Contact Technical Support

If you do not find a solution to your problem in the application documentation or other sources of information about the application, it is recommended to contact Technical Support. Technical Support specialists will answer any of your questions about installing and using Kaspersky Embedded Systems Security.

Kaspersky provides support for Kaspersky Embedded Systems Security during its life cycle (see the Application life cycle page). Before contacting Technical Support, please read the support rules.

You can contact Technical Support in one of the following ways:

• Visit Technical Support website.
• Submit a request to Kaspersky Technical Support from the Kaspersky CompanyAccount portal.

Technical Support via Kaspersky CompanyAccount

Kaspersky CompanyAccount is a portal for companies that use Kaspersky applications. The Kaspersky CompanyAccount portal is designed to facilitate interaction between users and Kaspersky specialists through online requests. The Kaspersky CompanyAccount portal lets you monitor the progress of electronic request processing by Kaspersky specialists and store a history of electronic requests.

You can register all of your organization's employees under a single account on Kaspersky CompanyAccount. A single account lets you centrally manage electronic requests from registered employees to Kaspersky and also manage the privileges of these employees via Kaspersky CompanyAccount.

The Kaspersky CompanyAccount portal is available in the following languages:

• English
• Spanish
• Italian
• German
• Polish
• Portuguese
• Russian
• French
• Japanese

To learn more about Kaspersky CompanyAccount, visit the Technical Support website.

Obtaining information for Technical Support

After you inform Kaspersky Technical Support specialists about the problem, they may ask you to send a trace file or dump file.

Technical Support specialists may also need additionally information about the operating system and running processes on the device, as well as detailed reports on the operation of application components.

While diagnosing the problem, Technical Support specialists may ask you to change the application settings to:

• activate functionality to receive advanced diagnostic information;
• perform more detailed configuration of individual application components that cannot be performed through the standard user interface;
• change settings for storing received diagnostic information;
• to configure the capture and storage of network traffic in a file.

Technical Support specialists will tell you all the information required to perform these actions (the sequence of steps, the settings to change, configuration files, scripts, advanced command line capabilities, debugging modules, special utilities, etc.), as well as the body of information received for diagnostic purposes. The received advanced diagnostic information is stored on the user device. This information is not automatically sent to Kaspersky.

The steps listed above should be performed only with the guidance of Technical Support specialists based on instructions they provide. Independently changing application files using means not described in the application documentation or not recommended by Technical Support specialists may lead to poor performance and failures in the application and operating system, reduced protection, as well as inaccessible and corrupted data.

About application trace files

A Kaspersky Embedded Systems Security trace file tracks the step-by-step execution of application commands and lets you find out at which stage the error occurs.

Application trace files are not generated by default. You can enable or disable generation of application trace files and define the level of detail in trace files in the command line via the general application settings and the graphical user interface.

If you have enabled the generation of application trace files, these files are saved in /var/log/kaspersky/kess/. Access to this directory requires root privileges.

Trace files are stored on the device as long as the application is in use, and are deleted permanently when the application is removed. Trace files are not sent to Kaspersky automatically.

Trace files are saved in a human-readable format. It is recommended to protect information from unauthorized access before sending it to Kaspersky.

Application trace file contents

Trace files contain the following general data:

• Event time.
• Number of the thread of execution.
• Application component that caused the event.
• Degree of event severity (informational event, warning, critical event, error).
• A description of the event involving command execution by a component of the application and the result of execution of this command.

Trace files may store the following information in addition to general data:

• The statuses of the application components and their operational data.
• Data on user activity in the application.
• Data on the hardware installed on the device.
• Data about all operating system objects and events, including information about user activity.
• Data contained in the objects of the operating system (for example, the contents of files that may contain any user personal data).
• Network traffic data (for example, the contents of the entry fields on a website, which may include bank card information or any other sensitive data).
• Data received from Kaspersky servers (such as the version of the application databases).
• Data on consumed CPU resources.
• Data on consumed RAM resources.
• Data about file read and write operations by applications.
• Data on the amount of cached information required for the application to work.

