Jump to content

TheTeek

Members
  • Content Count

    81
  • Joined

  • Last visited

About TheTeek

  • Rank
    Candidate

Recent Profile Visitors

194 profile views
  1. Onze marketing krijgt geregeld gericht gestuurde mail (over het algemeen Engels geformuleerd) als reactie op openstaande vacatures met daaraan gekoppeld een (word) attachment. Over het algemeen reageert ons spam filter, maar er komt natuurlijk ook wel eens iets doorheen, zoals ook laatst. Een Word document, Kaspersky KES 10 (10.2.2.10535) reageerde bij het openen van de attachment met de melding dat er een virus is gedetecteerd: PDM:Trojan.Win32.Generic c:\​users\​UsersProfileName\​appdata\​local\​temp\​lf.exe Bij het afsluiten van het systeem kwam de melding Waiting for Elara (This program is preventing Windows from restarting) (zie bijlage) Elara: ApntEx.exe - bad image "C:\Windows\System32\CRYPTBASE.dll is either not designed to run on Windows or it contains an error." Het lijkt erop dat het word document een virus heeft gedownload dat mogelijk heeft getracht het systeem te infecteren en zo het systeem te encrypten (cryptolocker). Een specifieke payload is geblokkeerd door Kaspersky, maar het echte downloaden en gedeeltelijk uitvoeren van de payload lijkt wel gelukt. Ik heb een kopie van het specifieke bestand, deze heb ik via virustotal laten scannen en daar kwamen een hoop meldingen uit, Kaspersky zag er geen kwaad in: Virustotal scan van resume.doc Hoe kan ik Kaspersky hiervan op de hoogte stellen, waar kan ik het bestand naar uploaden zodat Kaspersky dit wel kan opnemen in hun signature?
  2. I am having a discussion with some developers in our environment, they think Kaspersky is using way to much resources on their systems. In my opinion, it is normal behavior. The resources used are the same with my laptop. For instance avp.exe generates a lot of I/O Read, which I think is normal behavior. The CPU utilization stays low and also Disk I/O is low. I have Windows 7 on a Core i7 laptop with 8GB ram and an SSD. in my case the I/O read Bytes is for AVP.exe under system account (show processes from all users) is 1.4GB in 5 hours usage of the laptop. CPU time is 4 minutes. Our developer has the same numbers but he thinks that isn't normal. Both systems have the same windows and Kaspersky version and signatures and both have the same policy, these reads are almost the same, depending on the usage of the system. There is also an avp.exe process whcih runs on the user account, this one is'nt very busy. These readouts are shown from the task manager, add the collums in the view menu for CPU time and IO read Bytes. Are you having simular read outs?! (KES 8.1.0.831 Patch A,B,C,D)
  3. We had the same problem with a machine with no PS/2 port, the only way to solve this was to start from an USB stick with windows, start the recovery and returned to a system restore point. This was all done on windows 7 machines.
  4. I've unlocked the possibility for a user in a seperate group to have the ability to change and add trusted applications and exclusion rules to the policy of KES 8. When I add a trusted application on the client side I get only two options: Do not scan opened files Allow interaction with application interface While in the security center i have a lot more options, do i need to open other settings in the security center?
  5. No I did not, but I will tomorrow. These incidents cost us a lot of trouble and to be honest, the most problems we managed to solve our own, I know you should know of this, and that we needed to create an incident call. But in an hasty environment, where time is short I did not create the ticket. Thanks for your reaction, It gives me trust. someone does seem to care about issues.
  6. We had systems with problems with KES 8, it costed a lot of human intervention on these systems, gladly we didn't run this version on all our productions workstations. It costed us several hours and still we aren't over the problems, a huge amount of these systems were on patch D, the behaviour we've seen is not allways the same, sometimes a system is totally unresponsive with lots of KAV.exe processing. But allmost allways the klagent.exe crashes and an kldumper.exe process kicks in. After manuall removal of both products KES 8 and the Agent and removal of all trash left behind (C:\ProgramData\Kaspersky Lab\) We have used KAVremover, but this was dramatic, it ruined the system even more, no network connections and USB connection, after a system recovery these systems could be managed again. Then a reboot, system is stable, installed the kaspersky kes 8 with the agent in one setup.exe created from the repository in security center after the repository was updated. The result is that KES 8 is already patched with Patch D, but still the signatures are out of date, manually update these. After it was updated the system is stable again. But this cost a lot of time, specially when these systems are really busy with kav.exe.
  7. thanks for the reply! No but that was the intention, the problem is that Kaspersky ruined the machine before i was able to install the patches which solve these problems. These systems are not manageable from the security center because they are constantly crashing the agent. After a successfull removal, when an uninstall of the product works, the new kes 8 client was allready preinstalled with all patches, which was done in the security center repository.
  8. Thank you for the overview, very helpful and especially handy when you need to see if the product is compatible with the OS... But one thing i miss in both overviews is the MAIN reason to go for WSEE v8, no need for reboots on application updates, offcourse only when the OS is supported. I Think Kaspersky needs to have a look into their portfolio of server products. WSEE is really the only version which I will install in my production environment, just because of this. We had so much trouble in the past years with instable kaspersky products, that when these probs accure, we needed to remove the product, reboot the server, reinstall, reboot, install module updates, reboot, hoping the problem will not get back, or else the whole procedure needs to be done again.
  9. We are still having some troubles with KES 8 removal because of problems related to an earlier patch or signature release which Kaspersky released. Some machines are unresponsive and removal of KES is really difficult, in some cases it is impossible to remove Kaspersky with add/remove programs. Then the only way to remove Kaspersky is with the KAVremove tool, provided by Kaspersky. But this has resulted in some mayor problems on systems, systems lost network connections and USB after successfull removal of Kaspersky KES 8 with this tool. The only way to solve this was to go back to an earlier system state in Windows (7). These problems really aren't helping to keep our employees happy with Kaspersky, they just need their work done, and we need to keep them up to date. But it is really annoying, this isn't the first time Kaspersky released a wrong update. We have spend hours of troubleshooting allready...
  10. For us the best server product still is "Kaspersky for Servers Enterprise Edition 8", because this is the only version which doesn't need a reboot after install, reinstall, removal end Module updates!!! This is in my opinion the only rightfull version. Kes Doesn't have this and KES 8 for instance had 3 module updates within a couple of days, which needed three reboots. Also it is unstable as .....
  11. Maybe you are expreriencing the same issues as I have with systems at our network. Look in the eventviewer and see if the agend is crashing. Also a kldumper.exe will be present in the process explorer. Today Kaspersky has released a fix, Patch B for this issue, which they told me. There is also a Prefix Patch_PF35, but only when you request the patch they will release it, this patch fixed my issues.
  12. Dutch Kaspersky Support told me that a Private Prefix is availlable under Patch_PF35 for use with KES 8.1.0.831. But also today Patch B was released, which should fix this issue, allthough that wasn't mentioned in the release description.
  13. We are also experiencing this issue for some time now, reinstall kaspersky and its agent solves the problem temporary. Is there any news on Kaspersky they's fixed this?! Agent version used: 9.2.69 Kaspersky product used: KES 8.1.0.831 Users are complaining about slow performance on there systems, this Agent crash results in the machine having 100% CPU load on process avp.exe Events in are logged: Event id: 7031 Description: The Kaspersky Lab Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. And Event ID: 1 Kaspersky Event Log, Description: Unhandled exception 0xC06D007E (?) occured at address 0x753AC41F on thread 0x00000AD0 in process 6316 The Thread and Process ID are varied over the events, lots of them are created in seconds!!
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.