Known issues and considerations

The following known issues are non-critical for the operation of the solution.

Known issues when connecting mobile devices to Kaspersky Security Center

• When connecting a new Android device to Kaspersky Security Center with Google Play as an app installation source, the mobile certificate will be issued for 365 days regardless of the validity period set in the Issuance rules. When the certificate is renewed, the validity period will be the one specified in the certificate settings.
• You cannot select and send the connection details to more than 75 users within a single session of Mobile device connection wizard.

Known issues when managing mobile devices

• If you edit the Name and Description fields on the General tab of the device properties, the changes will not be displayed in the list of mobile devices connected to Kaspersky Security Center due to technical limitations.

Known issues of Kaspersky Security for iOS

• The Kaspersky Security for iOS app does not operate properly when a VPN client with an active VPN connection is running on the same mobile device.

Known issues when installing apps

• Kaspersky Endpoint Security for Android is installed only in the main memory of the device.
• On devices running Android 7, an error may occur during attempts to disable administrator rights for Kaspersky Endpoint Security for Android in the device settings if Kaspersky Endpoint Security for Android is prohibited from overlaying other windows. This issue is caused by a well-known defect in Android 7.
• Kaspersky Endpoint Security for Android on devices running Android 7.0 or later does not support multi-window mode.
• Kaspersky Endpoint Security for Android does not work on Chromebook devices running the Chrome operating system.
• Kaspersky Endpoint Security for Android does not work on devices running Android (Go edition) operating systems.
• When using the Kaspersky Endpoint Security for Android app with third-party EMM systems (for example, VMWare AirWatch) without connecting to Kaspersky Security Center, only the Anti-Malware and Web Protection components are available. The administrator can configure the settings of Anti-Malware and Web Protection in the EMM system console. In this case, notifications about app operation are available only in the interface of the Kaspersky Endpoint Security for Android app (Reports).
• When installing Kaspersky Endpoint Security for Android on a corporate device using ADB, if you set a screen unlock password on the device after you reset it to factory settings, you must reset the device to factory settings again before installing the app.

Known issues when upgrading the app version

• You can upgrade Kaspersky Endpoint Security for Android only to a more recent version of the app. Kaspersky Endpoint Security for Android cannot be downgraded to an older version.

Known issues when removing the app

• Before removing Kaspersky Endpoint Security for Android from the device, clear the Block system apps check box in the App Control settings of the policy or disable App Control.

Known issues affecting Wi-Fi

• On iOS MDM devices, if you disable automatic connection to an existing Wi-Fi network in the policy settings, you will not be able to enable automatic connection to this network again. This is due to an issue known to Apple.

Known issues affecting Anti-Malware

• Due to technical limitations, Kaspersky Endpoint Security for Android cannot scan files with a size of 2 GB or more. During a scan, the app skips such files without notifying you that such files were skipped.
• To further analyze a device for new threats for which information has not yet been added to anti-malware databases, you must enable the use of Kaspersky Security Network. Kaspersky Security Network (KSN) is an infrastructure of cloud services providing access to the Kaspersky online knowledge base with information about the reputation of files, web resources, and software. To use KSN, the mobile device must be connected to the internet.
• In some cases, updating anti-malware databases from the Administration Server on a mobile device may fail. In this case, run the anti-malware database update task on the Administration Server.
• On some devices, Kaspersky Endpoint Security for Android does not detect devices connected over USB OTG. It is not possible to run a malware scan on such devices.
• On devices running Android 11 or later, the Kaspersky Endpoint Security for Android app can't scan the "Android/data" and "Android/obb" folders and detect malware in them due to technical limitations.
• On devices running Android 11 or later, the user must grant the "Allow access to manage all files" permission.
• On devices running Android 7 or later, the configuration window for the malware scan run schedule might display incorrectly (management elements are not shown). This issue is caused by a well-known defect in Android 7.
• On devices running Android 7, real-time protection in extended mode does not detect threats in files stored on an external SD card.
• On devices running Android 6, Kaspersky Endpoint Security for Android does not detect the downloading of a malicious file to the device memory. A malicious file may be detected by Anti-Malware when the file is run or during a malware scan of the device. This issue is caused by a well-known defect in Android 6. To ensure device security, it is recommended to configure scheduled malware scans.

