Jump to content

SLoweCSL

Members
  • Content Count

    52
  • Joined

  • Last visited

About SLoweCSL

  • Rank
    Candidate
  1. I was reading an article about rootkits and saw that the German research group "AV-TEST" recently gave good marks to Kaspersky Internet Security 7 with it coming in second only to BitDefender Internet Security 2008 (congrats) as a suite, in their ability to stop the install, detect and finally remove rootkits. While this is great news for home users of version 7, where does that leave business users protecting their servers and workstations. We are using 6.0.3.837 across our network. What kind of rootkit protection is in this version of the software? It seems they conducted their tests on Wndows XP SP2, what about your software on Vista SP1or XP running SP3? PDF version here... http://www.av-test.org/down/papers/2008-04_vb_rootkits.pdf Thanks Product Version Detection of Detection of Detection of Removal of Removal of Removal of inactive samples actively running malware hidden inactive samples actively running malware hidden rootkits by rootkits rootkits by rootkits Reference (max) -> 30 30 30 27 30 30 INTERNET SECURITY SUITES Avira AntiVir Premium Security Suite 7.06.00.168 28 29 30 25 7 7 BitDefender Internet Security 2008 11.0.13 30 28 29 27 23 27 Bullguard Internet Security Suite 7.0.0.27 30 7 10 27 4 0 G DATA InternetSecurity 2008 18.0.7227.533 30 9 4 27 7 0 Kaspersky Internet Security 7.0 7.0.0.119 28 24 28 25 22 25 Kaspersky Personal Security Suite V 6.0.2.621 28 21 27 25 19 17 Norton Internet Security 2008 15.0.0.60 25 18 25 25 18 25
  2. Here's the list as requested... Microsoft Windows [Version 6.0.6001] Copyright © 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : XXX Primary Dns Suffix . . . . . . . : XXX.XXX Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : XXX.XXX Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 00-1A-6B-E5-F3-84 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controlle r Physical Address. . . . . . . . . : 00-1C-23-0E-53-6A DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::ec84:10f6:65df:b71e%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.150(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, May 01, 2008 7:52:54 AM Lease Expires . . . . . . . . . . : Friday, May 09, 2008 7:52:56 AM Default Gateway . . . . . . . . . : 192.168.1.100 DHCP Server . . . . . . . . . . . : 192.168.1.27 DNS Servers . . . . . . . . . . . : 192.168.1.27 192.168.1.25 Primary WINS Server . . . . . . . : 192.168.1.27 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLAN Min i-Card Physical Address. . . . . . . . . : 00-1C-26-CB-6F-43 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{2F51C214-EF3C-4F27-A1D0-74F89B713 E58} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 15: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E3D9A567-B5BF-4930-8E13-E76CFE7F3 7F5} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 14: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{F5F94E89-3673-4AB1-B477-6F9257CC5 E5C} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Windows\system32>
  3. I forwarded the dll file as you suggested. Regarding the license error message, I don't show anything in my Windows logs at that time. I wasn't adjusting the time/date at the point where it threw an error about the license. Thanks
  4. We have a 50 workstation network license, and everything seems to be runing fine, when suddenly the AV symbol in the tray throws a dialog that it is closing. I open up KAV to see what's going on and the info window said the following... 4/29/2008 4:13:37 PM You have exceeded the maximum number of application copies that can be installed with this license key. Followed by ... 4/29/2008 4:13:46 PM Update completed successfully Then ... 4/29/2008 4:15:27 PM Protection of your computer started. What gives? I had KAV off temporarily as it kept interfering with the Network delivery setup of AutoDesk AutoCad Civil 3D 2009 which I believe was a false positive... 4/29/2008 1:57:48 PM Running process C:\WINDOWS\TEMP\_AIA.TMP\SETUP.EXE: detected modification of riskware 'Worm.generic'. 4/29/2008 1:57:49 PM Process C:\WINDOWS\TEMP\_AIA.TMP\SETUP.EXE (PID: 2808): "Terminate process" action chosen The license error happened about 14 minutes after I turned KAV back on. According to my event log, this license thing happened again last week. The program also deleted one of my dll's that was part of my PowerDVD program that I also believe was a false positive. 4/23/2008 12:17:03 PM File C:\Program Files (x86)\CyberLink\PowerDVD DX\fwnet.dll: detected Trojan program 'Trojan-Downloader.Win32.Zlob.lps'. 4/23/2008 12:17:03 PM Security threats have been detected. You are advised to neutralize them immediately. 4/23/2008 12:17:03 PM File C:\Program Files (x86)\CyberLink\PowerDVD DX\fwnet.dll: is still infected, cannot be disinfected. 4/23/2008 12:17:05 PM File C:\Program Files (x86)\CyberLink\PowerDVD DX\fwnet.dll: deleted. What's going on?
