In a file alert created based on the results of scanning a copy of web traffic, the User name field is empty if the user is authenticated on the proxy server with basic authentication.
If the date on the Central Node server is over 30 days behind the current date, Kaspersky Anti Targeted Attack Platform cannot work. We recommend making sure that the current date is set on the server on which you want to install the application component.
For the solution to work correctly, the minimum value of payload size per packet (maximum transmission unit, MTU) for the link between the Central Node and Sensor servers, as well as the PCN and SCN, must be 1500. If you know that your ISP limits the MTU on the links between the solution components, you need to configure the MTU so that its size does not exceed the value allowed by your ISP.
When checking the reputation of a file in Kaspersky Security Network, information about the vendor of the trusted signature is not recorded in the log.
An infrastructure of cloud services that provides access to the online Knowledge Base of Kaspersky which contains information about the reputation of files, web resources, and software. The use of data from Kaspersky Security Network ensures faster responses by Kaspersky applications to threats, improves the performance of some protection components, and reduces the likelihood of false alarms.
Kaspersky Anti Targeted Attack Platform correctly processes ERSPAN traffic received through the virtual interface at a rate of up to 2 Gbps. A higher rate of ERSPAN traffic results in data loss.
Kaspersky Anti Targeted Attack Platform 7.1 has the following known limitations:
Sigma rules relying on data sources other than System Monitor (Sysmon) and Windows Event Log are not supported.
In a file alert created based on the results of scanning a copy of web traffic, the User name field is empty if the user is authenticated on the proxy server with basic authentication.
If the date on the Central Node server is over 30 days behind the current date, Kaspersky Anti Targeted Attack Platform cannot work. We recommend making sure that the current date is set on the server on which you want to install the application component.
For the solution to work correctly, the minimum value of payload size per packet (maximum transmission unit, MTU) for the link between the Central Node and Sensor servers, as well as the PCN and SCN, must be 1500. If you know that your ISP limits the MTU on the links between the solution components, you need to configure the MTU so that its size does not exceed the value allowed by your ISP.
When checking the reputation of a file in Kaspersky Security Network, information about the vendor of the trusted signature is not recorded in the log.
Kaspersky Anti Targeted Attack Platform correctly processes ERSPAN traffic received through the virtual interface at a rate of up to 2 Gbps. A higher rate of ERSPAN traffic results in data loss.
Upgrading the Central Node installed on a server may fail with the "Upgrade task "(MoveVolumesDataTask)" completed with an error" error if a disk of 2 TB or larger is allocated for the Targeted Attack Analyzer component database.
sed -i 's/"current_task_index":[[:space:]]*25/"current_task_index": 26/' /data/upgrade/upgrade_config.json
./run_kata_upgrade.py
Make the script executable by running the following command:
chmod +x wa.sh
Run the script by executing the command:
./wa.sh
The upgrade process will resume.
For the Central Node component installed on an Astra Linux server to work correctly, more free disk space is required compared to version 7.0.3 of the application. If there is not enough free space on the Central Node server, the upgrade fails. The application, however, remains operational.