@kilo2, ответ разработчиков: "На хосте клиента установлено ПО CheckPoint - Endpoint Connect. Скорее всего именно оно выполняет редирект соединений на локальные адреса."
Posts made by Alexander.Matrosov
RE: Мониторинг сети показывает все соединения как локальные
Неверная ошибка при смене пароля
1. Переходим в раздел Профиль -> Редактировать профиль -> Изменить пароль
2. Вводим НЕверный текущий пароль и любой новый
3. Нажимаем кнопку "Изменить пароль"
Ошибка, связанная с длиной нового пароля (даже при длине нового >6)
Ошибка о неверном вводе текущего пароля
Прямые ссылки на страницы qainfo автоматически превращаются в кривые относительные
1. Заводим топик/баг/тему
2. Вставляем ссылку на какую-либо страницу qainfo (f.e. http://qainfo.ru/login)
3. Публикуем баг/топик/тему
URL после публикации автоматически становится наподобие такого:
и поэтому отправляет на подобные урлы:
(а не на страницу /login, как было задумано)
Либо преобразование в рабочие относительные ссылки, либо без преобразования, чтобы оставались прямыми
Неверная ошибка авторизации
1. Заходим на страницу http://qainfo.ru/login
2. Вводим корректный email-адрес (своего уже зарегистрированного аккаунта)
3. Вводим НЕверный пароль
Ошибка наподобие "Неправильно указана электронная почта или пароль"
RE: Beta-Testing Guide
Section 7 - QA Info (external bug tracker)
QA Info is used for tracking the issues reported during beta-testing. It is based on the open bug tracking software Redmine and replaces the Google Docs used previously. The launch of the project was discussed in this topic.
1. Register and configure your account
Users who do not have an account at QA Info can only view issues which were already submitted to the tracker. If you want to make use of the features of the tracker you need to register an account:
- get notifications via email about news and changes to watched issues
- confirm that a bug fix was fixed (by changing the status of an issue from fixed to closed)
- discuss the problem with KL employees in the comments of an issue
- submit new issues to the tracker
- manage the news: add, edit and delete
KL employees, additionally:
- edit all fields of an issue
- manage projects
1.1. Register an account
You can register an account here: http://bug.qainfo.ru/account/register. The page should be displayed in your language automatically (based on browser settings).
Explanation of the fields:
- Login: may contain Latin characters, numbers and some other characters
- Nickname (KL Forum): in parenthesis enter your nick name used in the forum, for example: (JanRei)
- Language: you can choose the language you want to use for the tracker, or select (auto) for letting Redmine choose the language automatically
- User ID (KL Forum): enter your user ID in the forum. Specifying this information allows to quickly contact you in case more information is required about some issue. The ID is part of the URL to your profile, for example: https://forum.kaspersky.com/index.php?showuser=7141 -> enter 7141
An example for filling the registration form:
A few minutes after you have registered you should get an email from firstname.lastname@example.org with instructions how to activate your account. In case there should be problems using the tracker please write a private message to Ilya Zadonsky (please use "QA Info" as subject).
1.2. Recommended settings
After you have activated your account it is recommended to change some settings on the page My Account:
- check the option "Hide my email address"
- specify your time zone
- select your preferred method of notification by email
Registered users can personalize My Page, and add the blocks of information: "Watched issues", "Latest news", "Calendar", "Documents" and "Spent time". Modules "Documents" and "Spent time" are not used, so do not add them to the page.
To configure your personal page select "My Page" in menu at the top of the page and then follow the link "Personalize this page". You can add a block by selecting it from the drop down menu and clicking on the "Add" button. Using the mouse you can then move the block at the position you like. By clicking on the X you can remove a block from the page. To complete the personalization click on "Back".
2. Working with external tracker
The home page of QA Info shows the latest news and a list of bug lists (projects) with recent changes.
