Avatar of Hello There
Hello There
 asked on

Kaspersky blocks Outlook

Hello everybody who wants to help me.

I have a bigger issue with my VPN client and Outlook running on one of them.
Let me describe it. And please, be patient.

Well, I have a computer connected to my company network via VPN. Few days ago I got a report that Outlook does not receive any emails. They were able to access the mail only using browsers but not via MS Outlook. It was weird because I did not do any changes within my VPN computers.

Settings for this PC: The connection to the Internet is disabled for all by Kaspersky Endpoint Security for Windows 10 (managed by Kaspersky Security Center from DC), except webmail and a few webpages needed for the work.

So I took this PC to my office for testing (now it was connected to local network).
1. Reinstallation of the KES didn't solve it.
2. When I turned off Kaspersky Endpoint Security, PC gains full access to the Internet (because the Kaspersky policy became inactive) and everything was OK and Outlook ran. But we need the Kaspersky working so this is not a solution.
3. When the all policies were on I was able to access the mail via name of the server in browser (mail-server/) but not via IP address of the server (all pings were successfull and I could log in via server name) - also weird. Outlook didn't work.
4. I also noticed that if I use the name of mail server, it automatically switched into insecure http page and I could log in to the mail but if I used an IP address, it switched into secure https mode and I was unable to login to the mail.
Considering this I denied the 443 port in Kaspersky and surprisingly the Outlook, mail via IP and mail via server name were all working.
So I put the PC to the remote location via VPN and guess what happened! Nothing because it wasn't working (the port 443 was denied). I was able to get into the mail only via an IP in browser again but not via Outlook.

So I took a spare PC and tried the same thing with the same settings and the result was ... exactly the same. So it is not an issue of the specific computer.

I think it is an Kaspersky issue. I've found several articles with this problem but with no real solution.

Could you please help me with this problem?

Well, there is one thing you should know. Windows GPO doesn't apply via VPN (I am solving this in another article). But there shouldn't be a real problem because it contains only password policy and this: see the attachment.

But I am not really sure if the Kaspersky applies its policy. Then the problem could be there.

 Untitled.png
OutlookVPNSecuritySSL / HTTPS

Avatar of undefined
Last Comment
Edson Faria

8/22/2022 - Mon
Tahir Qureshi

As per you description it is Kespersky issue

have you add the outlook application to trusted zone
try adding both port plus port as well

there is anarticale describe how to add into trusted zone

https://support.kaspersky.com/7834
Hello There

ASKER
It's been working for months, maybe years. Outlook is included in Trusted applications.
DIPRAJ

hi...
1. go to outlook add-in options.
2. in the add-in options ---go to email protection tab.
3.email protection tab- go to settings
4. select the mail scan options(  1.Scan upon receiving. 2.Scan when read.3.     Scan upon sending.)
5.click ok and then check.

thanks.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Hello There

ASKER
Should I do this with my current settings? (Port 443 disabled so I could get there)
DIPRAJ

Yes.. check in one system which is having this issue.
DIPRAJ

pls let us know which version of outlook client you are using.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Hello There

ASKER
Version: Outlook2010 14.0.7128.5000 32-bit

So I used working settings and got into Outlook settings. Only Scan when read was unchecked so I checked it and switched it into non-working environment. Still the same problem. If I type an IP address (instead of the server name) it says: see the attachment. Outlook has the same problem (Outlook icon is red and says: Kerio Outlook Connector Offline). Only server name works.

I also tried to disable the Mail-Antivirus but with no results.

SSLerror.jpg
masnrock

What changed at the time it stopped working?
Hello There

ASKER
Nothing if you're asking if I did any network, VPN changes etc.

I know that something caused this but I cannot realise any changes related to this.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
masnrock

I was thinking more along the lines of server changes or software changes. Sometimes even a simple upgrade will be at the root of problems.

What version of Kaspersky? I think there is a place you have to specify that a secure connection is being made to the mail server.
ASKER CERTIFIED SOLUTION
Hello There

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
masnrock

This sounds like you're overcomplicating things. Why not only have mail.xxx.com configured? Then it would be your call on whether to use split DNS on the network (that way it can resolve to an internal IP when in the office, and to the external when not in the office).
Hello There

ASKER
Maybe you're right but we are using this solution. I asked this question to find solution for this issue because that computer worked fine before but it doesn't do now and I'd like to know why.

To the changes... I actually realize that my colleague was extending the range of IP addresses it that time.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Hello There

ASKER
Any other solutions?
Edson Faria

Hi, you just need to add the outlook.office365.com on the trusted list in webfilter options.

> Policys on KSC10
> Edit
> Endpoint Control
> Web Control
ADD > new policy Outlook > Edit

name > any
filter content >  any content
a´´pply to addresses > to individual addresses

ADD this:
https://outlook.office.com/*
https://outlook.office.com/owa/*
https://outlook.office365.com/*

Action > Allow
Schedule > always

Save this, and wait replication on all endpoints.



But i really don't understand why the Kaspersky made this atualization to stop work the outlook.