asked on
Kaspersky blocks Outlook
Hello everybody who wants to help me.
I have a bigger issue with my VPN client and Outlook running on one of them.
Let me describe it. And please, be patient.
Well, I have a computer connected to my company network via VPN. Few days ago I got a report that Outlook does not receive any emails. They were able to access the mail only using browsers but not via MS Outlook. It was weird because I did not do any changes within my VPN computers.
Settings for this PC: The connection to the Internet is disabled for all by Kaspersky Endpoint Security for Windows 10 (managed by Kaspersky Security Center from DC), except webmail and a few webpages needed for the work.
So I took this PC to my office for testing (now it was connected to local network).
1. Reinstallation of the KES didn't solve it.
2. When I turned off Kaspersky Endpoint Security, PC gains full access to the Internet (because the Kaspersky policy became inactive) and everything was OK and Outlook ran. But we need the Kaspersky working so this is not a solution.
3. When the all policies were on I was able to access the mail via name of the server in browser (mail-server/) but not via IP address of the server (all pings were successfull and I could log in via server name) - also weird. Outlook didn't work.
4. I also noticed that if I use the name of mail server, it automatically switched into insecure http page and I could log in to the mail but if I used an IP address, it switched into secure https mode and I was unable to login to the mail.
Considering this I denied the 443 port in Kaspersky and surprisingly the Outlook, mail via IP and mail via server name were all working.
So I put the PC to the remote location via VPN and guess what happened! Nothing because it wasn't working (the port 443 was denied). I was able to get into the mail only via an IP in browser again but not via Outlook.
So I took a spare PC and tried the same thing with the same settings and the result was ... exactly the same. So it is not an issue of the specific computer.
I think it is an Kaspersky issue. I've found several articles with this problem but with no real solution.
Could you please help me with this problem?
Well, there is one thing you should know. Windows GPO doesn't apply via VPN (I am solving this in another article). But there shouldn't be a real problem because it contains only password policy and this: see the attachment.
But I am not really sure if the Kaspersky applies its policy. Then the problem could be there.
![Untitled.png]()
I have a bigger issue with my VPN client and Outlook running on one of them.
Let me describe it. And please, be patient.
Well, I have a computer connected to my company network via VPN. Few days ago I got a report that Outlook does not receive any emails. They were able to access the mail only using browsers but not via MS Outlook. It was weird because I did not do any changes within my VPN computers.
Settings for this PC: The connection to the Internet is disabled for all by Kaspersky Endpoint Security for Windows 10 (managed by Kaspersky Security Center from DC), except webmail and a few webpages needed for the work.
So I took this PC to my office for testing (now it was connected to local network).
1. Reinstallation of the KES didn't solve it.
2. When I turned off Kaspersky Endpoint Security, PC gains full access to the Internet (because the Kaspersky policy became inactive) and everything was OK and Outlook ran. But we need the Kaspersky working so this is not a solution.
3. When the all policies were on I was able to access the mail via name of the server in browser (mail-server/) but not via IP address of the server (all pings were successfull and I could log in via server name) - also weird. Outlook didn't work.
4. I also noticed that if I use the name of mail server, it automatically switched into insecure http page and I could log in to the mail but if I used an IP address, it switched into secure https mode and I was unable to login to the mail.
Considering this I denied the 443 port in Kaspersky and surprisingly the Outlook, mail via IP and mail via server name were all working.
So I put the PC to the remote location via VPN and guess what happened! Nothing because it wasn't working (the port 443 was denied). I was able to get into the mail only via an IP in browser again but not via Outlook.
So I took a spare PC and tried the same thing with the same settings and the result was ... exactly the same. So it is not an issue of the specific computer.
I think it is an Kaspersky issue. I've found several articles with this problem but with no real solution.
Could you please help me with this problem?
Well, there is one thing you should know. Windows GPO doesn't apply via VPN (I am solving this in another article). But there shouldn't be a real problem because it contains only password policy and this: see the attachment.