Issues reported in the forum are transferred by moderators to the external bug tracker. In the forum post a link to the issue is added to the field "Reason for edit". Following the link you can view the current status of the issue and its history.
2.1. Description of the fields
When working with issues the following fields are used:
- Tracker - indicates in which forum the issue was reported: Russian forum (RUS frm) or English forum (ENG frm)
- Post - ID used in the link to the bug report in forum (value will be transformed into a link leading to the bug report), for example:
- https://forum.kaspersky.com/index.php?s=&showtopic=297701&view=findpost&p=2277595 -> the ID is 2277595
- ID - number that identifies the issue in internal bug tracker of KL (value is a link which can only be used by employees)
- Pri - indicates the priority of the issue:
- 4 (Low) - would like to fix but the product can be released as it is
- 3 (Medium) - should be fixed if time permits
- 2 (High) - must be fixed before release of the product
- 1 (Stop Bug) - must be fixed immediately, blocks further testing, very visible
- Status - shows the current status of the issue, possible values are:
- .. - issue was added to the tracker, but was not yet processed by an employee
- need more info - employees were unable to reproduce the issue, more information from the beta-tester are required for processing the bug report
- rejected - the described behavior is not a bug (reason is specified by employee in comment) or required information were not provided
- accepted - issue was reproduced by employee and was accepted
- will be reviewed - issue or suggestion will be considered in future versions of the product
- fixed - developers reported that the issue was fixed or the suggestion was implemented
- reopened - according to beta-tester the issue was not fixed properly
- closed - beta-tester or employee confirmed that the issue was fixed
- Subject - brief description of the issue
- Category - distinguishes between bug and suggestion
- β-tester - the beta-tester who reported the issue
- Soft - name of the affected product
- Version - product version where the issue was reproduced
- Lng - used localization (only applies to GUI/Help)
- OS - name of the used operating system
- VfT - status of Application Verifier and Driver Verifier (only applies to Crashes/Dumps/BSOD)
- Description - detailed description of the issue
- Watchers - list of users who will get notified about changes of the issue
2.2. Watching issues
You can receive notifications by email about issues depending on the account settings. The notifications will come from email@example.com. In case you do not get the notifications please also check the spam folder. With default settings you will get notifications in the following situations:
- news was published for the top-level project
- you created an issue or issue was created in a watched project
- watched issue or news was updated
- issue or news was updated, where you have took part in the discussion
To subscribe to news or issues click on the link "Watch":
2.3. Participating in the discussion and changing of the status of an issue
By opening and editing an issue you can take part in the discussion. Fill in the field "Note" to add a comment. You can also change the value of some fields (for example, set the task status, version, product name, OS, ...). It depends on your rights which fields you are allowed to change.
If an issue has the status fixed, users with standard rights can confirm the fix by changing the status to closed. Moderators can also re-open it and change the status to reopened.
2.4. Using filters
The tracker allows to show the submitted issues using predefined filters. They are listed in the sidebar. Some filters are only available for certain sub-projects:
- Project groupe (all issues in "QA Info"): available for all projects, lists all open issues based on their project they belong to. If you want to use this filter go to "Projects" and then click on "View all issues" (http://qainfo.ru/redmine/issues)
- Status groupe (for all projects): available for all projects, issues are grouped by their status
- Default View (dmp): used for sub-project "Crashes/Dumps/BSOD", additionally shows the columns "OS" (operating system) and "VfT" (Verifier status)
- Default View (GUI): used for sub-project "GUI/Help", additionally shows the column "Lng" (localization)
- Default View (W&D): used for sub-project "Wishes and deals" (suggestions for the bug tracker)
RE: Beta-Testing Guide
Section 6 - Glossary and abbreviation expansion
Components of the product
- Anti-Banner = component that blocks advertising information located on banners built into interfaces of various programs installed on your computer or displayed online.