Known issues affecting Web Protection and Web Control

• Web Control on Android devices is supported only by Google Chrome, HUAWEI Browser, Samsung Internet, and Yandex Browser.
• The Custom Tabs feature is supported by Google Chrome, HUAWEI Browser, and Samsung Internet.
• Web Control for HUAWEI Browser, Samsung Internet Browser, and Yandex Browser does not block sites on a mobile device if a corporate container is used and Web Protection is enabled only for the corporate container.
• For Web Protection and Web Control to work, you must enable the use of Kaspersky Security Network. Web Control blocks websites based on KSN data on the reputation and category of websites.
• Forbidden websites may remain unblocked by Web Control on devices running Android 6 with Google Chrome version 51 (or any earlier version) installed if the website is opened in the following ways (this issue is caused by a well-known defect in Google Chrome):
  • From search results.
  • From the bookmarks list.
  • From the search history.
  • Using the web address autocomplete function.
  • Opening the website in a new tab in Google Chrome.
• Forbidden websites may remain unblocked in Google Chrome version 50 (or any earlier version) if the website is opened from Google search results while the Merge Tabs and Apps feature is enabled in the browser settings. This issue is caused by a well-known defect in Google Chrome.
• Websites from blocked categories may remain unblocked in Google Chrome if the user opens them from third-party apps, for example, from an IM client app. This issue is related to how the Accessibility service works with the Chrome Custom Tabs feature.
• Forbidden websites may remain unblocked in Samsung Internet if the user opens them in background mode from the context menu or from third-party apps, for example, from an IM client app.
• Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure proper functioning of Web Protection and Web Control.
• On some Xiaomi devices, the "Display pop-up window" and "Display pop-up windows while running in the background" permissions should be granted for Web Protection and Web Control to work.
• Allowed websites may be blocked in Samsung Internet in the Allow only listed websites Web Control mode when the page is refreshed. Websites are blocked if a regular expression contains advanced settings (for example, ^https?://example.com/pictures/). It is recommended to use regular expressions without additional settings (for example, ^https?://example.com).
• If Web Control is set to Prohibit all websites, Kaspersky Endpoint Security for Android does not block search in the Google Search widget. Instead, it blocks user access to the search results.
• In a corporate container, if Web Control is set to Prohibit all websites, Kaspersky Endpoint Security for Android endlessly reloads the Google Chrome home page, blocks the browser, and interferes with the device.
• In Yandex Browser and Samsung Internet, malicious and phishing websites may remain unblocked. This is because only the website domain is scanned, and if it is trusted, Web Protection can skip a threat.
• The list of allowed websites created in the Web Control card does not display in Safari on iOS MDM devices. However, Web Control still works and users can access only allowed websites. To display allowed websites in Safari, select the Add to bookmarks on device check box in the Web Control card and specify the bookmark name for each website from the list.
• If the Check full URL when using Custom Tabs option is enabled in the Web Control section of the policy settings, switching to the full version of supported browsers only works for phishing and malicious websites.
• On iOS devices operating in basic protection mode, when you change the language on the device or restart the device, Web Protection is disabled. To enable Web Protection, after you change the language or the device restarts, wait about a minute and then open Kaspersky Security for iOS.

Known issues affecting Anti-Theft

• For timely delivery of commands to Android devices, the app uses the Firebase Cloud Messaging (FCM) service. If FCM is not configured, commands will be delivered to the device only during synchronization with Kaspersky Security Center according to the schedule defined in the policy, for example, every 24 hours.
• To lock a device, Kaspersky Endpoint Security for Android must be set as a device administrator.
• To lock devices running Android 7 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature.
• On some devices, Anti-Theft commands may fail to execute if Battery Saver mode is enabled on the device. This defect has been confirmed on Alcatel 5080X.
• To locate devices running Android 10 or later, the user must grant the "All the time" permission for device location.

Known issues affecting App Control

• Kaspersky Endpoint Security for Android must be set as an Accessibility feature to ensure proper functioning of App Control. This does not apply to corporate devices.
• For App Control (app categories) to work, you must enable the use of Kaspersky Security Network. App Control determines the category of an app based on data that is available in KSN. To use KSN, the mobile device must be connected to the internet. For App Control, you can add individual apps to the lists of blocked and allowed apps. In this case, KSN is not required.
• When configuring App Control, it is recommended to clear the Block system apps check box. Blocking system apps may lead to problems in the operation of the device.
• On iOS MDM devices, if you specify allowed apps in the list of apps allowed to be installed, all apps except system apps and those added to the list of allowed apps will be hidden on the device screen.
• On some HUAWEI and Honor personal devices, apps from allowed categories may be blocked and apps from forbidden categories may remain unblocked. This is because the category for some apps from the App Gallery cannot be correctly defined.
• On some Samsung and Oppo devices, app icons may remain hidden on the home screen after clearing the Block system apps check box. This is due to limitations of the Android operating system.
• When configuring a corporate container on the device, we recommend clearing the Block system apps check box. Blocking system apps may lead to problems with creating the corporate container.

Known issues affecting Compliance Control

• The Send a message to the user response does not work in Compliance Control for iOS MDM devices.
• If a non-existent operating system version is specified in the Operating system version criterion, the device will upgrade to the latest downloaded operating system.

