Enabling diff feeds
February 27, 2024
ID 214353
Kaspersky CyberTrace supports using diff versions of Kaspersky Threat Data Feeds. For more information about diff feeds and how they are downloaded, see subsection "Downloading diff feeds" of the "Working with feeds" section.
Diff versions are similar to regular feeds, but have different IDs. These IDs are stored in additional configuration files included in the distribution kit and are located in the following directories:
Location of additional configuration files
Configuration file | Location (Linux) | Location (Windows) |
---|---|---|
|
|
|
|
|
|
To enable downloading of diff feeds after installation, perform the following steps immediately after you install Kaspersky CyberTrace:
- Stop Kaspersky CyberTrace Service.
- Rename the
kl_feed_util.conf
file (for example, tokl_feed_util.conf.0
). - Rename the
kl_feed_info.conf
file (for example, tokl_feed_info.conf.0
). - Rename
kl_feed_util_diff.conf
tokl_feed_util.conf
. - Specify
accepted
in theSettings > EULA
section ofkl_feed_util.conf
. - Rename
kl_feed_info_diff.conf
tokl_feed_info.conf
. - Start Kaspersky CyberTrace Service.
- Perform the post-installation configuration.
To enable downloading of diff feeds after an update, perform the following steps immediately after you update Kaspersky CyberTrace:
- Stop Kaspersky CyberTrace Service.
- Make a copy of the
kl_feed_util.conf
file, and then rename the copy (for example, tokl_feed_util.conf.0
). - In the
Settings > Feeds > Feed
element of thekl_feed_util.conf
file, change the old Feed IDs to the new ones according to the table below. - Make a copy of the
kl_feed_info.conf
file, and then rename the copy (for example, tokl_feed_info.conf.0
). - In the
kl_feed_info.conf
file, change the old Feed IDs to the new ones according to the table below. - Start Kaspersky CyberTrace Service.
Feed IDs
Feed
Old ID (no diff)
New ID
Botnet CnC URL
65
152
Phishing URL
59
153
Malicious URL
64
154