Main known issues and limitations

  1. Microsoft .NET Framework 4.6 must be installed on the computer for installation and operation of the Integration Server, Integration Server Console, and Kaspersky Security management MMC plug-ins. If there are any problems with its installation, make sure that Windows updates KB2919442 and KB2919355 have been installed on the computer.
  2. Information about the license in Kaspersky Security Center Administration Console is not updated automatically after an SVM has been rolled back to a virtual machine snapshot. For example, if an application on an SVM has been activated using a commercial license and then rolled back to a snapshot of the SVM on which the application had been activated using a trial license, the commercial license will still be displayed for the specific SVM in the Kaspersky Security Center Administration Console. To resolve the issue, you must restart the SVM.
  3. After an SVM has been rolled back to a snapshot, the tasks that were created on the SVM after the snapshot was taken are lost.
  4. After Light Agent for Windows is removed and then reinstalled locally on a protected virtual machine (not via Kaspersky Security Center), this Light Agent stops sending event information to Kaspersky Security Center. To resolve this problem, restart Light Agent for Windows.
  5. A file can be restored from Backup only to the drive folder from which the file had been moved to Backup. The file cannot be restored to a folder at a different path. If Kaspersky Security is used to protect temporary virtual machines, files cannot be restored from the Backup.
  6. If Light Agent has been installed to a folder whose name contains non-Latin characters, the email scan plug-in is not installed in Microsoft Outlook.
  7. The actual start time of scheduled tasks may differ from the configured start time due to time zone differences between Light Agent and Protection Server. Light Agent receives information about available licenses, updates, and database rollbacks according to the time setting of Protection Server without regard for the time zone setting of Light Agent. The time zone of Protection Server corresponds to UTC.
  8. When a protected virtual machine comes out of Sleep/Hibernate mode, a connection to the Protection Server may be unavailable for some time. The objects that are accessed will be scanned when the connection is established.
  9. The SVM Deployment Wizard may crash when the connection to the hypervisor is interrupted, such as when the network connection is unstable.
  10. The SVM Reconfiguration Wizard does not support international domain names (IDN) of virtual machines (names containing non-Latin characters).
  11. When Light Agent is installed for a second time using Kaspersky Security Center tools, a critical error may occur (Fatal error during installation) that interrupts the installation process and corrupts the previously installed Light Agent. This error occurs if the Light Agent was first installed with all functional components included in the installation package, and the installation package was modified before the second installation by disabling certain components (such as the Mail Anti-Virus component).
  12. When editing the list of Firewall rules in the Light Agent policy, sometimes the rule editing window is not fully displayed, making it impossible to add a new rule. This problem is extremely rare, but you can fix it by closing the Light Agent policy window and opening it again.
  13. When attempting to scan files located on shared Windows network resources (SMB), protected virtual machines running Windows 7 or Windows 2008 R2 may crash (BSOD). To resolve this problem, install the Windows patch (for details refer to Microsoft technical support database).
  14. It is impossible to install an SVM on a Hyper-V hypervisor running Windows Server 2012 R2 or later if you attempt to install it using a local user account other than a built-in Administrator account. To install an SVM, use a domain account or the built-in local Administrator account.
  15. The Kaspersky Security Center Administrator does not receive emails requesting permission to start an application that is blocked by the Application Startup Control component from the local interface of Light Agent.
  16. For consistent backup copying of the Integration Server database, Kaspersky Security Center database, and all application settings, you must employ the backup of the virtual machine with the Kaspersky Security Center server.
  17. If there are several SVMs on the hypervisor, the license restriction on processor cores could be incorrectly calculated. The corresponding warning can be ignored.
  18. If the Internal Error 2318 is returned when you try to uninstall the application, stop the application in Kaspersky Security Center Administration Console and then try to uninstall it once again.
  19. On a virtual machine with the Linux operating system, you cannot start tasks as an unprivileged user.
  20. When installing Light Agent for Windows on a protected virtual machine, Windows Firewall is disabled to prevent conflicts. After Light Agent installation is complete, you can disable the Firewall functional component of the Light Agent and manually enable Windows Firewall.
