Jump to content

thewild

Members
  • Content Count

    80
  • Joined

  • Last visited

Everything posted by thewild

  1. No, using MSXML2.XMLHTTP.6.0 instead of Microsoft.XMLHTTP fixes the issue. Not sure weather this makes any sense though. The latter library is deprecated, but both have the same functionnalities.
  2. It seems that using MSXML2.XMLHTTP.6.0 instead of Microsoft.XMLHTTP (which is deprecated anyway) works. Using MSXML2.XMLHTTP (generic call which falls back to MSXML2.XMLHTTP.3.0) does not work though.
  3. Hi, I have a vbs script that is detected by KES 10 as a malicious script (it is not, because I've coded it myself, it does exactly what is intended). How prevent it from being detected ? I don't want to exclude the folder because the script can be accessed in different ways (unc path, local folder, mapped drive...). I also don't think that using the file name is a good idea because I will write similar scripts with different names. Any idea ? BTW, the problem is probably that I am using Microsoft.XMLHTTP to download a file from an URL, but that's typically what my admin scripts do...
  4. Done, INC000008767269. I forgot to add the event log. Just tell me if you need them, I already submitted.
  5. Software alerting : Kaspersky File Antivirus Version : KES 10.3.0.6294 mr1 OS : Windows 10 Enterprise / Windows 7 Pro Scheduled task deployed with Windows 7 compatibility level.
  6. Hi I have a windows scheduled task pushed by group policy. This task is set to run at user logon and to open an url in the default browser (task action: run program, program: explorer.exe, parameters: "http://myurl"). The task runs fine, but for some reason Kaspersky warns me about "HEUR:Trojan.Multi.Runner.b" on this specific scheduled task. I've also had "Trojan.Multi.GenAutorunTask.b" that seems to be linked to this, but this one came from "system memory" so I could not track it down any further. Can you please tell me how to disable these false positives ?
  7. Hi I am trying to setup a scheduled taks on KSC 10.4.343 to update our KES installations. I have set up the task to wake the computers via Wake On Lan during the night, but I'd like the computers to shutdown afterwards. The problem is that the option to shutdown the computers after the task completes is grayed out in the task settings. Why is it so, and how can I fix this ? Thanks !
  8. Sure, I think I have all I need now for my migration. Thanks.
  9. Yes, you were right Nikolay. I had not converted the policy from MR1 to SP2, and thought it was working because I saw the tasks. It's OK now, thanks. The local tasks are now well hidden.
  10. I don't see any reference to running under policy on the local interface. If I remove the device from the "managed devices" group, the group tasks disappear. If I readd it to the group, the tasks reappear.
  11. How can I do that ? I can confirm some settings are applied at least : the File Antivirus is configured as per my policy settings, and my group tasks are correctly configured on my workstation.
  12. If this is what you are referring to, I already unchecked "allow management of local tasks" in my policy, but they are still visible and still running.
  13. No, but the previous ones did (scan my computer, etc.). The settings.ini trick is a terrible solution. I think these tasks should be removable by policy, don't you ?
  14. What software report ? I told you there was a 5GB trace file that I cannot post !! Please be more precise ! Task report (I stopped the task in the middle because I had to work) : Group task settings :
  15. The three "manual" tasks were created automatically. I can't prevent them from being created, I can't remove them. The translations are "vulnerability scan", "integrity check" and "custom scan" There were three other "local" tasks that I managed to remove with a setup.ini file by setting : [Tasks] ScanMyComputer=0 ScanCritical=0 Updater=0 Very very bad workaround, IMHO. Having to use a ini file to prevent task creation, what a mess... Anyway, I can't remove the remaining ones. Even unchecking "allow management of local tasks" does not hide them.
  16. Some more data : First run (after desinstallation of previous version, installation of new version, and KSC server switching) : 1h20. Following run : 1h22. Absolutely NO gain.
  17. ... and I forgot something : it scans objects that are in my exclusion zone !
  18. OK, I ugraded ecerything. The result is, as expected, that a full scan takes ages, and that everything seems to be rescanned every time. Just as an exemple, there is a DLL for which I can see in the progress window that all objects are scanned on every scan (I see mydll.dll//somefunctionname.o in the progress window). This DLL never changes, of course. I have enabled traces, but after 10 minutes the trace file (SRV) was over 5GB in size so I stopped it. Of course, I can't send you such a file. Do you want an extract from it ? Say, the first 100 lines (head -n 100) ?
  19. Sorry, I meant it created local tasks. This did not happen before, only the tasks specified in the administration server where created on the workstations.
  20. You can simply right click on the policy and select "export". In KSC 10.1.249, the option is right there.
  21. OK, seems to work on a test machine. I don't understand you point about PTR. PTR is pointing to the computer's FQDN, which is different from its alias. I got a problem though : I deployed the latest KES 10 (because I was instructed to do so to get support for my iSwift problem), but the deployment task created a bunch of local files that I cannot remove. This did not happen with my previous KSC/KES combination, and to me the deployment package configuration looks exactly the same. What is the solution to this ?
  22. Since I was asked to upgrade to fix my scan problem (i.e. all files scanned every time), I realized that my backup was corrupted. I'm taking this as an opportunity to move KSC to my new server (long awaiting task). I don't want to backup and restore, because I want to change the database to MySQL (previously MSSQL). I installed everything on the new server, installed application packages, installed the plugins, and imported my key file. Everything is OK sa far. I haven't found a way to export the tasks from my KSC 10.1.249. Apparently in the new KSC there is an "export task" option, but not in the old one. Have I missed something, or should I just recreate all the tasks ? Appart from that, and before running my "change administration server" task, should I add all the computers to my "managed computers" group on the new server ? Or will the "change administration server" task handle that ? Also, when asked fro the new administration server address in the "change administration server" task, I'd like to set this to a cname that I have setup for ksc (i.e. ksc.mydomain.com). For now it is pointing to the old server, and I would just have to change this record in my DNS to point to the new one. Is this the way to go ? Thanks
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.