PROBLEM:
When there is a .NET error page thrown it can expose relative or absolute paths on the Kaseya server. This is a security concern so a good security practice is to hide those paths to remote viewers as there is no need for them to see it.
CAUSE:
By default, a .NET custom error page isn't setup so IIS will throw back the type of page below which exposes information that could be a security risk.
SOLUTION:
In IIS, you can create a .NET custom error page to avoid these paths/system pages from displaying to your remote users.
Step 1) On the VSA, go to the site root folder (i.e.: C:\Kaseya\WebPages\)
Step 2) Create a new folder in the site root (i.e.: C:\Kaseya\WebPages\customerror)
Step 3) Create a custom error page and save it in the new folder. This custom error page could be HTML or ASP page.
Step 4) Open up IIS – Internet Information Services (IIS) Manager and Navigate to the Default Web Site and open up the .NET Error Pages page
Step 5) On the right side, click on the Edit Feature Settings link and make sure that the option for Mode is On. Then, enter the Absolute URL to the .NET custom error page
No need to restart Kaseya Services or IIS.
This was tested with IIS 7.5 and up and works for VSA versions R8 and up. For older versions of IIS and the VSA these steps may work as well but were NOT tested. This also applies to on-premise customers only.