection



Would you like to compile the kernel-level real-time protection module?

[yes]:

no

Would you like to disable the real-time protection? [no]:

yes



Warning: The real-time protection is DISABLED.



Error: The kernel-level real-time protection module is not compiled.

To manually recompile the kernel-level real-time protection module, start

/opt/kaspersky/kav4fs/bin/kav4fs-setup.pl --build[=PATH].



Setting up the Samba server real-time protection



Error: The installer couldn't find a Samba server on your computer. Either

it is not installed, or is installed to an unknown location.

If the Samba server is installed, specify the server installation details

and enter 'yes'.

Otherwise, enter 'no' (the Samba server configuration step will be

interrupted): [no]:



You can configure Samba server protection later by running the initial

configuration script again by executing

/opt/kaspersky/kav4fs/bin/kav4fs-setup.pl --samba

The real-time protection of Samba server was not setup. You can run the

initial configuration script again by executing

/opt/kaspersky/kav4fs/bin/kav4fs-setup.pl --samba



Setting up the Web Management Console


Warning: Password file not found, Kaspersky Web Management Console will not

be started until correct password is set!



Would you like to set password for Kaspersky Web Management Console? [no]:



Starting Kaspersky Web Management Console: kav4fs-wmconsole: password file not found! failed!



You can change password for Kaspersky Web Management Console by executing

/opt/kaspersky/kav4fs/bin/kav4fs-wmconsole-passwd





Starting the real-time protection task



The task has been started, runtime ID: 1341314367.

Real-time protection меня как бы вообще не интересует. Мне нужно только проверять указанный файл и получать результат проверки.

Пробуем тестовый вирус

Создаем тестовый файл virus с содержимым

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

И запускаем проверку:

# /opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file virus

Objects scanned:     1

Threats found:       1

Riskware found:      0

Infected:            1

Suspicious:          0

Cured:               0

Moved to quarantine: 0

Removed:             0

Not cured:           0

Scan errors:         0

Password protected:  0

Corrupted:           0

Пробуем на нашем Trojan-SMS.J2ME

#/opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file sms.jar

Objects scanned:     27

Threats found:       1

Riskware found:      0

Infected:            1

Suspicious:          0

Cured:               0

Moved to quarantine: 0

Removed:             0

Not cured:           0

Scan errors:         0

Password protected:  0

Corrupted:           0

# /opt/kaspersky/kav4fs/bin/kav4fs-control --top-viruses 1

Viruses found: 1

Virus name:       Trojan-SMS.J2ME.Boxer.ct

Infected objects: 1

Все получилось, наш вирус определяет без проблем. Хотелось бы конечно в результате проверки видеть какой именно вирус, но об этом отпишусь как только мне ответит служба поддержки. В манах эту информацию к сожалению не нашел.

Заключение

Настройка антивируса и тесты прошли успешно. Дальше я займусь проверкой всех своих файловых серверов и настройкой онлайн проверки новых файлов.

Считаю что эта статья будет полезна владельцам сайтов с мобильным контентом, так как именно на таких сайтах можно встретить огромное количество вирусов для мобильных устройств.

Подводные камни

Нигде в интернете и даже на самом сайте Касперского не указано что вы не сможете установить антивирус если у вас нету файла ключа. Странно конечно что установщик предлагает нам продолжить установку без него, но в конце вылетает с ошибкой «обновления баз» без которых дальнейшая установка невозможна.

Перейти к содержанию

 # cd /opt/kaspersky/kesl/doc
# ls
autoinstall.ini ksn_license.de ksn_license.en ksn_license.fr ksn_license.ru legal_notices.txt license.de license.en license.fr license.ru 

# cd /opt/kaspersky/kesl/bin

# ls
fanotify-checker  kesl-control  kesl_launcher.sh  kesl-setup.pl  kesl-uninstall.pl  wdserver

#  ./kesl-control -S 

Name                           : Kaspersky Endpoint Security 10 for Linux
Version                        : 10.0.0.3458
Key status                     : Valid
License expiration date        : 2017-12-04
Backup state                   : No objects in backup
Backup space usage             : Backup size is unlimited
Scan_My_Computer last run date : Never run
Anti-virus databases loaded    : Yes
Anti-virus databases date      : 2017-11-05 06:36:00
Anti-virus databases records   : 11164094
Protection status              : OAS enabled
KSN state                      : On