- Anti-Phishing = component that tracks attempts to open phishing websites and blocks them
- Anti-Spam = component that allows detection of unwanted messages (spam)
- AVZ = scripts to solve problems in the system
- Exclusions & Trusted Zone = Exclusion is an object excluded from scanning by the product. Trusted zone is the user-created list of objects which should not be controlled by the product.
- GUI = Graphical user interface
- HIPS, Application Control = component that logs the actions performed by applications in the system, and manages the applications' activities, based on which group they belong to. A set of rules is defined for each group of applications.
- IDS = Network Attack Blocker
- IM AV = component that scans traffic of instant messengers (such as ICQ, AIM etc.)
- Installer = the program installing the product or an application
- Mail AV = Mail Anti-Virus scans incoming and outgoing messages for the presence of malicious objects
- OAS = File Anti-Virus (On Access Scan)
- ODS = On Demand Scan
- PC, Parental Control = component that monitors the users' access to the Internet, in order to restrict access to some kind of resources or certain URLs.
- PDM = Proactive defense
- Qscan, Rootkit scan = technology of scanning hard-to-detect threats which hide the traces of their activity
- Quarantine = folder where objects are saved in encrypted form, which rules out the threat of infection. It also stores backup copies of objects created before disinfection or deletion.
- RD, Rescue Disk = component that creates a bootable disk to be able to boot a computer that is extremely infected and cannot be disinfected by anti-virus program.
- Self-Defense = module that blocks closing the product or changing its settings independently from user's wish
- SK, Safe Keyboard = technology allowing you to type personal data (such as passwords or credit card numbers) using your hardware keyboard while avoiding its interception by keyloggers, which are programs that register keystrokes.
- SM, Safe Money = starts the browser in an isolated environment for safe online banking.
- SW, System Watcher = system events monitor. It collects and saves different events logs and provides it to the product's components in order to detect events sequences that are characteristic to malware.
- Updater = module for updating databases or the product's modules
- VK, Virtual Keyboard = special tool for typing personal data (such as passwords or credit card numbers) to avoid its interception by keyloggers, which are programs that register keystrokes.
- Vulnerability scan = scanning of vulnerabilities in the installed programs
- Web AV, Web Anti-Virus = component that scans internet traffic.
- WMUF = database of dangerous URLs
- Build = assembly, also last number of the product's version
- Alpha-version = the beginning state of product's development, a version that may miss most of new functionality
- Beta-version = a version that has the complete functionality and is ready to be tested by components
- RC, Release Candidate = a build that can become the release
- TR, Technical Release = a build technically ready to go in production (pending printing boxes, writing knowledge base or help content etc.)
- CR, Commercial Release = the product on sale, the moment Technical support is responsible for the product
- CF, Critical Fix = build fixing critical bugs in the product and possibly some new functionality
- MP, Maintenance Pack / MR, Maintenance Release = package of updates. Found bugs are fixed as well as new functionality can be added there. This is analogous to Service Packs of Microsoft products.
- Hotfix, Patch = urgent update fixing critical bugs
Other common terms
- Alert = informational pop-up of the product that allows to choose an action
- Balloon = informational window of the product
- BSOD, Blue Screen of Death = window of blue colour that is shown on crash of the operating system
- Bug = error in function of program or its interface
- Case = scenario of testing or steps to reproduce a bug
- Change log = list of changes of a certain build
- Crash = abnormal closing of an application or operating system
- GBT, Gold Beta Tester = the title the most active beta-testers are awarded with in the end of the product's development cycle
- KL = Kaspersky Lab
- Memory dump = file containing the complete data about system memory state at the moment of crash
- Screenshot = image file taken by the computer to record the visible items displayed on the monitor
- Traces = log files with all the actions performed by the product which help developers to localize and solve an issue
- Tray = the area of taskbar (next to the system time) with icons of running applications
- VirLab = Virus laboratory of KL
RE: Beta-Testing Guide
Section 5 - Removing leftovers of the product after incorrect removal
A special utility can be used if leftovers remain after removal of the product, the regular removal does not work or it is rolled back automatically. You can find instructions regarding its use in this Knowledge Base article: http://support.kaspersky.com/common/service.aspx?el=1464.
i | During beta-testing the utility might be not compatible yet with new products.
