Jump to content

SLoweCSL

Members
  • Content Count

    52
  • Joined

  • Last visited

Everything posted by SLoweCSL

  1. I was reading an article about rootkits and saw that the German research group "AV-TEST" recently gave good marks to Kaspersky Internet Security 7 with it coming in second only to BitDefender Internet Security 2008 (congrats) as a suite, in their ability to stop the install, detect and finally remove rootkits. While this is great news for home users of version 7, where does that leave business users protecting their servers and workstations. We are using 6.0.3.837 across our network. What kind of rootkit protection is in this version of the software? It seems they conducted their tests on Wndows XP SP2, what about your software on Vista SP1or XP running SP3? PDF version here... http://www.av-test.org/down/papers/2008-04_vb_rootkits.pdf Thanks Product Version Detection of Detection of Detection of Removal of Removal of Removal of inactive samples actively running malware hidden inactive samples actively running malware hidden rootkits by rootkits rootkits by rootkits Reference (max) -> 30 30 30 27 30 30 INTERNET SECURITY SUITES Avira AntiVir Premium Security Suite 7.06.00.168 28 29 30 25 7 7 BitDefender Internet Security 2008 11.0.13 30 28 29 27 23 27 Bullguard Internet Security Suite 7.0.0.27 30 7 10 27 4 0 G DATA InternetSecurity 2008 18.0.7227.533 30 9 4 27 7 0 Kaspersky Internet Security 7.0 7.0.0.119 28 24 28 25 22 25 Kaspersky Personal Security Suite V 6.0.2.621 28 21 27 25 19 17 Norton Internet Security 2008 15.0.0.60 25 18 25 25 18 25
  2. Here's the list as requested... Microsoft Windows [Version 6.0.6001] Copyright © 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : XXX Primary Dns Suffix . . . . . . . : XXX.XXX Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : XXX.XXX Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 00-1A-6B-E5-F3-84 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controlle r Physical Address. . . . . . . . . : 00-1C-23-0E-53-6A DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::ec84:10f6:65df:b71e%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.150(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, May 01, 2008 7:52:54 AM Lease Expires . . . . . . . . . . : Friday, May 09, 2008 7:52:56 AM Default Gateway . . . . . . . . . : 192.168.1.100 DHCP Server . . . . . . . . . . . : 192.168.1.27 DNS Servers . . . . . . . . . . . : 192.168.1.27 192.168.1.25 Primary WINS Server . . . . . . . : 192.168.1.27 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLAN Min i-Card Physical Address. . . . . . . . . : 00-1C-26-CB-6F-43 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{2F51C214-EF3C-4F27-A1D0-74F89B713 E58} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 15: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{E3D9A567-B5BF-4930-8E13-E76CFE7F3 7F5} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 14: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{F5F94E89-3673-4AB1-B477-6F9257CC5 E5C} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Windows\system32>
  3. I forwarded the dll file as you suggested. Regarding the license error message, I don't show anything in my Windows logs at that time. I wasn't adjusting the time/date at the point where it threw an error about the license. Thanks
  4. We have a 50 workstation network license, and everything seems to be runing fine, when suddenly the AV symbol in the tray throws a dialog that it is closing. I open up KAV to see what's going on and the info window said the following... 4/29/2008 4:13:37 PM You have exceeded the maximum number of application copies that can be installed with this license key. Followed by ... 4/29/2008 4:13:46 PM Update completed successfully Then ... 4/29/2008 4:15:27 PM Protection of your computer started. What gives? I had KAV off temporarily as it kept interfering with the Network delivery setup of AutoDesk AutoCad Civil 3D 2009 which I believe was a false positive... 4/29/2008 1:57:48 PM Running process C:\WINDOWS\TEMP\_AIA.TMP\SETUP.EXE: detected modification of riskware 'Worm.generic'. 4/29/2008 1:57:49 PM Process C:\WINDOWS\TEMP\_AIA.TMP\SETUP.EXE (PID: 2808): "Terminate process" action chosen The license error happened about 14 minutes after I turned KAV back on. According to my event log, this license thing happened again last week. The program also deleted one of my dll's that was part of my PowerDVD program that I also believe was a false positive. 4/23/2008 12:17:03 PM File C:\Program Files (x86)\CyberLink\PowerDVD DX\fwnet.dll: detected Trojan program 'Trojan-Downloader.Win32.Zlob.lps'. 4/23/2008 12:17:03 PM Security threats have been detected. You are advised to neutralize them immediately. 4/23/2008 12:17:03 PM File C:\Program Files (x86)\CyberLink\PowerDVD DX\fwnet.dll: is still infected, cannot be disinfected. 4/23/2008 12:17:05 PM File C:\Program Files (x86)\CyberLink\PowerDVD DX\fwnet.dll: deleted. What's going on?