Page top

Configuring application trace settings

If you are managing Kaspersky Embedded Systems Security using Kaspersky Security Center, you can configure trace settings of the application in the Kaspersky Embedded Systems Security policy settings using the Web Console or the Administration Console.

If you are managing the application on the command line, you can configure trace settings of the application in the general application settings.

Editing trace settings in the Web Console

In the Web Console, you can configure application tracing settings in the policy properties (Application settings → General settings → Application settings, Trace and dump settings section) (see the table below).

Application trace settings

To apply trace settings, you must restart the application.

Editing trace settings in the Administration Console

In the Administration Console, you can configure application tracing settings in the policy properties (General settings → Application settings).

Under Trace and dump settings, click Configure to open a window in which you can edit the trace settings (see the table below).

Application trace settings

To apply trace settings, you must restart the application.

Editing trace settings in the command line

In the command line, you can configure application tracing settings using the TraceLevel, TraceFolder, TraceMaxFileCount and TraceMaxFileSize settings in general application settings.

The TraceLevel setting lets you enable or disable application tracing and specify the level of detail in trace files. This setting can take the following values:

• Detailed – Generate a detailed trace file.
• MediumDetailed – Generate a trace file that contains informational messages and error messages.
• NotDetailed – Generate a trace file that contains error messages.
• None (default value) — Do not generate a trace file.

The TraceFolder settings lets you specify the directory where application trace files are stored. Default value: /var/log/kaspersky/kess. If you specify a different directory, make sure that the account under which Kaspersky Embedded Systems Security is running has read/write permissions for this directory. Root privileges are required to access the default trace files directory.

The TraceMaxFileCount setting lets you specify the maximum number of application trace files. The setting can take values from 1 to 10000. Default value: 10.

The TraceMaxFileSize setting lets you specify the maximum size of an application trace file (in megabytes). The setting can take values from 1 to 1000. Default value: 500.

You can edit the setting using command line options or a configuration file that contains all general application settings.

After changing the values of the TraceFolder, TraceMaxFileCount, or TraceMaxFileSize settings, you need to restart the application.

Page top

Application administration plug-in trace files

Administration plug-in trace files are not sent to Kaspersky automatically.

Trace files are saved in a human-readable format. It is recommended to protect information from unauthorized access before sending it to Kaspersky.

Administration MMC plug-in trace files

If you use the Administration Console to manage Kaspersky Embedded Systems Security, information about events that occur while the administration MMC plug-in is running can be saved to the Kaspersky Embedded Systems Security MMC plug-in trace file on the device where the Administration Server is installed. The file name contains the application version number, file creation date and time, and process identifier (PID). This file contains information about the events that occur during MMC plug-in operation, in particular, about the operation of policies and tasks.

MMC plug-in trace files are not generated by default. You can use registry keys to create the MMC plug-in trace file. Contact Technical Support representatives for detailed information on how to create trace files.

All created trace files of the MMC plug-in are located in the folder specified by the user during registry key configuration.

Administration web plug-in trace files

If you use the Web Console to manage Kaspersky Embedded Systems Security, information about events that occur while the administration web plug-in is running can be written to the web plug-in trace files.

Trace files for the web plug-in are created automatically if logging of Web Console activities is enabled in Web Console Installation Wizard (for more details, refer to the Kaspersky Security Center Help).

Trace files of the web plug-in are stored in the Web Console installation folder in the "logs" subfolder.

Contents of administration plug-in trace files

Trace files contain the following general data:

• Event time.
• Number of the thread of execution.
• Application component that caused the event.
• Degree of event severity (informational event, warning, critical event, error).
• A description of the event involving command execution by a component of the application and the result of execution of this command.