  21. Light Agent for Windows cannot operate on a Windows Server 2016 guest operating system with the Network controller role. If you need to use the Network controller role, you are advised to install only the File Anti-Virus functional component of Light Agent for Windows.
  22. The Light Agent for Windows Installation Wizard does not automatically determine Windows operating mode. Therefore, installation of Light Agent for Windows on an operating system that works in Server Core mode must be performed in the silent mode with the /s key.
  23. If you want to scan subfolders when running a Virus scan group task on a virtual machine with the Light Agent for Linux component (you selected the Include subfolders check box in the Select object window), do not use the * character at the end of the mask for the path to the object to scan (in the Object field). Subfolders are not scanned if the * character is used at the end of the mask for the path to the object to scan.
  24. When creating a password for the Integration Server administrator account (admin) during installation of the Integration Server, the | ; = characters cannot be used.
  25. Using Kaspersky Private Security Network (Local KSN) earlier than 3.0 is not supported.
  26. SVM deployment on a Proxmox VE hypervisor requires more than 30 GB of free space in the partition containing /var/tmp.
  27. Application Privilege Control component does not start after updating Windows 10 LTSB (64-bit ). To resolve the issue, you must restart the application.
  28. The System Integrity Monitoring works only on virtual machines that have an NTFS or FAT32 file system.
  29. When the application is operating in the infrastructure with the virtualization solution Citrix Provisioning Services 7.15, virtual machines under load may hang if the DHCP server settings are incorrectly configured. The solution of this problem is described in the Knowledge Base.
  30. An error occurs when attempting to use Veeam Backup 9.5 to create an SVM drive backup on a Microsoft Windows Server (Hyper-V) hypervisor. To resolve this problem, migrate the SVM to a different node of the Microsoft Windows Server (Hyper-V) hypervisor cluster, and then migrate it back.
  31. In rare cases, when the SVM drive system is under heavy load, the Scanserver process may terminate.
  32. The Firewall functional component includes application categorization functionality. Therefore, if the Firewall component is enabled, the Application Privilege Control report will include application categorization events even when the Application Privilege Control component is disabled.
  33. Installation and operation of the application on a computer requires installation of the Update for Universal C Runtime in Windows operating system as described in Microsoft technical support database.
  34. If you have changed the certificate of a hypervisor or VMware vCenter server, the Infrastructure connection settings section of the Integration Server Console displays connection error to this hypervisor or VMware vCenter server. To restore the connection between the Integration Server and the specific hypervisor or VMware vCenter server, you must perform the following actions:
    1. In the Integration Server Console, go to the Manage SVM section and click the Manage SVM button.
    2. Please wait while the SVM Management Wizard establishes a connection to all hypervisors and VMware vCenter servers that are displayed in the list of hypervisors and deployed SVMs.
  35. In the SVM Management Wizard, the reconfiguration and removal procedures are not available for SVMs that were moved together with hypervisors from one VMware vCenter Server to another. After adding this new VMware vCenter Server to the list of hypervisors and virtual infrastructure administration servers, previously installed SVMs are not displayed in the SVM Management Wizard.
  36. To ensure proper functioning of the application, the TLS 1.2 protocol must be enabled on the computer where the Integration Server is installed.
  37. If a virtual machine powered by a VMware ESXi hypervisor and running a Windows 10 operating system encounters a critical system error (BSOD), it is recommended to remove the VMware Tools kit.
  38. When activating/deactivating a policy, the application ignores restrictions of the user's permissions to execute certain actions within the functional scopes of Kaspersky Security.
  39. SVM deployment on a VMware ESXi hypervisor using dynamic port binding is not supported.
  40. There are limitations on SVM operation with two or more network adapters in one subnet.
  41. On a virtual machine running Windows 10 RS5/19H1 or Windows Server 2019, Light Agent for Windows cannot be remotely or locally installed to a folder whose name contains more than 160 characters.
  42. There are limitations on the operation of Light Agent for Windows installed on a virtual machine running Windows 10, Windows Server 2016 or Windows Server 2019. Refer to the Knowledge Base for more details.
