1. Make sure there are no hardware problems on the device:
   • Device components are functioning.
   • The hard drive integrity is maintained.
   • The RAM is intact.
   Replace defective components if necessary.
2. Check for possible operating system problems:
   • Make sure there is enough free space on the hard drive where files, settings, and databases of third-party software are stored.
     If the drive is full, free up the disc space and restart the device.
   • Install all available updates and restart the operating system.
   • If the operating system requires rebooting after upgrading, or it has been running for a long time and has not yet been rebooted, reboot the system.
3. Upgrade the application that is experiencing the problem to the latest version. The latest versions contain improvements and solutions to known issues, including compatibility conflicts.
4. Make sure that the problem occurs only when Kaspersky Endpoint Security for Windows is installed on the computer: to do this, remove Kaspersky Endpoint Security for Windows and restart the operating system. If the issue persists after removing Kaspersky Endpoint Security for Windows, it is not caused by Kaspersky Endpoint Security for Windows. Contact technical support of the third-party software.
   If you encounter issues when removing Kaspersky Endpoint Security for Windows, follow these instructions.
5. If the problem occurs with client components, repeat all the troubleshooting steps on the device where server components of the third-party application or hardware are installed.

If all the listed steps do not fix the problem, follow the steps below. Carry out them on client and server devices of the problematic application.

1. Install the latest version of Kaspersky Endpoint Security for Windows with an available cumulative patch. If the problem does not occur in a newer version, install this latest version or cumulative patch for the current version on all devices.
2. Update the anti-virus databases. Up-to-date versions contain fixes for known false positives.
3. Enable Kaspersky Security Network to help Kaspersky Endpoint Security for Windows to more accurately determine file reputation and reduce the risk of false detections.
4. Use the predefined scan exclusions and trusted application list available in Kaspersky Endpoint Security for Windows (starting with version 12.6).

1. Reproduce the problem after updating the anti-virus databases and enabling Kaspersky Security Network on the latest version of Kaspersky Endpoint Security for Windows.
2. Open the reports of Kaspersky Endpoint Security for Windows on the problematic device and check events with a Critical and Warning severity level:
   • If Kaspersky Endpoint Security for Windows detects malicious objects in a third-party application, examine the information about this event and the contents of the backup storage.
     

     Detection	Solution
     Not-a-virus	This message may appear when Kaspersky Endpoint Security for Windows is configured to detect legitimate software that can be used by attackers to damage your computer or personal data. If it is necessary to detect such threats in your infrastructure, and the option must not be disabled, configure scan exclusions. In the properties of the exclusions, specify the name of the object according to the Kaspersky Virus Encyclopedia classification.
     Other detections	Collect diagnostic information and contact Kaspersky Technical Support.

   • If a component of Kaspersky Endpoint Security for Windows are blocking a third-party software or hardware, identify and configure the component.
     

     Component	Event	Solution
     Adaptive Anomaly Control	Process action blocked	Check and confirm updates in the sets of rules.
     Web Control	Access denied	Clarify the full list of addresses in the third-party software documentation and create allow rules.
     Web Threat Protection	Connection blocked: The format of transferred data does not allow to scan it for threats. If you trust this resource, add it to scan exclusions.	Contact the vendor of the third-party software or hardware to diagnose violations of RFC standards when exchanging data over HTTP/TLS protocols or create an exclusion to the operation of the component.
     Network Threat Protection	Network attack detected	If PortScan and Flood events are detected, follow these instructions. Otherwise, look up for relevant articles in the Kaspersky Knowledge Base. You can add client addresses to the exclusion list if you suggest that the third-party application is operating properly.
     Firewall	Network activity blocked	Create an allow rule for the address of a subnet that is used by the third-party application.

The Host Intrusion Prevention component puts executable files of applications to one of the trust groups. If an application is placed into a group with restrictions, Kaspersky Endpoint Security for Windows may block some actions or features of this application:

• Access to peripherals, e.g. to audio and video in applications for web conferences.
• Data protection that uses cryptography.
• Creating or saving files, e.g. reports.

To fix the issue:

1. Open Application activity monitor to check what group the application has been placed into.
2. Add minimum required permissions to the applications that you trust using this guide.

If the issue persists, collect diagnostic data and submit a request to Kaspersky Technical Support via Kaspersky CompanyAccount. In your request, specify:

• How removal of Kaspersky Endpoint Security for Windows affects the cause and symptoms of the problem.
• Which recommendations from this article you have used.
• Which component of Kaspersky Endpoint Security for Windows causes the problem (describe the diagnostics results).