Kaspersky blocks Outlook

Hello everybody who wants to help me.

I have a bigger issue with my VPN client and Outlook running on one of them.
Let me describe it. And please, be patient.

Well, I have a computer connected to my company network via VPN. Few days ago I got a report that Outlook does not receive any emails. They were able to access the mail only using browsers but not via MS Outlook. It was weird because I did not do any changes within my VPN computers.

Settings for this PC: The connection to the Internet is disabled for all by Kaspersky Endpoint Security for Windows 10 (managed by Kaspersky Security Center from DC), except webmail and a few webpages needed for the work.

So I took this PC to my office for testing (now it was connected to local network).
1. Reinstallation of the KES didn't solve it.
2. When I turned off Kaspersky Endpoint Security, PC gains full access to the Internet (because the Kaspersky policy became inactive) and everything was OK and Outlook ran. But we need the Kaspersky working so this is not a solution.
3. When the all policies were on I was able to access the mail via name of the server in browser (mail-server/) but not via IP address of the server (all pings were successfull and I could log in via server name) - also weird. Outlook didn't work.
4. I also noticed that if I use the name of mail server, it automatically switched into insecure http page and I could log in to the mail but if I used an IP address, it switched into secure https mode and I was unable to login to the mail.
Considering this I denied the 443 port in Kaspersky and surprisingly the Outlook, mail via IP and mail via server name were all working.
So I put the PC to the remote location via VPN and guess what happened! Nothing because it wasn't working (the port 443 was denied). I was able to get into the mail only via an IP in browser again but not via Outlook.

So I took a spare PC and tried the same thing with the same settings and the result was ... exactly the same. So it is not an issue of the specific computer.

I think it is an Kaspersky issue. I've found several articles with this problem but with no real solution.

Could you please help me with this problem?

Well, there is one thing you should know. Windows GPO doesn't apply via VPN (I am solving this in another article). But there shouldn't be a real problem because it contains only password policy and this: see the attachment.

But I am not really sure if the Kaspersky applies its policy. Then the problem could be there.

 Untitled.png
LVL 13
Hello ThereSystem AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tahir QureshiSystem AnalystCommented:
As per you description it is Kespersky issue

have you add the outlook application to trusted zone
try adding both port plus port as well

there is anarticale describe how to add into trusted zone

https://support.kaspersky.com/7834
0
Hello ThereSystem AdministratorAuthor Commented:
It's been working for months, maybe years. Outlook is included in Trusted applications.
0
DIPRAJCommented:
hi...
1. go to outlook add-in options.
2. in the add-in options ---go to email protection tab.
3.email protection tab- go to settings
4. select the mail scan options(  1.Scan upon receiving. 2.Scan when read.3.     Scan upon sending.)
5.click ok and then check.

thanks.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Hello ThereSystem AdministratorAuthor Commented:
Should I do this with my current settings? (Port 443 disabled so I could get there)
0
DIPRAJCommented:
Yes.. check in one system which is having this issue.
0
DIPRAJCommented:
pls let us know which version of outlook client you are using.
0
Hello ThereSystem AdministratorAuthor Commented:
Version: Outlook2010 14.0.7128.5000 32-bit

So I used working settings and got into Outlook settings. Only Scan when read was unchecked so I checked it and switched it into non-working environment. Still the same problem. If I type an IP address (instead of the server name) it says: see the attachment. Outlook has the same problem (Outlook icon is red and says: Kerio Outlook Connector Offline). Only server name works.

I also tried to disable the Mail-Antivirus but with no results.

SSLerror.jpg
0
masnrockCommented:
What changed at the time it stopped working?
0
Hello ThereSystem AdministratorAuthor Commented:
Nothing if you're asking if I did any network, VPN changes etc.

I know that something caused this but I cannot realise any changes related to this.
0
masnrockCommented:
I was thinking more along the lines of server changes or software changes. Sometimes even a simple upgrade will be at the root of problems.

What version of Kaspersky? I think there is a place you have to specify that a secure connection is being made to the mail server.
0
Hello ThereSystem AdministratorAuthor Commented:
I've figured out stomething.

Users are able to access the mail from the local network (IP or name of the server) and public network via mail.xxx.com

If I add the public address to the list of permited websites in Kaspersky policy, it works. Outlook works, IP address works, server name works.

My question is why? The computer is connected via VPN so it should be able to connect to the company network via IP by default, not in case after I allow public address.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
masnrockCommented:
This sounds like you're overcomplicating things. Why not only have mail.xxx.com configured? Then it would be your call on whether to use split DNS on the network (that way it can resolve to an internal IP when in the office, and to the external when not in the office).
0
Hello ThereSystem AdministratorAuthor Commented:
Maybe you're right but we are using this solution. I asked this question to find solution for this issue because that computer worked fine before but it doesn't do now and I'd like to know why.

To the changes... I actually realize that my colleague was extending the range of IP addresses it that time.
0
Hello ThereSystem AdministratorAuthor Commented:
Any other solutions?
0
Edson FariaCommented:
Hi, you just need to add the outlook.office365.com on the trusted list in webfilter options.

> Policys on KSC10
> Edit
> Endpoint Control
> Web Control
ADD > new policy Outlook > Edit

name > any
filter content >  any content
a´´pply to addresses > to individual addresses

ADD this:
https://outlook.office.com/*
https://outlook.office.com/owa/*
https://outlook.office365.com/*

Action > Allow
Schedule > always

Save this, and wait replication on all endpoints.



But i really don't understand why the Kaspersky made this atualization to stop work the outlook.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Outlook

From novice to tech pro — start learning today.