The following instruction describe how you can remove the product manually after booting Windows into safe mode. Not all leftovers are removed this way, but you should be able to reinstall it after that. Please reboot the system after you are done.
1) Remove the Kaspersky folders from:
- 32 bit: C:\Program Files\
- 64 bit: C:\Program Files (x86)\
- Windows XP: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\
- Windows Vista/7/8/10: C:\ProgramData\Kaspersky Lab\
2) Remove all drivers kl* from C:\Windows\System32\drivers\
3) Remove the following keys from registry:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KL* (change the owner to Everyone before that)
- HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ (search for "Kaspersky" and remove both keys from Installer and Uninstall)
4) Remove the entries klmouflt and klkbdflt (only these entries) from followings keys:
5) Remove the MSI file belonging to the product from C:\Windows\installer\ (can by identified by digital signature).
If the removal of the keys does not work try to change the permissions as described below. The general procedure should be the same in all Windows versions. However, the exact names of the options could be different.
1) Right click on the key and choose "Permissions".
2) Click on "Advanced" and select the tab "Owner".
3) Select "Everyone". If "Everyone" is not listed insert it manually via "Other users or groups" (simply write it into the text field).
4) Enable "Replace owner on subcontainers and objects".
5) Click on "Apply".
6) Select the tab "Permissions" and enable "Replace all child object permissions with inheritable permissions of this object".
7) Choose "Everyone" and click on "Edit".
8) Grant "Full Control" by ticking the corresponding checkbox.
9) Confirm all dialogs with "OK"/"Yes".
RE: Beta-Testing Guide
Section 4 - Changing update servers and creating a Virtual Machine
Changing update servers
Sometimes Kaspersky Lab representatives may ask you to switch to another update server. In order to change the update source, go to: Settings > Additional > Update > Select update source > Add.
There, enter the address you got from the representative. Also disable "Kaspersky Lab update servers" and save changes if necessary. Start update after these steps. In some cases you may need to restart the computer after the update. Then try to reproduce the issue and let Kaspersky Lab representatives know of the results. Then follow their further instructions.
i | The databases on test update servers are updated less often than on the public ones. Please do not inform about this.
i | While testing a new patch you should stay on the test update server until it is officially available for all users. Otherwise there can be conflicts with patches released previously. If you want to switch back to official servers before the patch is released, it is recommended to reinstall the product.
! | In most cases, disabling the test update server does not result in updating from the public servers. Then you need to make additional steps to return to the default update servers: manually update the product from any of usual servers for example http://dnl-01.geo.kaspersky.com/ once. Afterwards you can disable all update sources except "Kaspersky Lab update servers".
Creating a Virtual Machine
1) Create a New Virtual Machine.
2) Select that the operating system will be installed later.
3) Choose the operating system that will be installed.
4) Provide a name for the virtual machine, so it can be distinguished from others. It is recommended to specify a convenient location of the machine. By default, it is quite deep in the user profile.
5) Specify the maximum size of the disk. Windows 7 needs 20 GB, for Windows XP only 10 GB are enough. Most importantly, choose the type of disk: it should be Split!
6) Everything is ready. If you want to change some settings of the virtual hardware, you can do this by clicking on the button "Customize Hardware". This is usually not required.
7) After creating the machine, simply run it and install the system. Then reproduce the problem, shut down the system and send the machine to us.
RE: Beta-Testing Guide
Section 3 - Solutions of problems and sending the necessary information to developers of Kaspersky Lab
During testing the product/system may crash or malfunction. Do not panic if this came suddenly and try to recall all your previous actions which could be changing or installing some programs or settings. When describing a problem try to recall how it occurred, what preceded it and which measures you took to fix the problem.
