Access errors when saving documents in CIFS protocol network folders
Latest update: December 26, 2023
ID: 16014
Show applications and versions that this article concerns
- Kaspersky Endpoint Security 12 for Linux (version 12.0.0.6672)
- Kaspersky Endpoint Security 11.4.0 for Linux (version 11.4.0.1096)
- Kaspersky Endpoint Security 11.3.0 for Linux (version 11.3.0.7508)
- Kaspersky Endpoint Security 11.3.0 for Linux (version 11.3.0.7441)
- Kaspersky Endpoint Security 11.2.0 for Linux (version 11.2.0.4528)
Issue
When trying to save edited documents in docx or xlsx, in office and other applications which use lock files in a similar way, the following errors may occur: “Access error”, “Unable to block the document”, or “Access denied”.
The issue may occur due to the following:
- The edited document is located in a network folder.
- The network folder is mounted using the CIFS protocol.
- The mount point is marked by the file operation interceptor and is not added to global exclusions.
Cause
The error is caused by an interaction problem of the CIFS protocol and fanotify, a technology based on a Linux kernel used to intercept file operations. The problem is that a user application receives the error “EPERM (errno 1 Operation not permitted)” from the operating system when re-creating a temporary file again.
The operating system developer is aware about this issue and is in the process of fixing it.
Solution
- Contact operating system technical support, specify the problem and request a private fix or the kernel version which is not affected by the interaction problem of CIFS and fanotify.
- Add the mount point to global exclusions (the ExcludedMountPoint setting) locally or via the Kaspersky Security Center policy using the instructions below, until the issue is solved by the operating system developer.
How to add a mount point to global exclusions locally
- To add a specific mount point, use the command:
kesl-control --set-app-settings ExcludedMountPoint.item_9999=/path/to/mount
- “/path/to/mount” is the path and name of the mount point.
- To add all the mount points of the CIFS protocol (SMB), use the following command:
kesl-control --set-app-settings ExcludedMountPoint.item_9999=Mounted:SMB
How to add a mount point to global exclusions via the Kaspersky Security Center policy settings
- Open Kaspersky Security Center.
- Go to Policies and open the Kaspersky Endpoint Security for Linux group policy properties.
- Proceed to the General settings → Global exclusions and click Configure.
- Click Add.
- To add a specific mount point or all mount points to exclusions, do the following:
- To add a specific mount point to exclusions, select Local in the drop-down list, specify the path to the required mount point, and click OK.
- To add all the mount points to exclusions, select All remote mounted in the drop-down list and click OK.
- In the Excluded mount points window and the group policy properties window, click OK.