In addition to general data, trace files may contain the following information:

• Personal data, including the last name, first name, and middle name, if such data is part of the path to files.
• The name of the account used to log in to the operating system if the user account name is part of a file name.

About dump files

A dump file contains all information about the working memory of Kaspersky Embedded Systems Security processes at the time of dump creation.

Dump files may contain personal data. We recommend making sure the information is protected from unauthorized access before sending it to Kaspersky.

No dump files are generated by default. You can enable or disable dumping in case of application failures.

If you enabled dumping, dump files are saved in /var/opt/kaspersky/kess/common/dumps and /var/opt/kaspersky/kess/common/dumps-user.

Root privileges are required to access dump files.

Dump files are stored on the computer as long as the application is in use, and are deleted permanently when the application is removed. Dump files are not sent to Kaspersky automatically.

Page top

Enabling or disabling dump logging

If you are managing the Kaspersky Embedded Systems Security application through Kaspersky Security Center, you can enable or disable dumping in the Kaspersky Embedded Systems Security policy settings using the Web Console or the Administration Console.

If you use the command line to manage the application, you can enable or disable dumping via the kess.ini configuration file.

The maximum number of dump files is limited.

Depending on the operating system settings, user dump files may not be created. Make sure that the system kernel is configured using sysctl kernel.yama.ptrace_scope=0.

Enabling or disabling dumping in the Web Console

In the Web Console, you can enable or disable logging dump files in the policy properties (Application settings → General settings → Application settings, Trace and dump settings section) (see the table below).

Dump file settings

You must restart the application to apply the dump file settings.

Enabling or disabling dumping in the Administration Console

In the Administration Console, you can enable or disable logging dump files in the policy properties (General settings → Application settings).

Under Trace and dump settings, click Configure to open a window in which you can edit the dump settings (see the table below).

Dump file settings

You must restart the application to apply the dump file settings.

Enabling or disabling dumping on the command line

To enable or disable dumping in the kess.ini configuration file, do as follows:

1. Stop Kaspersky Embedded Systems Security.
2. Open the /var/opt/kaspersky/kess/common/kess.ini file for editing.
3. Under [General], set the parameter value:
   • CoreDumps=yes: enable dumping in case of a failure.
   • CoreDumps=no: disable dumping.
4. If you want to change the default directory where dump files are saved, specify the path to the directory in the CoreDumpsPath option.
5. Start Kaspersky Embedded Systems Security.

Remote device diagnostics using Kaspersky Security Center

In Kaspersky Security Center you can perform remote diagnostics of client devices. The remote diagnostics procedure lets you remotely run the following operations:

• Enable or disable tracing.
• Change the trace level.
• Download trace files.
• Download a remote application installation log.
• Download system event (syslog) logs.
• Start, stop, and restart applications.

Remote diagnostics in the Web Console

If you use the Web Console to manage Kaspersky Embedded Systems Security, remote diagnostics of a client device is done in the remote diagnostics window.

To open the remote device diagnostics window for a device:

1. In the main window of the Web Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select a device that you want to diagnose remotely and click its name.

   The device properties window opens.

3. On the Advanced tab, select the Remote diagnostics section.

In the device remote diagnostics window, you can view the remote installation log.

To view the remote installation log on a device, do as follows:

1. Open the remote device diagnostics window.
2. On the Event logs tab, under Trace files block, click Remote installation logs.

   The Device trace event logs window opens.

For more information about the remote diagnostics, see the Kaspersky Security Center Help.

Remote diagnostics using the Administration Console

If you use the Administration Console to manage Kaspersky Embedded Systems Security, remote diagnostics is done using the special Kaspersky Security Center remote diagnostics utility automatically installed on the device together with the Administration Console.

To open the main window of the remote diagnostics utility, do as follows:

1. In the Administration Console tree, in the Managed devices folder, select the administration group containing the necessary device.
2. In the workspace, select the Devices tab.
3. In the list of managed devices, select the device to which you want to connect the remote diagnostics utility, and select External tools → Remote diagnostics in the device context menu.