  5. Are there any known issues with Vista 64 that I should be concerned about? I installed the system yesterday and got all my software working and the system humming along. I just installed KAV (restarted the system), updated it (which required a restart of the system again) and started a full system scan. Since then I have had numerous crashed pointing at the ntdll.dll module during sessions of both Outlook 2007 and IE7. I have had no crashed up to this point. Thanks
  6. I am contiplating a changeover to Vista 64 bit from the 32 bit version. I am going down the list of software to check for compatability. The support site says ... "Kaspersky Anti-Virus 6.0 MP2 and Kaspersky Internet Security 6.0 MP2 partially support Windows XP 64-bit and Windows Vista 64-bit." Has anyone tried or tested 6.0.3.837 under Vista 64 bit? It says it is partialy supported, what does that mean exactly? Will the Admin console work under the 64 bit environment (6.0.1572)? Thanks for your help.
  7. I've had a similar problem on some of my Workstations with the Self-Defense. KAV was triggering memory errors and memory dumps. All of these workstations were recent upgrades to 6.0.3.837 from 6.0.2.690. I was unable to uninstall them via Add/Remove Programs because it could not stop the services. I finally had to cancel the uninstall, and it tried to rollback. I then uninstalled the network agent and restarted the system. On restart the icon was greyed out and was asking to restart to update a component. I canceled and then re-ran the Uninstall from control panel, this time it completed and I was able to restart again with no problem. But with No KAV on the system. Like everyone else all the rest of my systems are currently freaking out. They are all running 6.0.3.8xx.
  8. There is a program I recieved some time ago that would go through a system and remove all reg items and files and all other traces of KAVWS from a system if the add/remove program option fails. I can't seem to find any such file on the web site. Does it even exist anymore? Thanks
  9. I too had this problem once or twice. It happened to me during a workstation installation and I had a Blue Screen. Tech support told me... Sorry to hear… I would run a netsh command and also remove the NDIS filter if you haven’t already, then reboot. Thank you. I was also given a file from our tech guys that would repair the IP stack. This always worked for me. It was called Winsockxpfix.exe. as the file says in the name it is for Windows XP.
  10. Thank you for replying at least. Your telling me to just read the manual, while usually this may be helpful, was not the kind of answer I was looking for. I did read the manual, thanks. While the following from the manual may be enough for you... Create a package for Kaspersky Anti-Virus for Workstations 5 using a wizard. The wizard is started using the Remote Install node in the shortcut menu. The .kpd file required to create the installation package is located in the root of the Kaspersky Anti-Virus for Workstations distribution file. The license key file for Kaspersky Anti-Virus for Workstations is also located in this root directory. Specify the license key file used for the operation of Kaspersky Anti-Virus Windows Workstations. It wasn't for me as there are 2 options to create the package. The first is "Make Kaspersky Lab's application package" and the second was "Make installation package for specified executable file". The second option is what I was selecting and picking the .exe installation package for the workstation installation. This was the reason it wasn't creating the package correctly. You will notice that the manual does not mention the need to depack the executable file first. I discoved, no thanks to your helpful suggestion to "read the manual", that when you browse using the first option, the default is to select the .kpd file. If you then select that pull down, there is an option for "Self extracting archive .exe", this is what I was missingin my step. If you select this option and then select the workstation .exe package it will automaticly extract the package for you right there and select the .kpd file for you from the package then allow you to select the license file. There is no need to depack it yourself. As you can see the manual was less than clear regarding this option. I was able to fiddle with it and discovered the self extracting archive option myself. Next time less stupid "post icons" and sarcasm in your answer would be more helpful. Thank You
