Jump to content

thewild

Members
  • Content Count

    80
  • Joined

  • Last visited

Posts posted by thewild


  1. Hi,

    I have a vbs script that is detected by KES 10 as a malicious script (it is not, because I've coded it myself, it does exactly what is intended).

    How prevent it from being detected ? I don't want to exclude the folder because the script can be accessed in different ways (unc path, local folder, mapped drive...). I also don't think that using the file name is a good idea because I will write similar scripts with different names.

    Any idea ?

     

    BTW, the problem is probably that I am using Microsoft.XMLHTTP to download a file from an URL, but that's typically what my admin scripts do...


  2. Hi

    I have a windows scheduled task pushed by group policy.

    This task is set to run at user logon and to open an url in the default browser (task action: run program, program: explorer.exe, parameters: "http://myurl").

    The task runs fine, but for some reason Kaspersky warns me about "HEUR:Trojan.Multi.Runner.b" on this specific scheduled task.

    I've also had "Trojan.Multi.GenAutorunTask.b" that seems to be linked to this, but this one came from "system memory" so I could not track it down any further.

     

    Can you please tell me how to disable these false positives ?

     


  3. Hi

    I am trying to setup a scheduled taks on KSC 10.4.343 to update our KES installations.

    I have set up the task to wake the computers via Wake On Lan during the night, but I'd like the computers to shutdown afterwards.

    The problem is that the option to shutdown the computers after the task completes is grayed out in the task settings. Why is it so, and how can I fix this ?

     

    vWdMZjL.png

     

     

    Thanks !

     


  4. il y a 53 minutes, Nikolay Arinchev a dit :

    Local interface should state(right upper corner) that you are working under policy and local settings should be configured according to the policy.

    Thank you!

    I don't see any reference to running under policy on the local interface.

    If I remove the device from the "managed devices" group, the group tasks disappear. If I readd it to the group, the tasks reappear.


  5. il y a 7 minutes, Dmitry Eremeev a dit :

    Hello,

    please attach KL software report, screenshots of task settings and task result.

    Thank you.

     

     

    What software report ? I told you there was a 5GB trace file that I cannot post !! Please be more precise !

     

    Task report (I stopped the task in the middle because I had to work) : yF1ahta.png

     

     

    Group task settings :

    Vq3J71w.png

     

    yTImmdn.png

     

     


  6. hCoFHDz.png

    The three "manual" tasks were created automatically. I can't prevent them from being created, I can't remove them.

    The translations are "vulnerability scan", "integrity check" and "custom scan"

    There were three other "local" tasks that I managed to remove with a setup.ini file by setting :

    [Tasks]
    ScanMyComputer=0
    ScanCritical=0
    Updater=0

    Very very bad workaround, IMHO. Having to use a ini file to prevent task creation, what a mess...

    Anyway, I can't remove the remaining ones.

    Even unchecking "allow management of local tasks" does not hide them.


  7. OK, I ugraded ecerything. The result is, as expected, that a full scan takes ages, and that everything seems to be rescanned every time.

    Just as an exemple, there is a DLL for which I can see in the progress window that all objects are scanned on every scan (I see mydll.dll//somefunctionname.o in the progress window). This DLL never changes, of course.

    I have enabled traces, but after 10 minutes the trace file (SRV) was over 5GB in size so I stopped it.

    Of course, I can't send you such a file. Do you want an extract from it ? Say, the first 100 lines (head -n 100) ?

     


  8. il y a 56 minutes, Nikolay Arinchev a dit :

    Hi,

    Since it`s a new version of KSC the tasks should be created anew.

    All PC, which will be connected to new server will be places at "Unassined computers". You have to move them to corresponding groups manually or using relocation rules.

    Since you are using domain name to specify the server, you have to change PTR. However, more relible way is to specify KSC IP(if static).

    OK, seems to work on a test machine. I don't understand you point about PTR. PTR is pointing to the computer's FQDN, which is different from its alias.

     

    I got a problem though : I deployed the latest KES 10 (because I was instructed to do so to get support for my iSwift problem), but the deployment task created a bunch of local files that I cannot remove. This did not happen with my previous KSC/KES combination, and to me the deployment package configuration looks exactly the same.

    What is the solution to this ?

     


  9. Since I was asked to upgrade to fix my scan problem (i.e. all files scanned every time), I realized that my backup was corrupted.

    I'm taking this as an opportunity to move KSC to my new server (long awaiting task).

    I don't want to backup and restore, because I want to change the database to MySQL (previously MSSQL).

    I installed everything on the new server, installed application packages, installed the plugins, and imported my key file. Everything is OK sa far.

    I haven't found a way to export the tasks from my KSC 10.1.249. Apparently in the new KSC there is an "export task" option, but not in the old one. Have I missed something, or should I just recreate all the tasks ?

    Appart from that, and before running my "change administration server" task, should I add all the computers to my "managed computers" group on the new server ? Or will the "change administration server" task handle that ?

    Also, when asked fro the new administration server address in the "change administration server" task, I'd like to set this to a cname that I have setup for ksc (i.e. ksc.mydomain.com). For now it is pointing to the old server, and I would just have to change this record in my DNS to point to the new one. Is this the way to go ?

     

    Thanks

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.