Screenshots should be attached to posts in the forum. The other information described in this section should be archived first. A good utility for that is 7-Zip. Then attach the archive to the forum post. Alternatively, upload it to ownCloud (you can use desktop clients for that) or https://cloud.qainfo.ru/. Logins and passwords for ownCloud and FTP access are sent individually. Please contact Ilya Zadonsky for the needed credentials. Please do not use other file-sharing resources.
Go to the appropriate topic and describe the problem situation in detail. Do not forget to point out the build number and Windows version including Service Pack number. Attach the collected information to your post or mention the file name or download link. After posting the information wait for advice of Kaspersky Lab representatives or other beta-testers.
i | The collected information (logs and dumps) might be saved in encrypted form to protect users' data. Encrypted files have the extension ENC1.
i | To start Windows in safe mode press F8 before Windows is started. For Windows 8 press Shift+F8.
i | If the product is slow or uses a lot of memory this can be related to Application Verifier or Driver Verifier.
Disabling Application Verifier or Driver Verifier
Usually Application Verifier and Driver Verifier are enabled in beta-versions and help solving possible issues. Please try to disable them if you have performance problems. For this boot Windows into safe mode first, or alternatively disable Self-Defense and exit the product. The system needs to be restarted for the changes to take effect.
avp.exe(for service process) andavpui.exe(for GUI process) of the following key in registry:32 bit:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\64 bit:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\andHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
- Application Verifier: Delete the subkeys
VerifyDriverLevelandVerifyDriversof the registry keyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
- Driver Verifier: Delete the parameters
1. Trace LogsIf enabled (might be the default in beta-versions), the product creates detailed logs about what the program is doing. Please note that these logs get very big. It is recommended to have logging only enabled while reproducing a problem. If logging is already enabled disable it and delete existing logs first before reproducing the problem. Also, if some protection components or background programs are not relevant you can disable/exit them.To enable trace logs open the main window and click on "Support" at the bottom and then on "Support Tools". Set the required level (usually "Recommended"), click on "Enable", reproduce the problem and click on "Disable" after being done. The files are saved in the following location:Windows XP:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\Windows Vista/7/8/10:C:\ProgramData\Kaspersky Lab\Log files are text files and use the following naming schema:KAV.[version][hotfix]_[date]_[time]_[process ID].[log type].log<.enc1>Example:KAV.220.127.116.11_03.16_17.13_2664.SRV.logThe files might be saved in encrypted form and then have the additional extension ENC1.Exit the product by right clicking on the K symbol in tray and choosing "Exit". Archive the log files and upload them as described. Do not forget to start the product again after that.
2. Process Monitor LogsProcess Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.Download it from here:1) Run ProcMon as admin.2) Go to Filter > Enable Advanced Output.3) Then hide ProcMon and reproduce the problem. After this open ProcMon and stop logging with File > Capture Events.4) To save the result choose "Events to save:" -> "All events", "Format" -> "Native Process Monitor Format (PML)" and set the path.3. Dump files of Kaspersky productThese files contain the complete data about the state of the product. It is required to diagnose crashes or hang of the product.3.1. Dump files written on crash of Kaspersky productIf the product crashes dump files are automatically created. After that, the product notifies the user about the incident and shows the location where the files were written to. Open the following folder to find the files:Windows XP:C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\Windows Vista/7/8/10:C:\ProgramData\Kaspersky Lab\Dump files have the extension DMP and use the following naming schema:KAV.[version][hotfix]_[date]_[time]_[process ID]_[dump type].