Jump to content

Rob_R

Members
  • Content Count

    205
  • Joined

  • Last visited

Everything posted by Rob_R

  1. This issue isn't really solved, I only provided a workaround to try and deal with an issue that has existed since day 1 when it comes to managing Macs. Is there any information why this occurs or a fix? I've been thoroughly testing Sophos and it doesn't occur with that product. I've attached a screenshot of a client that has not changed its name or IP since installing AV 3 weeks ago but Kaspersky keeps creating duplicates.
  2. Hello Virgil, Often duplicates are marked with the same name followed by "~239839273" (arbitrary number as an example), so you could see "localhost" as one computer and "localhost~239839273" as another. Sometimes you don't see that because of a name change so you'll have two clients with two different names but basically the same. Another way to identify is by going to the properties of the client, under general you would see a yellow highlighted area indicating there is a duplicate with a link. Clicking this link will bring up another window with the list of duplicates, it shows you last connected time and if it is not current as in minutes just right click the client in the list and select remove. Good luck.
  3. We have a very large Mac installation and I would categorize managing them and their Kaspersky installs as a Nightmare since the first version of AV for them came out. This particular issue you've been having has been there since day 1. Here is some information that may shed some light as to why Kaspersky gets easily confused and perhaps it will help their developers fix the issue. The Mac is basically a UNIX computer. UNIX uses a “Hostname” and a “LocalHostName” which is basically the FQDN and the Computer Name respectively. Apple uses a third name called the “ComputerName”, why I don’t know because it is basically the same as the LocalHostName except that UNIX usually puts .local at the end of the LocalHostName. This is all fine on a new install, but when a user renames the Mac, they can only change the ComputerName and Apple doesn’t change the two UNIX names when the user changes the Mac name. When you have a lot of Macs like we do it's easy to see this mess as Kaspersky doesn't update the information on the client it often sees these different names as different clients. There is continuous maintenance that we have to do to try and keep everything clean as there are many of these clients that have corresponding duplicates, sometimes 3. I've not yet found a way to change the name showing in Kaspersky Admin Console. This is just one of the problems with Kaspersky and Macs, more time and money is spent just trying to keep Kaspersky running on these Macs. We often have Macs to fix for real time protection being off and won't start, corrupted databases, inability to start tasks, re-installs of the client to try to fix things but often does nothing. It adds another level of complexity when you're centrally managing these Macs for remote locations and from a Windows server with no access to remote into them. The worst and only virus issue we ever had was caused by a Mac last year that while connected to our file server infected a majority of the files. This Mac had Kaspersky installed but protection was off which is fairly common we find. This was prior to the KES 10 release which we are testing now, I hope it fairs better than it's predecessors.
  4. I highly recommend you stick to KES 8 WSEE for the domain controllers. At one of our locations the KES10 client on the DC, which was installed in error, basically started blocking all communication because it thought there was a DDOS attack. My guess is due to all the activity with authentication, DNS and other requests the client thought it was being attacked. We've never had an issue with KES 8 WSEE.
  5. Thanks for the response, I'll work on that GSI report and notify tech support. I just realized when it happens, if I've been disconnected from my Cisco VPN client for work and I reconnect, as soon as that connection is complete I get an instant BSOD.
  6. For the second time since installing KIS2013 on my Windows 8 RTM 2 weeks ago I've gotten a BSOD with BAD_POOL_CALLER. When looking at the DMP files it references KNEPS.SYS as the culprit. I currently have version 13.0.1.4190 ( b ) installed which seems to be the latest version. Is there a fix for this issue?
  7. And shouldn't those testing W8 at the Enterprise also run anti virus?
  8. Windows 8 may not have been released to the general public yet but it was made available to Enterprise back in August. Therefore there will be those corporate users that are using Windows 8 or are testing Windows 8, apparently they have to do so with alternate AV protection because they have to wait until 2013? But it's great that home users can already run a supported Kaspersky product with Windows 8 considering it won't be released until the end of the month. I think someone got their priorities mixed.
  9. You can take your business anywhere you want but you'll end up with the same problem. I haven't used one AV solution that has been able to stop these Rogue Trojans from getting installed and have found the best method for these specific types is user education. Rogue Trojan software is installed because it tricks the user into installing it by clicking something on the screen. Rogue software looks generally the same other than the name of the fake AV solution that is supposed to help fix the problem. Tell your users that when the fake AV pops up to just hit ALT-F4 until their browser shuts down, if they can't handle that just tell them to turn off their computer then power it back up. I've had these pop up from time to time even going to legitimate sites and I just use ALT-F4 and have never had one install.
  10. We have found that dealing directly with companies in regards to licensing, pricing or anything other than support to be quite frustrating at times. We deal with resellers\partners for pretty much all our products like IBM, VMWare, Kaspersky and Symantec before then. Surprisingly Dell has been pretty easy to deal with directly and we continue to do so. Nice thing about the reseller\partner is that we only need to contact one source for our needs and they track everything for us. We can ask for a licensing report for a specific product and we get it way faster than trying to sort out that info ourselves.
