Jump to content

Ghost

Members
  • Content Count

    16
  • Joined

  • Last visited

Everything posted by Ghost

  1. No; not if it's anything like Faronic's Deep Freeze product. I've read up on yours and you can schedule times when the machines are in a normal state instead of a protected state. With Deep Freeze (and I'm assuming yours works similarly) we schedule "thaw times" for maintenance that includes AV definition Updates and Windows Updates. The machines turn themselves on a 1 am and stay on until 5 am to perform update tasks. During this time, they get all the latest AV definition and engine updates, plus all Windows updates from internal WSUS update servers. The machines shut down at 5 am when they are finished and then they are back in a frozen state where no changes will be saved anymore. But when they are booted up at 7 am, they have all the latest Windows Updates and AV defs, etc. The changes are permanently applied during the "thaw" times that we set for maintenance. This means that they are only doing daily updates so they'll never have to download huge definition files because they are truly saved every morning. The mouse and keyboard are also locked during all maintenance schedules so that no one can do anything during the hours of 1-5 am. If there is something that required a restart, normally it's never a big deal (in our situations) because Windows Updates normally require a restart anyway so the machine goes through a restart and during the maintenance times the machines retain their system changes so they don't get wiped out with the restart. You could also use a free app like poweroff.exe and run it either through the local PC's or from the network with elevated privileges on a schedule to force a restart at whatever time you would like after the updates take place so that a restart goes into effect every morning, regardless of whether the machines need it or not. That ensures that the machines get restarted during the maintenance mode times that you have setup on your app and the updates for Kaspersky are applied and updated after the restart.
  2. Let me edit my post because I read yours too fast. If you want to throw on Kaspersky and you already have a disk protection system, just make sure you set a thaw or unprotect schedule to happen when people aren't using the machines, like say, 1 am. Then the machines can boot up and grab the updates from the KAV server and then protect themselves after the updates. Then you are up to date with virus defs on a daily basis, for example.
  3. He is - it was told in the first line of his first post...
  4. I always have that problem on my laptop (Dell Inspiron 6000) Normally I can initially install KAV or KIS 6.x.x versions with no problems, but as soon as I update to a newer version it kills my network stack. Makes no difference if I blow away everything before installing or do an upgrade. The NIC still shows in device manager Doing an IPCONFIG shows that there's no LAN connection, even though all the hardware looks fine. The only way I've been backrev'ing this is by using ERUNT on the machine to back up the registry right before attempting an upgrade. Sometimes using winsockxp will also remedy this issue. After making any of the changes using either of those programs I have to try and install the original version I started with and it'll normally work fine again. Hopefully you get somewhere with your support team because I got nowhere with mine. Kaspersky has a great detection rate and everything, but it is the only AV scanner I am afraid to install because of issues like this. Especially on machines that you have tread carefully on. Backing up every machine when having to do an upgrade is not an option for me. The upgrade process normally screws up my notebook to the point where I'll have to revert to an earlier image before I made any of the changes because of the instability I incur after doing the KAV updates
  5. Have you tried using the latest version of KAV for your Novell server(s)? (5.6.1)
  6. My first observation was the fact that settings were changed. Notice how there was not SMTP support added. Now, I can only gather so much from the plain text file, but... What did the client do in the past few days that could have caused this behavior? Did the customer in fact add SMTP support (should be yes) Are they able to ping your servers? That's plenty of failures...makes me think they've got an internal problem If they are a campus, they are using Internal DNS...in the event of failover on THAT server, they could use a tertiary DNS server in order to allow them to do external lookups IF Internal lookups fail. This will be dependant on how their DNS is setup, but it's an idea nonetheless... I'll also add that the date format has thrown me off as well. A user-defined setting might be a nice feature in the future...or adding something more distinguishable like: 2005-11-03 YYYY-MM-DD At least they'd know the year from the YYYY (full) format. Plus, it should really only increment (last 2 [DD]) on a daily basis, making only a subtle change in the display.
  7. Yeah, I won't disagree with you. It's not that people haven't tried to contribute to the thread with good ideas - they have; and I appreciate that. It's just that KAV isn't responding the way I think it should. I've gone through manual procedures and even taking the recommended ones and just loading up the HIGH settings with POP3 and SMTP boxes checked. I don't understand what's so hard about this - I really don't. And for the people whom it's working great for, that's fine, but it sure isn't working reliably for me. I can install NOD32, Symantec Corporate (ick!), McAfee, etc. and all of them scan my mail just fine. KAV is the only one that isn't. At least take that into the equation. Every AV scanner that I try works from a POP3 and SMTP standpoint, but KAV doesn't work as seamless as I think it should. Nor is it detecting viruses the way it should through Thunderbird. I've had viruses sent to me constantly lately but KAV won't detect them unless I manually save them to disk and then scan them. Makes no sense. Now that you understand that other AV's work so seamlessly, it really wouldn't appear that it's something that I'm "obviously" missing, especially taking into consideration that I've contacted my KAV rep and he couldn't understand either. The equation involved to get KAV to scan ZIP files through email isn't difficult. Have them post it here. I've done it already - it doesn't work for me. So...whats next?
