Hello fellow Kasperskers!
As the topic title reads, connection problems with kavmp4 + cisco vpn client.
We've contacted support and they first had us exclude the path to the cisco exe folder c:\program files\cisco\..... - no luck
Then they told us to install KAV first and THEN install the client - no go
They said that if that didnt work then to uninstall the NDIS drivers from the network card properties - nope.
So now we're stuck with a mobile user who cant connect to vpn because of KAV. thank goodness we're deploying this very slowly and have not deployed it to the owner of the company.
Any thoughts?
Thanks
Full Version: AdminKit8 + KAVmp4 + CiscoVPN client
QUOTE(Cesar R @ 5.11.2009 09:38) 
We've contacted support and they first had us exclude the path to the cisco exe folder c:\program files\cisco\..... - no luck
Thats wierd, we have a dozen clients with Cisco VPN client and went from McAfee to KAV-MP4 and it just rolled straight over the top no problem. Everyone seems to be able to connect without a hitch.
I didnt need any special rules or anything. We're using VPN Client v5
The only bit I havent got working is running VPN client over a 3G data card in Lenovo T400's, works fine with tethering though so thats not a show stopper (for us). But thats got nothing to do with KAV.
Exie, thanks for the reply...
After 3 calls to support, we had one tech tell us that we needed to disable HTTP SSL from scanning.
Workstation Policy -> Settings -> Select "Network" from drop down & click on [Port Settings] -> and uncheck "HTTP SSL (https://) 443)"
We did that and we are now able to install and connect to our VPN.
We are using both ver 5 and also the anyconnect client.
After 3 calls to support, we had one tech tell us that we needed to disable HTTP SSL from scanning.
Workstation Policy -> Settings -> Select "Network" from drop down & click on [Port Settings] -> and uncheck "HTTP SSL (https://) 443)"
We did that and we are now able to install and connect to our VPN.
We are using both ver 5 and also the anyconnect client.
Are there any KAV + CiscoVPN users out there experiencing an issue where the AnyConnect client (HostScan.exe) will continually write .tmp files to C:\Documents and Settings\%USERNAME%\Local Settings\Temp ?
It happens as a side effect of the AV posture checking. Basically, HostScan.exe sends a command to avp.com to have it output the status of the file monitoring component in the form of a tmp file. The problem is that it continues to do this every 15 to 20 seconds and does not clean up the .tmp files when the connection has ended. Eventually, the folder will fill up and cause timeouts/errors when attempting to connect. The .tmp files have to be deleted before the VPN client will work again. I've seen the number of files reach upwards of 65,000.
Just curious because this is happening at my company. We switched from Trend Micro to Kaspersky. I believe the problem is on Cisco's end (actually, I've proved it with a Process Monitor log showing the command initiated by HostScan.exe) but so far they've seemed pretty clueless on a course of action. For now I've just written a script that runs on startup to automatically delete the .tmp files.
It happens as a side effect of the AV posture checking. Basically, HostScan.exe sends a command to avp.com to have it output the status of the file monitoring component in the form of a tmp file. The problem is that it continues to do this every 15 to 20 seconds and does not clean up the .tmp files when the connection has ended. Eventually, the folder will fill up and cause timeouts/errors when attempting to connect. The .tmp files have to be deleted before the VPN client will work again. I've seen the number of files reach upwards of 65,000.
Just curious because this is happening at my company. We switched from Trend Micro to Kaspersky. I believe the problem is on Cisco's end (actually, I've proved it with a Process Monitor log showing the command initiated by HostScan.exe) but so far they've seemed pretty clueless on a course of action. For now I've just written a script that runs on startup to automatically delete the .tmp files.
QUOTE(Cesar R @ 5.11.2009 10:41)
Exie, thanks for the reply...
After 3 calls to support, we had one tech tell us that we needed to disable HTTP SSL from scanning.
Workstation Policy -> Settings -> Select "Network" from drop down & click on [Port Settings] -> and uncheck "HTTP SSL (https://) 443)"
We did that and we are now able to install and connect to our VPN.
We are using both ver 5 and also the anyconnect client.
After 3 calls to support, we had one tech tell us that we needed to disable HTTP SSL from scanning.
Workstation Policy -> Settings -> Select "Network" from drop down & click on [Port Settings] -> and uncheck "HTTP SSL (https://) 443)"
We did that and we are now able to install and connect to our VPN.
We are using both ver 5 and also the anyconnect client.
Had I been online yesterday I could have saved you the 3 calls to support. We recently started testing the Cisco AnyConnect client and I had to go in and disable that port from being monitored.
However, you'll still want to add the client to the trusted zone because you don't want the real-time protection to try to monitor the encrypted traffic. Also, it's recommened to install the VPN Client AFTER Kaspersky is installed for better compatibility and performance.
@throwman, thanks for the tip, I will monitor that folder for this particular user.
@rob r, that's why you should ALWAYS be online! When you say to add the client do you mean the vpn exe? vpngui.exe? And yes, they did mention about installing AFTER kaspersky because kas have some NDIS drivers that wrap around the vpn nic drivers that will/might cause problems.
support seems to be aware of 3 main issues right now which they said would be addressed with a patch, the vpn issue, the ie8+java helper file add-on and a dcom error that continually shows up in the eventvwr.
@rob r, that's why you should ALWAYS be online!
When you say to add the client do you mean the vpn exe? vpngui.exe? And yes, they did mention about installing AFTER kaspersky because kas have some NDIS drivers that wrap around the vpn nic drivers that will/might cause problems. support seems to be aware of 3 main issues right now which they said would be addressed with a patch, the vpn issue, the ie8+java helper file add-on and a dcom error that continually shows up in the eventvwr.
With a mixed environment of Cisco VPN Client and AnyConnect it might be easier to just add an exclusion to the Cisco directory and include subfolders.
QUOTE(Rob_R @ 5.11.2009 17:34)
With a mixed environment of Cisco VPN Client and AnyConnect it might be easier to just add an exclusion to the Cisco directory and include subfolders.
that was the first thing that support had us do, no go.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.