Cloud Client with Kaspersky AV, all users are seen as "non-interactive-user"
Article ID: 165534
Updated On:
Products
CDP Integration Server
Issue/Introduction
There is a known compatibility issue between the Cloud Client and Kaspersky AV documented in the Cloud Release Notes at: http://portal.threatpulse.com/docs/rn/RNs.htm
Under:
Compatibilities->
Tested Anti-Virus Vendors on Clients->
Kaspersky Internet Security
Per the Cloud Release Notes, using Kaspersky AV with Cloud Client will make all traffic forward to the cloud as the default (non-interactive) user. In other words, all users (in Cloud Reporting) will show up as: non-interactive-user (instead of their usernames).
Kaspersky AV, in its default configuration, won't allow the Cloud user-tunnel to come up (which identifies individual users).
There is a workaround, however, by EXCLUDING ports 80 and 443 in Kaspersky's port monitoring.
Resolution
Workaround
In order to EXCLUDE A PORT from the list of monitored ports in Kaspersky AV (instructions here verified with Kaspersky AV version 6.0):- Open the application settings window ("Settings" button).
- In the left part of the "Settings" window, select the "Network" section under "Options".
- In the "Monitored ports" section on the right, click the "Port settings" button.
- In the "Port settings" window, select the "Monitor selected ports only" radio button, and uncheck the box next to port 80 and port 443.
NOTE: this will *disable* HTTP (port 80) and HTTPS (port 443) monitoring by Kaspersky AV. Be advised that this will reduce the security of the Kaspersky AV suite.
But this workaround will allow Cloud Client to exist with the Kaspersky AV suite, while still allowing Cloud users to be individually identified in Reporting.
Feedback
Yes
No
Powered by