  8. I'm currently using NOD32 and it grabs viruses coming in like crazy on my laptop. It really is light on its resources as well. My laptop operates faster than it ever has with KAV. NOD32 may not scan outgoing email, but when I try to add an infected file, NOD32 immediately stops me from attaching it or accessing it. KAV does not do this. With NOD32, I can single-click a ZIP file (for instance) and NOD32 will alert me if it's infected. With KAV, I can physically open a ZIP and KAV still won't tell me it's a virus. If I try to open the virus in the ZIP, KAV will finally tell me that it's infected. Yeah...I understand what he wrote, however I am still able to send email viruses out. I can set my KAV protection to HIGH and make a new email message through Thunderbird and then attach the My.Tob virus in a ZIP file and send it out with no problems whatsoever. So how is my computer still "Fully Protected"??? Threats are still being propagated through SMTP, so I don't agree with the above statement.
  9. I get "X-Kaspersky: Checked" in 95% of my emails, but not all of them. Plus I don't see that line in any of the emails that are infected. KAV will also not detect the virus when the ZIP file is accessed. I have to save it somewhere and then manually scan from the context menu in order to have KAV tell me it's infected. NOD32 on the other hand, won't even let me attach it. KAV let's me attach it and send it without warning. When I send a message that's infected and KAV is active, I will also not get "X-Kaspersky: Checked" in the resulting received email. And yes, they are real "viruses", like Nachia, My.Tob, Nimda, etc. I can install and use NOD32 on my system and it will catch every single virus going out of my system and coming into my system, whether it's from Outlook or Thunderbird. If I uninstall it and go back, KAV fails me. Only thing I can think of is that there's some type of conflict because most of my time is spent with my VPN adapter. Then again even when my VPN adapter isn't being used I still have issues with KAV not detecting viruses through POP3 and SMTP.
  10. Yes I am sure. I administer enterprise networks for a living, so many of the mail servers I connect to are ones that I have built for clients. I do not use SSL-based connections for client configurations, period. None of my clients have been interested in that kind of security so I don't implement it in an active state. I can install Windows XP with SP1a, apply all updates, install KAV workstation 5.0.200 and set the security to HIGH, (plus) making sure the SMTP and POP3 boxes are checked for incoming and outgoing, as well as the Outlook ones. I setup a single email account and have it connect to 110 for POP3 and start downloading my email. I'll see viruses come through my attachments because I'll put them there to test it on the target mail server. I open up the ZIP file and see it (the virus) sitting there. I execute the file in the ZIP and KAV detects it. It simply doesn't catch it on the way in to disinfect it. KAV lets it sit in my mailbox which I hate. This happens with Outlook, OE and Thunderbird from my testing so far.
  11. It's not about reinstalling the software. It's about fixing the flaw in the software. I have installed KAV on various machines with the same result. I can use Outlook, Outlook Express and Thunderbird and every single one of them receive viruses and do NOT catch them on the way in. Most of the time, but not all the time, KAV will successfully scan outbound and stop viruses from leaving my mailbox, but won't scan them on the way in and catch them. It should also be changed. Catching the viruses via the SMTP scanner is less than informative. When you send it and it contains a virus, you (the sender) are not notified that you have just sent out an infected attachment. The creators really need to look into this. I'm not the only one with this problem and I can reproduce it on various machines. This needs to be improved because the POP3 and SMTP capabilities for KAV are simply unacceptable.
  12. I don't use software firewalls.
  13. Nope. I use 25 for SMTP and 110 for POP3.
  14. I have gone through my settings for POP3 and SMTP on my KAV installation of 5.0.200 (Workstation) and even made all my settings "High" to try and stop viruses. Unfortunately, anyone can send me viruses via email and Thunderbird downloads then with no problems at all. Same thing if I attach a ZIP-infected virus and send it out to someone. KAV will let it go just fine, even though I have it set to scan all objects and scan POP3 and SMTP. Any thoughts on why this occurs? I'd obviously like to stop it from happening so I don't accidentally propagate virses to people I send emails to.
  15. There's plenty of ways, depending on how you've got KAV deployed in your environment. Did you deploy everything via the KAV Administration Module? If so, you can edit your policy for your workstation group and hit the lock buttons to stop users from changing settings inside of KAV. This will prevent users from disabling real-time protection and unloading the software from the system tray. While editing the policy for instance, you can hit the "Additional" tab and remove the check box that says "Show Application Interface" and then hit the lock next to it so it closes the bolt. This will stop the K from even showing in the system tray so users will not be able to unload the protection via the system tray, yet KAV will still load at boot and protect the system. Let us know if you need further assistance on this.
  16. Not like this "should" make a difference, but what OS are you running on the actual computer with your Dual Xeons? I ask because if you are running on a server platform, it is highly recommended by various companies to disable HT. I'd be curious to see what happens if you had HT disabled while doing the KAV install and if it operates smoother for you by keeping it disabled. It's a quick test that might give you some good results. Dual Xeons with HT enabled causes problems with some apps thinking there are 4 processors instead of 2 in many server environments. Obviously HT wants to enable the speed of the 2 virtual processors, but some apps get confused and ultimately function horribly after thinking there are 4 processors instead of 2. It's useful information to keep in the back of your head, if nothing else...
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.