[dump size].dmp<.enc1>Example:KAV.18.104.22.168_03.16_17.13_2664.GUI0.full.dmpThe files might be saved in encrypted form and then have the additional extension ENC1.Find the dump files (usually there are 3 of them), archive them and upload them as described.3.2. Manual creation of dump files on product hang- Using special utility "kavlog":- Using Task Manager (Windows Vista/7/8/10):- Using Debugging Tools for Windows: see next subsection3.3. Manual creation of dump files with WinDbgDownload the Windows Software Development Kit:Windows XP:Windows Vista/7/8/10:The package contains some utilities for developing Windows applications. During installation only choose "Debugging Tools for Windows", the other components are not needed. There are two versions of the debugger, one for 32 bit systems and one for 64 bit systems. Use the correct version (x86 or x64) for your system.3.3.1. Creation of dump files if another application crashesAfter you have installed the Debugging Tools you can define WinDbg as your default debugger. Then WinDbg should start automatically if an application crashes and you can create a dump of the process.1) Launch a command prompt with administrator privileges.2) Go to the directory of WinDbg, for example:32 bit:cd C:\Program Files\Windows Kits\8.1\Debuggers\x8664 bit:cd C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64The path to windbg.exe depends on the installed SDK version, please adjust accordingly.3) Launch WinDbg with -I parameter:windbg.exe -IIf everything is done correctly, there should be a message that WinDbg has been set as default debugger successfully.Now reproduce the problem. After the application has crashed WinDbg should start automatically. Input the following command (insert your user name):Windows XP:.dump -ma C:\Documents and Settings\<Username>\Desktop\KIS.dmpWindows Vista/7/8/10:.dump -ma C:\Users\<Username>\Desktop\KIS.dmpPlease note that the command begins with full stop.With -ma option WinDbg will create a full dump, even though WinDbg will report that it created a minidump. The next part of the command is the location of the dump file. The name can be whatsoever, but the specified folder should exist. And you should choose a folder where you can write into. In the example the dump will be created on your desktop.If you do not want to have WinDbg set as your default debugger anymore:Windows XP: Launch a command prompt with administrator privileges and input the commanddrwtsn32 -iWindows Vista/7/8/10: Save the following text as reg file, right click it and choose "Merge":
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug] "Auto"=- "Debugger"=- [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug] "Auto"=-"Debugger"=-3.3.2. Creation of dump files if the Kaspersky product or another application hangsWhen a process hangs you can get a dump the following way:1) Start WinDbg with administrator privileges.2) In menu "File" click on "Attach to a Process" or press F6.3) Select the process and click on "OK".4) Input the following command (insert your user name):Windows XP:.dump -ma C:\Documents and Settings\<Username>\Desktop\KIS.dmpWindows Vista/7/8/10:.dump -ma C:\Users\<Username>\Desktop\KIS.dmpYou can put a shortcut on the desktop, in the shortcut properties you can choose to start with administrator privileges. Please note that the command begins with full stop.With -ma option WinDbg will create a full dump, even though WinDbg will report that it created a minidump. The next part of the command is the location of the dump file. The name can be whatsoever, but the specified folder should exist. And you should choose a folder where you can write into. In the example the dump will be created on your desktop.4. Dump files of WindowsThese files contain the complete data of system memory at the moment of crash of the system. You should find the find the file underC:\Windows\MEMORY.DMPArchive it and upload it as described. Please make sure to provide a memory dump if the system crashes.By default Windows creates minidumps but they do not contain enough information for analyzing the problem, a complete memory dump is required.Maybe some settings need to be changed to enable its creation in case of a crash. Also make sure that the path for the dump file is set to%SystemRoot%\MEMORY.DMPand "Overwrite any existing file" is enabled. Depending of the Windows version the places of the corresponding settings differ:Windows XP:1) Right click "My Computer" on desktop2) Choose "Properties"3) Select the tab "Advanced"4) Click on "Settings" in the "Startup and