Known issues when managing certificates

• When the Integrate issuance of certificates with Microsoft Certification Authority (CA) via PKI option is enabled in the Issuance rules, the settings of mail and VPN certificates may remain inactive for a certain time while waiting for the PKI response.
• You cannot automatically renew a mail or VPN certificate uploaded from a file (with the Integrate issuance of certificates with Microsoft Certification Authority (CA) via PKI option disabled in the PKI settings section of the Issuance rules), since there is no access to the Certificate Authority (CA) of such a certificate. To renew the certificate, you need to upload a new certificate file manually.
• When issuing mail or VPN certificates for Android devices in the Certificate issuance wizard, if the Connect without mobile certificate authentication option is selected as the Connection method and the Domain or internal user credentials option is selected as the Authentication method, an error indicating that the login and password are incorrect occurs when the user attempts to receive the certificate. In this case, choose a different authentication method.
• When installing a custom Administration Server reserve certificate using a file in PEM (X.509) format, the "Failed to save the changes" error may occur. We recommend that you try to upload the certificate file again or use a certificate in PKCS #12 format.

Known issues when configuring the device unlock password strength

• On devices running Android 10 or later, Kaspersky Endpoint Security resolves the password strength requirements into one of the system values: medium or high.

  If the password length required is 1 to 4 symbols, then the app prompts the user to set a medium-strength password. It must be either numeric (PIN), with no repeating or ordered sequences (e.g. 1234), or alphanumeric. The PIN or password must be at least 4 characters long.

  If the password length required is 5 or more symbols, then the app prompts the user to set a high-strength password. It must be either numeric (PIN), with no repeating or ordered sequences, or alphanumeric (password). The PIN must be at least 8 digits long. The password must be at least 6 characters long.

• On devices running Android 7.1.1, if the unlock password does not meet the corporate security requirements (Compliance Control), the Settings system app may function improperly when an attempt is made to change the unlock password through Kaspersky Endpoint Security for Android. The issue is caused by a well-known defect in Android 7.1.1. In this case, only use the Settings system app to change the unlock password.
• On some devices running Android 6 or later, if device data is encrypted, an error may occur when the screen unlock password is entered. This issue is related to specific features of the Accessibility service with MIUI firmware.
• On some iOS MDM devices, if the Minimum number of special characters value is specified and the Allow simple password check box is selected, the device displays information about setting a password of 6 or more characters even though it is possible to set a password of 4 or more characters.

Known issues affecting App removal protection

• Kaspersky Endpoint Security for Android must be set as a device administrator.
• To protect the app from removal on devices running Android 7 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature.
• On some Xiaomi and HUAWEI devices, Kaspersky Endpoint Security for Android removal protection does not work. This issue is caused by the specific features of MIUI 7 and 8 firmware on Xiaomi and EMUI firmware on HUAWEI.

Known issues when configuring device restrictions

• On personal devices and devices with a work profile running Android 10 or later, prohibiting the use of Wi-Fi networks is not supported.
• On devices running Android 11 or later, Kaspersky Endpoint Security for Android must be set as an Accessibility feature. Kaspersky Endpoint Security for Android prompts the user to set the app as an Accessibility feature through the Initial Configuration Wizard. The user can skip this step or later disable this service in the device settings. If this is the case, you will not be able to restrict use of the camera.
• On iOS MDM devices, users may be able to enable Spotlight internet search results in Siri Suggestions even if the Prohibit Spotlight suggestions check box is selected. This is due to an issue known to Apple.
• On Android devices, when use of the camera is prohibited, some apps may close automatically. This issue is due to how services and features such as Android System Intelligence and Screen Attention use the device camera to keep the screen on while the user is looking at it.

Known issues when sending commands to mobile devices

• On devices running Android 12 or later, if the user granted the "Use approximate location" permission, the Kaspersky Endpoint Security for Android app first tries to get the precise device location. If this is not successful, the approximate device location is returned only if it was received within the last 30 minutes. Otherwise, the Locate device command fails.
• The Locate device command does not work on Android devices if Google Location Accuracy is disabled in the settings. Please be aware that not all Android devices come with this location setting.
• If you send the Enable Lost Mode command to a supervised iOS MDM device without a SIM card and the device is restarted, the device won't be able to connect to Wi-Fi and receive the Disable Lost Mode command. This is a specific feature of iOS devices. To avoid this issue, you can either send the command only to devices with a SIM card, or insert a SIM card into the locked device to allow it to receive the Disable Lost Mode command over the mobile network.
• The Reset to factory settings command is unavailable for personal devices and devices with a corporate container running Android 14 or later.