  11. I was also having this issue and the only way I've been able to supress that message and get a GREEN icon is to go to the TASK list and select to do a FULL SCAN. This is not the GROUP scan but the FULL SCAN that runs the local computer full scan on the client. I suspect that the issue is that unlike the PC client where you can include System Memory, Start Up Objects etc in the Group Scan Task, on the Mac you can only include Local and Network drives. It seems that forcing a local scan will include objects not available in the Group Scan which marks the scan as complete.
  12. There have been way too many issues that I've seen on this forum going the upgrade route. Even when upgrades go well many report problems with corrupted virus definitions, communication issues or other errors that I have not even come across with clean installs. I configured a new server with Server 2008 R2, installed Kaspersky 2134 and configured it clean in half a day and am ready to run KLMOVER task for our network. My Kaspersky configuration is for 2000 clients across about 48 remote locations in the US and Canada. When I do have issues I never have to wonder if it's an issue due to the upgrade. I recommend clean installs for anyone, it might take longer to setup compared to upgrades that go well but it is much faster and cheaper than dealing with upgrades that don't.
  13. I have the network agent now. Is there a way to preconfigure it's settings so the user doesn't have to enter any information?
  14. Ensure that you have enabled the checkbox to lock the policy settings that you want to enforce, if the policy setting is not locked the specific setting will not be enforced on the client.
  15. Is this a joke or serious? Because in all my life dealing with computers I've never heard of such a thing unless it's on a company network and someone is messing with you. Is this a home network or business? Are you not using a router/firewall device? If you are seeing SSH attacks in your logs disable SSH, if you are being remotely accessed disable common remote desktop ports. If this is a home network then it sounds like you're directly connected which makes you very vulnerable to attacks, get a router to start and go from there.
  16. Now that it's released, where does one find the Network Agent for Mac? Documentation says it's in the distribution zip file but I don't see it anywhere. I installed the plugin on the Admin Kit and have my Endpoint package ready and I just need the Network Agent so that I can start testing. Thanks.
  17. I have not seen any Antivirus product that prevents Rogue Trojans from being installed and I've used many different products. The only 100% failsafe solution is to educate your users to ALT-F4 out of the browser when these pop up. Malware Bytes is a great product but once these Rogue Trojans are installed I've had instances where even Malware Bytes cannot clean them and I've had to do it manually. If you need to do it manually http://www.bleepingcomputer.com/ is a great resource.
  18. The best defense against them are user education. Send a document out to your users that includes screen shots of the typical trojan software that they would see while on the internet. In that document ensure you instruct the user to not click anything in the browser since clicking even cancel installs the trojan. Then instruct the user on the use of ALT-F4 to shutdown the browser, after that they can launch their browser and carry on their day. We had a run of infections last year and since we communicated this information to our users we've had little problems with them.
  19. I had this issue and a number of people complaining as well. What I did was for the Group Scan Task under properties I checked the box showing under Run Mode "Pause scheduled scan when screesaver is inactive or computer is unlocked" ( Seems like a fancy option for 'scan during idle time'). At first I had concern that I would get many clients showing as not scanned in a long time but I don't get that many more than I used to get without the option checked. Since clicking this option I no longer get users complaining.
  20. So you have a Windows XP client that has two NICs, one connects to private and the other has connection to the internet and you're current protection is antihacker? I think you should have bigger concerns with this setup then why your ping isn't working. Talk about scary.
  21. If you are deploying 6.0.4.1424 client then you should be running Admin Kit 8.0.2090.
  22. I had to go back and check to see if this patch was even installed on my clients as i have had no issues, I have verified that my clients show as having the "A" and "D" patches installed. I don't use proactive defense on a majority of clients but even those clients that do have it enabled have not had problems. We have also not had any Outlook 2007 issues and this is across over 500 clients. I know this is not adding anything to the problem, I merely posted it as I find it odd that an issue like this doesn't affect everyone.
  23. I had a similar issue with one of our locations backup, I tried many different exclusions but nothing was really helping. In the end I just scheduled the realtime protection to pause on the backup server during the backup operation. This allowed them to get full backup performance during the backup and remain protected at other times automatically.
  24. I have not come across any Antivirus Suite that is able to stop this type of malware/scareware from getting installed. I bet that Malware Bytes would not stop it from getting it installed either but that it would detect it's precense after it was installed. The issue here is that this type of malware is trickware, the user is tricked into clicking a button on the screen which initiates the process. I find that Kaspersky in fact does detect the malware and disinfects it but by that time the rootkit has been stealthed already. This type of Malware requires user education, they need to know NOT to click ANYTHING when the fake scanning is on the screen as it doesn't matter if you click ok or cancel it installs the trojan. Easiest defense against this trojan is to close the browser completely if it comes up, I use ALT-F4 just to ensure I don't click anything to trigger it.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.