Recovery" boxWindows Vista/7/8/10:1) Right click "Computer" on desktop.2) Choose "Properties".3) Click on "Advanced system settings" in left column.4) Click on "Settings" in the "Startup and Recovery" box.i| Under certain circumstances complete memory dumps are not created. This can happen if the computer has more than 2 GB RAM, the available disk space is less than the size of memory or the swap file is not on the system drive or is completely disabled. The available memory can be limited manually in such cases.In start menu click on "Run" and input "msconfig". Then switch to tab "Boot" or "BOOT.INI" depending on Windows version. Click on "Advanced options", enable "Maximum memory" and specify a value in the corresponding field. In Windows XP the name of the option is "MAXMEM". The change will take effect after a reboot. Also see http://support.kaspersky.com/general/dumps/79894.1. Dump files written on crash of WindowsIf Windows crashes dump files are automatically created. The instructions above apply.4.2. Manual creation of dump filesThere are two ways to create a memory dump manually:1. Insert the following key in registry:PS/2 keyboard:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters] "CrashOnCtrlScroll"=dword:00000001USB keyboard:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters] "CrashOnCtrlScroll"=dword:00000001To cause a BSOD keep the right Ctrl key pressed and press the Scroll key twice.You can find detailed instructions in the following Knowledge Base articles:Windows XP: http://support.kaspersky.com/general/dumps/8003Windows Vista/7/8/10: http://support.kaspersky.com/general/dumps/21422. There also is the utility StartBlueScreen that can be used to cause BSODs on 32-bit systems. Start the utility with administrator privileges:StartBlueScreen.exe 0 0 0 0 0Instead of the zeros you can specify other numbers. They only set the error number and error parameters shown on the BSOD.Pay attention that the utility is not started accidentally.5. Log files of installation/removalLog files are needed for debugging and fixing problem that occur when installing or removing the product. You can read about them in this Knowledge Base article:Archive the files and attach them to your post in the forum. Most logs are creating in temp folder, you can find it here:Windows XP:C:\Documents and Settings\<Username>\Local Settings\TempWindows Vista/7/8/10:C:\Users\<Username>\AppData\Local\TempAfter installation you should find the following files:Temp folder (might be saved in encrypted form and then have the additional extension ENC1):- kl-install-yyyy-mm-dd-hh-mm-ss.log<.enc1>- kl-setup-yyyy-mm-dd-hh-mm-ss.log<.enc1>- kl-preinstall-yyyy-mm-dd-hh-mm-ss.log<.enc1>Other files:Windows XP:C:\Windows\setupapi.logWindows Vista/7/8/10:C:\Windows\inf\setupapi.app.logandC:\Windows\inf\setupapi.dev.logDuring removal a log with unique name MSI*.log is created in temp folder. If there are several log files with such a name, then in order to find the necessary log look for the log with the latest creation date/time.6. GetSystemInfo reportGetSystemInfo (GSI) is a special utility for collecting information about the system, drivers and applications installed on it, running processes and so on. Disable Self-Defense of the product and start the utility with administrator privileges. Do not forget to re-enable Self-Defense once the report is made. Archive the GSI report and attach it to your post in the forum.You can find detailed instructions in this Knowledge Base article:.7. ScreenshotA screenshot is an image file taken by the computer to record the visible items displayed on the monitor. Please do not use third-party resources and attach screenshots directly to the post in the form.To make a screenshot under Windows XP follow the instructions in this Knowledge Base article:Under Windows Vista and above there is a special utility called "Snipping Tool" for that:.
Rescue Disk 2010You can find detailed descriptions in the following Knowledge Base articles:- Hardware information:- Trace Logs:
Restore Utility (part of KTS)Logs are gathered in%TEMP%\KLRTTo enable logs in release version, editkasperskylab.pure.restoretool.exe.config- it should be in the same folder as the utility or in:32 bit:C:\Program Files\Kaspersky Lab\Kaspersky Total Security x.y.z\Kaspersky Restore Utility\64 bit:C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security x.y.z\Kaspersky Restore Utility\After</startup>you should add:
<appSettings> <add key="EnableTraces" value="true"/> </appSettings>