Jump to content

AOsborn

Members
  • Content Count

    21
  • Joined

  • Last visited

About AOsborn

  • Rank
    Candidate
  1. I have KAV 6 at a few client's offices, about 500 PCs total. The versions varies from 6.0.2.678 and 6.0.3.837. Admin kit is 6.0.1572. Very few of the computers have a problem (10 total maybe), some locations have more than others (1 client has 5-7 who get it). Other locations may just reboot and not tell me, which fixes it. The problem is every week or 2 a computer will lose it's mapped drives, internet connection, printers, etc. A reboot always fixes it. I finally found out that the reasons was I couldn't ping a server only from the computer with the issue, all other devices are pingable. At the largest client who has this issue the IP that gets blocked is the DNS server which stops their internet connection, printers, shared files, etc. A backup dns server has fixed that, but still the server is unpingable and I can't access files/printers from it when the problem arises. I didn't think it was KAV right away until I start a constant ping to the server (ping -t 192.168.1.x) and every ping says "Request Timed Out". I then exit KAV and it starts pinging fine instantly. I had no idea what was going on until I checked the Events on the problem computer in the admin kit and noticed this error everytime the problem arises: Intrusion.Win.LSASS.exploit! Attacker's IP address: 192.168.0.12. Protocol/service: TCP on local port 139. Time: 12/12/2007 9:59:12 AM It seems KAV thinks the server has LSASS and is attempting to infect this computer, so the anti-hacker shuts down TCP connection to the server, thus blocking file access. This server is only a file server, not the admin server or anything else. It also has KAV for servers installed (Windows 2003) and has no viruses on it. That error is the same at all my clients with this issue. Also the same server at each client is what's getting blocked, although they provide different functions (some are just file server, some is the admin server, some are SBS servers). Any clues on how to fix this without disabling anti-hacker, or is it a known bug? Thanks!
  2. I recently started a task to migrate all of my SQL applications to a single instance of SQL (Backup exec, KAV, WSUS, etc). This should save on system RAM usage and maintance of the instance (can backup all databases at once). I used klbackup to backup the admin server, I copied the cert folder and uninstalled KAV admin server completly. I then installed using the new SQL Server 2005 Express instance I had. I then restored the server using klbackup and ran the admin console. It said it couldn't connect to the server so I replaced the Cert folder and the console opened fine. I synchronized some clients and did a deployment and everything seemed fine. The next day I had a few, around 10 of 75, users say they got a message upon boot up, Previous Launch of Kaspersky Anti-Virus Failed. Nothing is showing up in their eventvwr or anywhere else with the cause. I can synchronize those clients and they are getting updates. They still get the error 3 days later although the client seems to be working fine. Does anyone know what can be done to fix this? Admin Kit 6.0.1405 KAV 6.0.2.678 on almost all clients. I updated a few to 6.0.3.830 just now to see if that would fix it, we'll see tomorrow. Thanks!
  3. I'm attempting to deploy KAV 6 via the admin server on about 200 computers. The computers have McAfee Total Protectio for Small Business 4.5.0.465 I've searched the registry and they don't have a GUID to uninstall via msiexec. I have found that I can uninstall the AV component by the following: "C:\Program Files\McAfee\Managed VirusScan\Agent\myinx.exe" /Script=C:\Program Files\McAfee\Managed VirusScan\Agent\mycioagt.inx /Section=DefaultUninstall It runs the script engine called myinx.exe. You feed it a script and a switch to uninstall McAfee. The computers have the following components: McAfee HackerWatch Service McAfee Personal Firewall Service McAfee Virus and Spyware Protection Service McShield The script I have uninstalls half of it, McAfee Virus and Spyware Protection. Uninstalling McAfee Personal Firewall from the control panel will remove the other 3 things. Does anyone know how to remove the McAfee firewall? I can't deploy KAV with it on there. I've tried a bunch of other scripts and it won't remove that component. I've searched a bunch of uninstall scripts but they don't include this version. They all use GUIDs. Thanks!
  4. I'm not sure this is what I want. This is to change the service, which works just fine. The problem is when I deploy the network agent to other computers in the domain I get "access denied" messages only when I select "Default account" in the deployment wizard. When I click "Use specified account" I can manually type in the correct username and it works fine. This leads me to beleive I typed in the "Default account" username incorrectly. I remember typing in a username during the admin server install, I just need to type it in again. The service is starting with Local System, which works fine. Thanks again.
