PROBLEM:
When there is an error page thrown in IIS (like 404 for example) it can expose relative or absolute paths on the Kaseya server. This is a security concern so a good security practice is to hide those paths to remote viewers as there is no need for them to see it.
CAUSE:
By default, a custom error page isn't setup so IIS will throw back the type of page below which exposes information that could be a security risk.
SOLUTION:
In IIS, you can create a custom error page to avoid these paths from displaying to your remote users.
Step 1) On the VSA, go to the site root folder (i.e.: C:\Kaseya\WebPages\)
Step 2) Create a new folder in the site root (i.e.: C:\Kaseya\WebPages\customerror)
Step 3) Create a custom error page and save it in the new folder. This custom error page could be HTML or ASP page.
Step 4) Open up IIS – Internet Information Services (IIS) Manager and Navigate to the Default Web Site and open up the Error Pages page
Step 5) Double click on the 404 status code, choose the Execute a URL to this site option and enter in the path and click "OK"
Step 6) On the right side, click on the Edit Feature Settings link and make sure that “Custom error pages” is selected.
No need to restart Kaseya Services or IIS.
This was tested with IIS 7.5 and up and works for VSA versions R8 and up. For older versions of IIS and the VSA these steps may work as well but were NOT tested. This also applies to on-premise customers only.