  11. I seem to be having a problem creating a remote installation package for the push install of KAVWS 6.0.3.837 with the latest version of the admin kit (6.0.1572). I create the package with the option to create it from an executable file, where I select the KAVWS file. It creates the package, but it is creating it incorrect. It will not allow attachment of the license file and it installs only interactivly on the target system. i have run through the creation a number of times, I don't see what I'm doing wrong. Thanks
  12. I have been bouncing around the website looking for the changelist for the latest version of KAVWS. Where can I find a change list for what has changed from 6.0.3.830 to 6.0.3.837 for both the server product and workstation? Thanks
  13. Thank you. I appears I didn't have "My Computer" checked. I have changed this and will see how it goes.
  14. Currently running Admin kit version 6.0.1565 and a mix of workstations running 6.0.2.690 and 6.0.3.830. I am noticing that the Admin kit is not updating with the latest information on the workstations. All of my workstations are showing up as critical because it says that they have not had a full scan done since 10/3/2007. I checked my task for the group that schedules a full scan to be done weekly, and the results say that the workstations were scanned 10/31/2007 successfully, which is when they are supposed to be scanned (weekly on Wed.). I've tried refreshing the console and also synced the group from the console. Still will not update the status. Any Ideas? Thanks
  15. Are there changelogs available for all these new versions including the Admin Server? I would like to see what's changed since .609. I couldn't find it on the web site. Thanks
  16. I have been in contact via e-mail with corporate support for a while now regarding an open issue. I tried to contact them for an update and the Kaspersky mail gateway rejected multiple attempts to reach them. This is the address I have been using it was working fine up to today. corporate-support@us.kaspersky.com Is something going on? The message is below... This is the mail system at host mailgate.kaspersky-labs.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <corporate-support@kaspersky.com>: host relay1.kaspersky-labs.com[212.5.80.24] said: 550 <corporate-support@kaspersky.com>: Recipient address rejected: User unknown in relay recipient table (in reply to RCPT TO command)
  17. If you have to do it manually, this page from Symantec steps you through it (one computer at a time though)... http://service1.symantec.com/support/ent-s...74?OpenDocument The removal tool only works with the home versions of their products... http://service1.symantec.com/SUPPORT/tsgen...005033108162039
  18. I recieved my last Admin server update Monday at 2:00pm EST and since then, The Admin server keeps getting an error when downloading the updates. I have stopped the service and removed the \bases\ directory and started the Admin server update task manually and it got 3/4 the way through then it gave the following error... Failed Severity: Error Application: Kaspersky Administration Kit Version number: 6.0.1405 Task name: Download updates Computer: Administration Server <servernamehere> Group: Servers Time: Tuesday, September 25, 2007 1:31:03 PM Description: Update task complete. A file necessary for updating is missing from the update source. Troubleshooting recommendations: 1) If you are updating from Kaspersky Lab servers, run Updater again. If the error occurs again, send the Updater trace to Technical Support to clarify the problem. 2) If you are updating from a user-defined source, copy the correct database to that source. I am not sure what the "updater trace" is that it says to send to Tech support. There is sufficent space on the hard drive (3-4 gigs), so that doen't seem to be the problem. What should I do next, all of our clients are no longer recieving signature updates? Thanks
  19. Sometime over the weekend an update was recieved for KAVWS 6.0.690 that required a restart of the systems. While this is not a big deal, is there any way to know what the update was that was requiring the restart of the system? The build still shows the same, what was updated? Is there any way that in the future, when the red message window pops up telling you that an update requires a restart, that it can also tell you what that update was? Thanks
  20. I uploaded the file. But I was wondering what setting I could disable to prevent this from happening temporarily. Is it the "Enable Advanced Disinfection Technology" option doing this or is it something else. Thanks
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.