  43. Starting with Kaspersky Security Center 11, you cannot configure the types of updates to download. The set of downloaded updates is determined automatically.
  44. The user that belongs to the group of local administrators is allowed to access local disks even when the Hard drives devices access rule was configured, which has the Restrict access status.
  45. System Integrity Monitoring component does not track changes to the registry, if the empty DWORD or QWORD type value was overwritten with value “0”.
  46. The Light Agent installed on a virtual machine cannot connect to SVM if the following conditions are met:
    • You are using the application under the standard license.
    • In the Light Agent settings, the advanced SVM selection algorithm is selected, which is not available under the standard license.
    • There are no SVMs matching the specified value of the SVM path parameter.
    • The Light Agent has never connected to the SVM.

    Refer to the Knowledge Base for more details.

  47. The process that belongs to a trust group with more restrictions on access to operating system resources, cannot start a process that belongs to a trust group with less restrictions.
  48. In the SVM properties in Skala-P Management console, information is displayed that an outdated version of Guest Tools is installed on the SVM if the Guest Tools version does not match the version of the R-Virtualization hypervisor.
  49. It is not possible to convert tasks that are performed on the protected virtual machines using the wizard for mass conversion of policies and tasks in Kaspersky Security Center.
  50. Remote installation of Light Agent for Windows and Light Agent for Linux using Kaspersky Security Center Web Console is not supported. You can install Light Agent remotely using the Administration Console.
  51. If, when working with Kaspersky Security Center Web Console, the certificate received from the Integration Server is identified as untrusted and you confirm the certificate identity by selecting the Ignore option, the application will not remember your choice, and the certificate error will be displayed again at the next connection.
  52. Kaspersky Security Center Web Console does not support differentiation of access rights to Kaspersky Security functional areas.
  53. When Kaspersky Security management web plug-ins are updated or uninstalled, the files with additional web plug-ins operation settings (AdvancedPluginSettings.json) are deleted as well. If you use these files, create and configure them again after updating web plug-ins.
  54. In Kaspersky Security Center Web Console, when you change the policy and task settings, operation in the Changes pending confirmation window is not supported.
  55. Application Control rules for the Application Privilege Control component and the application or application group network rules for the Firewall component cannot be configured in Kaspersky Security Center Web Console. You can configure the application control rules and the application or application group network rules in the Administration Console.
  56. Kaspersky Security Center Web Console does not support adding, deleting, and reordering network packet rules for the Firewall component. You can add, remove, and reorder network packet rules for the Firewall component in the Administration Console.
  57. Kaspersky Security Center Web Console does not support configuration of the following types of policy profile activation rules: rules for using Active Directory, rules for a specific device owner, and rules for hardware characteristics. If necessary, you can configure these policy profile activation rules in the Administration Console.
  58. For correct display of an event selection in Kaspersky Security Center Web Console, in the Monitoring and reports Event selections section, when adding a selection in the New event selection window, first specify the version of the web plug-in –, and then select the required web plug-in name from the list, even if it was already selected earlier.
  59. The virtual infrastructure on the Citrix Hypervisor platform incorrectly detects the number of licensing units that use a license key with a limitation on the number of processor cores or a key with a limitation on the number of processors. Key usage reports in Kaspersky Security Center display incorrect information and generate events on exceeding the licensing limit for these keys.
  60. The Windows 7 guest operating system is only supported if the latest updates and ESU (Extended Security Updates, see Microsoft documentation) are installed. If the latest updates and ESU are not installed, the operating system may consider Kaspersky Security modules untrusted, and the application may not start.
  61. If Light Agent for Windows is installed on a virtual machine running Windows 7 or Windows Server 2008 R2 SP1, after upgrading Light Agent to version 5.2 locally on the virtual machine, restart the operating system. Light Agent will not start until the operating system reboot.
  62. When operating in the real-time mode, System Integrity Monitoring does not control changes to files and folders for which short filenames or environment variables are specified in the control scope for the path or file name. When creating the control scope for the files and folders, specify long filenames and do not use environment variables.
Page top