  5. Are there any known issues with Vista 64 that I should be concerned about? I installed the system yesterday and got all my software working and the system humming along. I just installed KAV (restarted the system), updated it (which required a restart of the system again) and started a full system scan. Since then I have had numerous crashed pointing at the ntdll.dll module during sessions of both Outlook 2007 and IE7. I have had no crashed up to this point. Thanks
  6. I am contiplating a changeover to Vista 64 bit from the 32 bit version. I am going down the list of software to check for compatability. The support site says ... "Kaspersky Anti-Virus 6.0 MP2 and Kaspersky Internet Security 6.0 MP2 partially support Windows XP 64-bit and Windows Vista 64-bit." Has anyone tried or tested 6.0.3.837 under Vista 64 bit? It says it is partialy supported, what does that mean exactly? Will the Admin console work under the 64 bit environment (6.0.1572)? Thanks for your help.
  7. I've had a similar problem on some of my Workstations with the Self-Defense. KAV was triggering memory errors and memory dumps. All of these workstations were recent upgrades to 6.0.3.837 from 6.0.2.690. I was unable to uninstall them via Add/Remove Programs because it could not stop the services. I finally had to cancel the uninstall, and it tried to rollback. I then uninstalled the network agent and restarted the system. On restart the icon was greyed out and was asking to restart to update a component. I canceled and then re-ran the Uninstall from control panel, this time it completed and I was able to restart again with no problem. But with No KAV on the system. Like everyone else all the rest of my systems are currently freaking out. They are all running 6.0.3.8xx.
  8. There is a program I recieved some time ago that would go through a system and remove all reg items and files and all other traces of KAVWS from a system if the add/remove program option fails. I can't seem to find any such file on the web site. Does it even exist anymore? Thanks
  9. I too had this problem once or twice. It happened to me during a workstation installation and I had a Blue Screen. Tech support told me... Sorry to hear… I would run a netsh command and also remove the NDIS filter if you haven’t already, then reboot. Thank you. I was also given a file from our tech guys that would repair the IP stack. This always worked for me. It was called Winsockxpfix.exe. as the file says in the name it is for Windows XP.
  10. Thank you for replying at least. Your telling me to just read the manual, while usually this may be helpful, was not the kind of answer I was looking for. I did read the manual, thanks. While the following from the manual may be enough for you... Create a package for Kaspersky Anti-Virus for Workstations 5 using a wizard. The wizard is started using the Remote Install node in the shortcut menu. The .kpd file required to create the installation package is located in the root of the Kaspersky Anti-Virus for Workstations distribution file. The license key file for Kaspersky Anti-Virus for Workstations is also located in this root directory. Specify the license key file used for the operation of Kaspersky Anti-Virus Windows Workstations. It wasn't for me as there are 2 options to create the package. The first is "Make Kaspersky Lab's application package" and the second was "Make installation package for specified executable file". The second option is what I was selecting and picking the .exe installation package for the workstation installation. This was the reason it wasn't creating the package correctly. You will notice that the manual does not mention the need to depack the executable file first. I discoved, no thanks to your helpful suggestion to "read the manual", that when you browse using the first option, the default is to select the .kpd file. If you then select that pull down, there is an option for "Self extracting archive .exe", this is what I was missingin my step. If you select this option and then select the workstation .exe package it will automaticly extract the package for you right there and select the .kpd file for you from the package then allow you to select the license file. There is no need to depack it yourself. As you can see the manual was less than clear regarding this option. I was able to fiddle with it and discovered the self extracting archive option myself. Next time less stupid "post icons" and sarcasm in your answer would be more helpful. Thank You
  11. I seem to be having a problem creating a remote installation package for the push install of KAVWS 6.0.3.837 with the latest version of the admin kit (6.0.1572). I create the package with the option to create it from an executable file, where I select the KAVWS file. It creates the package, but it is creating it incorrect. It will not allow attachment of the license file and it installs only interactivly on the target system. i have run through the creation a number of times, I don't see what I'm doing wrong. Thanks
  12. I have been bouncing around the website looking for the changelist for the latest version of KAVWS. Where can I find a change list for what has changed from 6.0.3.830 to 6.0.3.837 for both the server product and workstation? Thanks
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.