Known issues affecting specific devices

• On certain devices (for example, HUAWEI, Meizu, and Xiaomi), you must grant Kaspersky Endpoint Security for Android the autostart permission or manually add it to the list of apps that are started when the operating system starts. If the app is not added to the list, Kaspersky Endpoint Security for Android stops performing all of its functions after the mobile device is restarted. In addition, if the device has been locked, you cannot use a command to unlock the device. You can unlock the device only by using a one-time unlock code.
• On certain devices (for example, Meizu and Asus) running Android 6 or later, after encrypting data and restarting the Android device, you must enter a numeric password to unlock the device. If the user uses a graphic password to unlock the device, you must convert the graphic password to a numeric password. For more details about converting a graphic password into a numeric password, please refer to the Technical Support website of the mobile device manufacturer. This issue is related to the operation of the Accessibility Features service.
• On some HUAWEI devices running Android 5.Х, after Kaspersky Endpoint Security for Android is set as an Accessibility feature, the device may incorrectly display a message about a lack of sufficient rights. To hide this message, enable the app as a protected app in the device settings.
• On some HUAWEI devices running Android 5.X or 6.X, when Battery Saver mode is enabled for Kaspersky Endpoint Security for Android, the user can manually terminate the app. The user device then becomes unprotected. This issue is due to some features of HUAWEI software. To restore device protection, run Kaspersky Endpoint Security for Android manually. It is recommended to disable Battery Saver mode for Kaspersky Endpoint Security for Android in the device settings.
• On HUAWEI devices with EMUI firmware running Android 7, the user can hide the notification regarding the protection status of Kaspersky Endpoint Security for Android. This issue is due to some features of HUAWEI software.
• On some Xiaomi devices, when setting the password length to more than 5 characters in a policy, the user will be prompted to change the screen unlock password instead of the PIN code. You cannot set a PIN code that has more than 5 characters. This issue is due to some features of Xiaomi software.
• On Xiaomi devices with MIUI firmware running Android 6, the Kaspersky Endpoint Security for Android icon may be hidden in the status bar. This issue is due to some features of Xiaomi software. It is recommended to allow the display of notification icons in the Notifications settings.
• On some Nexus devices running Android 6.0.1, the privileges required for proper operation cannot be granted through the Quick Start Wizard of Kaspersky Endpoint Security for Android. This issue is caused by a well-known defect in Security Patch for Android by Google. To ensure proper operation, the required privileges must be manually granted in the device settings.
• On certain Samsung devices running Android 7 or later, when the user attempts to configure unsupported methods for unlocking the device (for example, a graphical password), the device may be locked if the following conditions are met: Kaspersky Endpoint Security for Android removal protection is enabled and screen unlock password strength requirements are set. To unlock the device, you must send a special command to the device.
• On certain Samsung devices, it is impossible to block the use of fingerprints for unlocking the screen.
• Web Protection and Web Control cannot be enabled on some Samsung devices, if the device is connected to a 3G/4G network, has Battery Saver mode enabled and restricts background data. It is recommended to disable the function that restricts background processes in Battery Saver settings.
• On certain Samsung devices, if the unlock password does not comply with corporate security requirements, Kaspersky Endpoint Security for Android does not block the use of fingerprints for unlocking the screen.
• On some Honor and HUAWEI devices, you cannot restrict the use of Bluetooth. When Kaspersky Endpoint Security for Android attempts to restrict the use of Bluetooth, the operating system shows a notification with options to reject or allow this restriction. The user can reject this restriction and continue to use Bluetooth.
• On Blackview devices, the user can clear the memory for the Kaspersky Endpoint Security for Android app. As a result, device protection and management are disabled, all defined settings become ineffective, and the Kaspersky Endpoint Security for Android app is removed from the Accessibility features. This is because this vendor's devices provide elevated privileges to the customized Recent screens app. This app can override Kaspersky Endpoint Security for Android settings and cannot be replaced because it is part of the Android operating system.
• On some Google Pixel devices running Android 11 or earlier, the Kaspersky Endpoint Security for Android app crashes immediately after starting. This is caused by an issue in Android.
• On HUAWEI P60 Pro, a corporate container cannot be created.

Known issues affecting the app on Android 13

• On Android 13, the user can use the Foreground Services Task Manager to stop Kaspersky Endpoint Security from running in the background. This is caused by a well-known issue in Android 13.
• On Android 13, the permission to send notifications is requested when the initial app configuration begins. This is due to specifics of the Android 13 operating system.

Known issues affecting policy profiles

• If you switch to a license with basic functionality, settings that are available only with a license with extended functionality do not reset to defaults in policy profiles.

Known issues in role-based access control

• If the License key management right is not granted, when opening an existing policy, an error may occur. This does not affect the operation of the policy.
• If the License key management right is not granted, you can create a policy without choosing the license in the Mobile policy wizard. However, in this case, you cannot configure the policy settings.

Page top