  5. Hello, I recently installed the Admin Kit 6 on a new server and just did the initial configuration. I attempted to deploy some applications but they all fail, said "admin$ is unavailable (access is denied)". If I deploy with an account specified it works fine. I assume I either typed in the password incorrectly or I didn't use a domain account (used local instead, it did deploy to the localhost fine). I can't see anywhere how to change the username/password for the "default account". I'd hate to reinstall or specify a username/password everytime I deploy something. Thanks!
  6. Which module is scanning this? The real-time scan? I would prefer it not to do it at all, since it isn't necessary. Is there a way to exclude it?
  7. I'm using KAV WS 6.0.2.678 with Admin Kit 6.0.1405. We have Exchange with a spam filter appliance that sends items to the junk e-mail folder in Outlook. Because of this we turned off Anti-Spam in a policy. It seems that KAV is still scanning Outlook because we get a bunch of events saying it found a Trojan/Virus in the deleted items folder, after we empty the junk mail folder. Here is an example of the event: Severity: Critical Application: Kaspersky Anti-Virus 6.0 for Windows Workstations Version number: 6.0.2.678 Task name: Quarantine (no task is listed called this under the computer) Computer: PCNAME Group: GROUPNAME Time: TIME Description: Quarantine: File Outlook\Mailbox - USERNAME\Top of Information Store\Deleted Items\EMAILSUBJECT detected modification of Trojan program 'Trojan-Spy.HTML.Fraud.gen'. What is scanning Outlook? Thanks!
  8. Thanks for the info. It helped a lot. I've searched all over for the Keep connection alive check box but I can't find it in KAV 5 or KAV 6 (I use both on different PCs). Can you let me know where this is found in the settings? I assume it was under network, but it isn't. Thanks!
  9. Hello, I have the desire to connect a few computers to my Admin Server over the internet. I opened ports 13000, 14000, and UDP 15000-15002 (not sure if that was needed). I can successfully connect to the admin kit by using the klmover.exe command and specify the server's external IP address. The server has the information of the client. Obviously I can't use the Admin Server to connect to the client or push any policies because the client is behind it's own firewall, it would be too much of a hassle to open up the ports at every site or use VPNs everywhere. Is there a way to have the client start the connection to the server and get the policy (pull rather than push from the server)? This is for desktops right now but what would mobile users do who are rarely on the local network if you wanted them to have the updated policy? Thanks!
  10. I deleted everything in the Updates folder and started the update task. I then updated the problem workstations. The update task for the server and workstation has all available updates selected. Each computer is still getting the "Error loading the task executable modules" message on the admin server.
  11. I have Kaspersky for Workstations 5.0.712. In the admin kit under functional failures I get this message on all computers, twice a day: "Error loading the task executable modules" For the task: "Update anti-virus database and application modules" It's been happening for the past few weeks or so (as far as I can tell). I deleted the Updcfg.xml file from: C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus for Windows Workstations\5.0\Bases\ But that didn't fix it. Anything else I can try? Thanks!
  12. Admin Kit 5.0.1151 MMC 2.0 I haven't quite inventoried all the PCs yet. But the network is a mix of Windows 2000 and XP. Some of the Windows XP PCs show up and then some do not, they can be right next to each other, installed at the same time, same applications.
  13. I am deploying Kaspersky 5 at a new location. Admin kit and workstation. About 40 of the 60 PCs are discovered upon the initial install (network discovered and AD scan I assume). I move all the PCs with an IP address into a group I create, that goes well. I do that so I know the PC isn't an old AD computer. But then about 20 PCs I can't connect to at all. I know the IP of certain PCs, I have File and Print sharing enabled, no firewall, same subnet as rest. The PC is pingable as the rest. But I can not connect to it in Kaspersky using IP or the computer found from AD.
  14. The update task I created for the clients runs as normal (Completed status). I'm unsure how to check the server update version. I did notice that "Deploy anti-virus database automatically on all clients" wasn't checked in the properties of Updates. I then did a manual download of updates on the server. This is something I haven't had to do yet on any of the other Kaspersky deployments I've done. Is this something I have to do once a week or should be scheduled? Or should it just work?
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.