But I am not really sure if the Kaspersky applies its policy. Then the problem could be there.
OutlookVPNSecuritySSL / HTTPS
Last Comment
Edson Faria
ASKER
It's been working for months, maybe years. Outlook is included in Trusted applications.
hi...
1. go to outlook add-in options.
2. in the add-in options ---go to email protection tab.
3.email protection tab- go to settings
4. select the mail scan options( 1.Scan upon receiving. 2.Scan when read.3. Scan upon sending.)
5.click ok and then check.
thanks.
1. go to outlook add-in options.
2. in the add-in options ---go to email protection tab.
3.email protection tab- go to settings
4. select the mail scan options( 1.Scan upon receiving. 2.Scan when read.3. Scan upon sending.)
5.click ok and then check.
thanks.
ASKER
Should I do this with my current settings? (Port 443 disabled so I could get there)
Yes.. check in one system which is having this issue.
pls let us know which version of outlook client you are using.
ASKER
Version: Outlook2010 14.0.7128.5000 32-bit
So I used working settings and got into Outlook settings. Only Scan when read was unchecked so I checked it and switched it into non-working environment. Still the same problem. If I type an IP address (instead of the server name) it says: see the attachment. Outlook has the same problem (Outlook icon is red and says: Kerio Outlook Connector Offline). Only server name works.
I also tried to disable the Mail-Antivirus but with no results.
![SSLerror.jpg]()
So I used working settings and got into Outlook settings. Only Scan when read was unchecked so I checked it and switched it into non-working environment. Still the same problem. If I type an IP address (instead of the server name) it says: see the attachment. Outlook has the same problem (Outlook icon is red and says: Kerio Outlook Connector Offline). Only server name works.
I also tried to disable the Mail-Antivirus but with no results.
What changed at the time it stopped working?
ASKER
Nothing if you're asking if I did any network, VPN changes etc.
I know that something caused this but I cannot realise any changes related to this.
I know that something caused this but I cannot realise any changes related to this.
I was thinking more along the lines of server changes or software changes. Sometimes even a simple upgrade will be at the root of problems.
What version of Kaspersky? I think there is a place you have to specify that a secure connection is being made to the mail server.
What version of Kaspersky? I think there is a place you have to specify that a secure connection is being made to the mail server.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
This sounds like you're overcomplicating things. Why not only have mail.xxx.com configured? Then it would be your call on whether to use split DNS on the network (that way it can resolve to an internal IP when in the office, and to the external when not in the office).
ASKER
Maybe you're right but we are using this solution. I asked this question to find solution for this issue because that computer worked fine before but it doesn't do now and I'd like to know why.
To the changes... I actually realize that my colleague was extending the range of IP addresses it that time.
To the changes... I actually realize that my colleague was extending the range of IP addresses it that time.
ASKER
Any other solutions?
Hi, you just need to add the outlook.office365.com on the trusted list in webfilter options.
> Policys on KSC10
> Edit
> Endpoint Control
> Web Control
ADD > new policy Outlook > Edit
name > any
filter content > any content
a´´pply to addresses > to individual addresses
ADD this:
https://outlook.office.com/*
https://outlook.office.com/owa/*
https://outlook.office365.com/*
Action > Allow
Schedule > always
Save this, and wait replication on all endpoints.
But i really don't understand why the Kaspersky made this atualization to stop work the outlook.
> Policys on KSC10
> Edit
> Endpoint Control
> Web Control
ADD > new policy Outlook > Edit
name > any
filter content > any content
a´´pply to addresses > to individual addresses
ADD this:
https://outlook.office.com/*
https://outlook.office.com/owa/*
https://outlook.office365.com/*
Action > Allow
Schedule > always
Save this, and wait replication on all endpoints.
But i really don't understand why the Kaspersky made this atualization to stop work the outlook.
have you add the outlook application to trusted zone
try adding both port plus port as well
there is anarticale describe how to add into trusted zone
https://support.kaspersky.com/7834