   The main window of the Kaspersky Security Center remote diagnostics utility opens.

You can use the remote device diagnostics utility to view the remote installation log.

To view the remote installation log on a device, do as follows:

1. Open the main window of the remote diagnostics utility.
2. Configure the options for connecting the utility to the device if needed. In the main window of the remote diagnostics utility, click the Log in button.
3. In the window that opens, in the objects tree, select the Remote installation logs folder.

For more information about the remote diagnostics utility, refer to Kaspersky Security Center Help section.

Manually checking the connection with the Administration Server. Klnagchk utility

The Network Agent distribution kit includes the klnagchk utility, which is intended for checking connection to the Administration Server.

After installation of the Network Agent, the utility is located in the /opt/kaspersky/klnagent/bin directory in 32-bit operating systems and in the /opt/kaspersky/klnagent64/bin directory in 64-bit operating systems. Depending on the command line options, the Network Agent performs the following actions when started:

• Writes to the event log file or displays the values of the settings for connecting the Network Agent installed on the client device to the Administration Server.
• Writes to the event log file or displays the Network Agent statistics (since its last launch) and the results of running the utility.
• Attempts to establish a connection between Network Agent and the Administration Server.
• If the connection fails, the utility sends an ICMP packet to check the status of the device where the Administration Server is installed.

Utility syntax

klnagchk [-logfile <file name>] [-sp] [-savecert <path to certificate file>] [-restart]

Arguments and options

• -logfile <file name>: write to an event log file both the values of the settings for connecting Network Agent to the Administration Server and the results of running the utility. If this option is not specified, the settings, results, and error messages are displayed on the screen.
• -sp: show the password for user authentication on the proxy server. This setting is used if the connection to the Administration Server is established via a proxy server.
• -savecert <file name>: save the certificate used to authenticate access to the Administration Server in the specified file.
• -restart: restart Network Agent.

Manually connecting to the Administration Server. Klmover utility

The Network Agent distribution kit includes the klmover utility, which is intended for managing the connection with the Administration Server.

After installation of the Network Agent, the utility is located in the /opt/kaspersky/klnagent/bin directory in 32-bit operating systems and in the /opt/kaspersky/klnagent64/bin directory in 64-bit operating systems. Depending on the command line options, the Network Agent performs the following actions when started:

• Connects Network Agent to the Administration Server with the specified settings.
• Writes to an event log file or displays the operation results.

Utility syntax

klmover [-logfile <file name>] [-address <server address>] [-pn <port number>] [-ps <SSL port number>] [-nossl] [-cert <path to the certificate file>] [-silent] [-dupfix]

Arguments and options

• -logfile <file name> – write the results of running the utility to the specified file. If this option is not specified, the results and error messages are sent to stdout.
• -address <server address> – address of the Administration Server used for the connection. This can be the IP address, NetBIOS, or DNS name of the device.
• -pn <port number> – number of the port over which a non-encrypted connection to the Administration Server is established. Port 14000 is used by default.
• -ps <SSL port number> – number of the SSL port over which the encrypted connection to the Administration Server is established using the SSL protocol. Port 13000 is used by default.
• -nossl – use a non-encrypted connection to the Administration Server. If this key is not specified, the Agent connects to the Administration Server over SSL.
• -cert <path to certificate file> – use the specified certificate file for access authentication to the new Administration Server. If the option is not specified, Network Agent gets a certificate upon the first connection to the Administration Server.
• -silent – start the utility in non-interactive mode. This may be useful if, for example, the utility is started from a startup script during user registration.
• -dupfix – this option is used if the Network Agent installation method differs from the installation within the distribution kit; for example, if the Network Agent was restored from a disk image.
• -cloningmode 1 – switch to cloning mode.
• -cloningmode 0 – switch from cloning mode.