#  ./kesl-control -T --get-task-list 

<div>Number of tasks: 10</div>
<div>Name: File_Monitoring</div>
<div>    ID     : 1</div>
<div>    Type   : OAS</div>
<div>    State  : Started</div>
<div>Name: Scan_My_Computer</div>
<div>    ID     : 2</div>
<div>    Type   : ODS</div>
<div>    State  : Stopped</div>
<div>Name: Scan_File</div>
<div>    ID     : 3</div>
<div>    Type   : ODS</div>
<div>    State  : Stopped</div>
<div>Name: Boot_Scan</div>
<div>    ID     : 4</div>
<div>    Type   : BootScan</div>
<div>    State  : Stopped</div>
<div>Name: Memory_Scan</div>
<div>    ID     : 5</div>
<div>    Type   : MemoryScan</div>
<div>    State  : Stopped</div>
<div>Name: Update</div>
<div>    ID     : 6</div>
<div>    Type   : Update</div>
<div>    State  : Stopped</div>
<div>Name: Rollback</div>
<div>    ID     : 7</div>
<div>    Type   : Rollback</div>
<div>    State  : Stopped</div>
<div>Name: Retranslate</div>
<div>    ID     : 8</div>
<div>    Type   : Retranslate</div>
<div>    State  : Stopped</div>
<div>Name: License</div>
<div>    ID     : 9</div>
<div>    Type   : License</div>
<div>    State  : Started</div>
<div>Name: Backup</div>
<div>    ID     : 10</div>
<div>    Type   : Backup</div>
<div>    State  : Started

 # /opt/kaspersky/kesl/bin/kesl-control --scan-file 

 /opt/kaspersky/kesl/bin/kesl-control -B --query 

admpc@astra:~$ sudo /opt/kaspersky/kesl/bin/kesl-setup.pl

Kaspersky Endpoint Security 11.2.0 for Linux version 11.2.0.4528

Application cannot be configured while it is running.
Do you want to stop the application and proceed with configuration? [n]: y

Stopping Kaspersky Endpoint Security 11.2.0 for Linux. This can take some
time. Please wait.

Setting up the Anti-Virus Service default locale

Specified locale will be used to show user agreements in this script and
send events to Kaspersky Security Center.
List of available locales:
— ru_RU.UTF-8
— de_DE.UTF-8 [not supported by OS]
— en_US.UTF-8 [not supported by OS]
— fr_FR.UTF-8 [not supported by OS]
— ja_JP.UTF-8 [not supported by OS]
[ru_RU.UTF-8]:

Anti-Virus Service default locale is changed to ‘ru_RU.UTF-8’.
Service will be restarted if it is already running.

Configuring KSN

I confirm that I have fully read, understand, and accept the terms and
conditions of the Kaspersky Security Network Statement (KSN Statement is
available here: ‘/opt/kaspersky/kesl/doc/ksn_license.ru’) [y/n]: y

Granting the Administrator role

Only users with the Administrator role have full access to Kaspersky
Endpoint Security management by command line and GUI.

Specify user to grant the ‘admin’ role to (leave empty to skip): admpc

Configuring file interceptors

Checking if fanotify is available…
Using fanotify interceptor
Starting Kaspersky Endpoint Security 11.2.0 for Linux. This can take some
time. Please wait.

Configuring the update source

Specify the update source. Possible values: KLServers|SCServer|<url>:
[KLServers]:

Configuring proxy server settings to connect to the updates source

If you use an HTTP proxy server to access the Internet, please enter
the address in one of the following formats:
proxyIPort or userass@proxyIPort, or enter ‘no’ [n]: n

Updated databases are an essential part of your server protection.
Please note that the application may be restarted during the update
process.
Do you want to download the latest databases now? [y]: y

Downloading the latest application databases

Выполнение задачи:
[##################################################]100%
Latest databases are downloaded.
Restarting Kaspersky Endpoint Security 11.2.0 for Linux. This can take some
time. Please wait.

Enabling automatic updates of the application databases

Do you want to enable scheduled updates? [y]: n

Activate the application

The valid trial key is already added on this device.
Do you want to continue using it?
If you answer ‘no’, the key will be removed [y]: y

admpc@astra:~$
admpc@astra:~$ sudo dpkg -i /media/sf_shara_VBox/kesl-gui_11.2.0-4528_amd64.deb
Выбор ранее не выбранного пакета kesl-gui.
(Чтение базы данных … на данный момент установлено 231808 файлов и каталогов.)
Подготовка к распаковке …/kesl-gui_11.2.0-4528_amd64.deb …
Распаковывается kesl-gui (11.2.0-4528) …
Настраивается пакет kesl-gui (11.2.0-4528) …
Обрабатываются триггеры для desktop-file-utils (0.26-1astra1) …
Обрабатываются триггеры для mime-support (3.60) …
admpc@astra:~$