I read a few threads on the forum here... http://forum.kaspersky.com/index.php?showt...amp;hl=Dameware
But I am not seeing a proper solution. We use Dameware 6.8.1.4 mini remote and NT utilities regularly to support our 500+ remote users. I need a way to make Dameware an exception so that we can continue to support our users, without crippling to a great extent the protection that Kaspersky offers.
Can someone please advise? Thanks.
Full Version: Kaserpseky 6 vs. Dameware Remote and NT Utilities
So...what are you trying to do? I use Dameware, and have never had an issue w/ it and Kaspersky.
QUOTE(Raymond Hartneck @ 28.08.2009 19:27) 
So...what are you trying to do? I use Dameware, and have never had an issue w/ it and Kaspersky.
Well, simply, Kaspersky is blocking our access to remote workstations entirely. We are just rolling out Kaspersky, we have been using Dameware with Symantec for several years now. I have read various threads here but so far we need to more or less disable K in order to get this to work. I did allow the two executables to be exceptions in the policy, but so far that does not seem to work.
Thanks
Move one client in a group without a policy.
Then go to this client and work with Dameware. The PopUp window comes up and you can add this application to the trusted zone.
Go into the local settings and look under trusted zone the entry for Dameware. There should be the right verdict.
This entry you can add into the group policy.
Then go to this client and work with Dameware. The PopUp window comes up and you can add this application to the trusted zone.
Go into the local settings and look under trusted zone the entry for Dameware. There should be the right verdict.
This entry you can add into the group policy.
QUOTE(Helmut @ 31.08.2009 08:40)
Move one client in a group without a policy.
Then go to this client and work with Dameware. The PopUp window comes up and you can add this application to the trusted zone.
Go into the local settings and look under trusted zone the entry for Dameware. There should be the right verdict.
This entry you can add into the group policy.
Then go to this client and work with Dameware. The PopUp window comes up and you can add this application to the trusted zone.
Go into the local settings and look under trusted zone the entry for Dameware. There should be the right verdict.
This entry you can add into the group policy.
Okay, so I made a new group, no policy. I took a remote machine which only had Symantec on it, installed the network agent, uninstalled Symantec using the uninstall script, then deployed the AV package. As soon as it was about 85% installed, my network connection to the remote station was terminated. I was able to access the workstation with Remote Desktop to force a reboot. The admin kit can no longer communicate with the workstation now, nor can Remote Desktop, Dameware or even NetMeeting which we used to use along with its Remote Desktop Sharing function... As my tech at that site is on vacation today, I am basically screwed for getting into the box until he returns. I will set up a box on my local LAN to see what more I can learn. I appreciate your suggestion, however your suggestion regarding no policy does not seem relevant.
Thanks
QUOTE(Heuristic @ 31.08.2009 09:19)
Okay, so I made a new group, no policy. I took a remote machine which only had Symantec on it, installed the network agent, uninstalled Symantec using the uninstall script, then deployed the AV package. As soon as it was about 85% installed, my network connection to the remote station was terminated. I was able to access the workstation with Remote Desktop to force a reboot. The admin kit can no longer communicate with the workstation now, nor can Remote Desktop, Dameware or even NetMeeting which we used to use along with its Remote Desktop Sharing function... As my tech at that site is on vacation today, I am basically screwed for getting into the box until he returns. I will set up a box on my local LAN to see what more I can learn. I appreciate your suggestion, however your suggestion regarding no policy does not seem relevant.
Thanks
Thanks
Okay, it seems like on my local network the steps suggested do work. however, at the remote site, it seems like the PC did not reboot, it shut down. I started a new topic for this, because we have seen this happening on a variety of PCs since rolling out Kasper.
QUOTE(Heuristic @ 31.08.2009 10:29)
Okay, it seems like on my local network the steps suggested do work. however, at the remote site, it seems like the PC did not reboot, it shut down. I started a new topic for this, because we have seen this happening on a variety of PCs since rolling out Kasper.
SoI found someone at my remote site to reset that PC which did not restart, it's back up and running however I cannot even ping it now. One of the things that came to mind, I had to call KL Support a while ago as my own laptop could not be seen after installing Kaspersky, they had me remove the kaspersky antivirus NDIS filter component from my NIC settings. We had one other user who had similar issues....
perplexed!
You need the NDIS filter only on XP 64bit or Vista.
QUOTE(Helmut @ 1.09.2009 02:31)
You need the NDIS filter only on XP 64bit or Vista.
Thanks Helmut, question then that comes to mind is how to we exclude that from the packages? I just checked the package properties, there is no specific switch there to exclude this.... any suggestions please?
I will give you the answer tomorrow.
QUOTE(Helmut @ 1.09.2009 14:13)
I will give you the answer tomorrow.
Thanks, I did read the article on the NDIS feature, however it appears that there is no way to prevent its installation on XP Pro 32bit which we are using!
Follow these steps to create an installation package without NDIS-filter.
Please unzip the "kav6.0.3.837_winwksen.exe" on the computer / server on which the AdminKit running. Use as the target directory to the best C:\ kav\WinWks837.
In the unzipped "wks837install.zip" you will find two dummy files, each with 0 KB. Replace the MSI file with the "original" and the key file from your workstation-Key.
In the file 'setup.ini' You can specify which components and tasks are to be installed and how the computer should behave during and after installation. Clear to '0 '/' no 'to a component, with '1' / 'yes' to enable it.
[Setup]
Reboot = no
Selfprotection = no
MSExclusions = yes
AddPath = no
[Components]
FileMonitor = 1
Mail Monitor = 1
WebMonitor = 1
ProactiveDefence = 1
AntiSpy = 1
Antihacker = 0
AntiSpam = 0
[Tasks]
ScanMyComputer = 0
Updater = 1
The file 'install_local.bat' calls the MSI file with the parameter 'NOKLIM5 = 1 / qn' on. This ensures that the NDIS filter is not installed (NOKLIM5 = 1) and that the install completely silent (expires / qn).
As a next step, create an installation package in the Administration Kit. To do this, select the option "Create installation package for specified executable file as an executable file and select the 'install_local.bat' from. They still set the hook on "to copy the entire folder into the package.
As a final step to create a task for product installation that you just created to distribute the package then the clients.
Please unzip the "kav6.0.3.837_winwksen.exe" on the computer / server on which the AdminKit running. Use as the target directory to the best C:\ kav\WinWks837.
In the unzipped "wks837install.zip" you will find two dummy files, each with 0 KB. Replace the MSI file with the "original" and the key file from your workstation-Key.
In the file 'setup.ini' You can specify which components and tasks are to be installed and how the computer should behave during and after installation. Clear to '0 '/' no 'to a component, with '1' / 'yes' to enable it.
[Setup]
Reboot = no
Selfprotection = no
MSExclusions = yes
AddPath = no
[Components]
FileMonitor = 1
Mail Monitor = 1
WebMonitor = 1
ProactiveDefence = 1
AntiSpy = 1
Antihacker = 0
AntiSpam = 0
[Tasks]
ScanMyComputer = 0
Updater = 1
The file 'install_local.bat' calls the MSI file with the parameter 'NOKLIM5 = 1 / qn' on. This ensures that the NDIS filter is not installed (NOKLIM5 = 1) and that the install completely silent (expires / qn).
As a next step, create an installation package in the Administration Kit. To do this, select the option "Create installation package for specified executable file as an executable file and select the 'install_local.bat' from. They still set the hook on "to copy the entire folder into the package.
As a final step to create a task for product installation that you just created to distribute the package then the clients.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.