Jump to content

Julesss2

Members
  • Content Count

    58
  • Joined

  • Last visited

About Julesss2

  • Rank
    Candidate
  1. Hi, is there some switch or command available to force installation on unsupported database versions ? (Such as MariaDB 10.x) While I understand Kaspersky Lab prefer we use MS SQL or old versions of Oracle products, it is just additional burden to install (and potentially purchase) MS SQL server when an entreprise is running with MariaDB that is a drop-in replacement for MySQL and would support anything MySQL does.
  2. Hello, after update, KPM force closes when opening on Android 6, tested on ZenFone 2 (Intel) and ZenFone2 kaser (Qualcom). I already tried to reinstall with no success. Was forced to update because after updating on Windows, database got updated and became incompatible with previous version. Trace says "Unable to instantiate activity ComponentInfo{com.kaspersky.passwordmanager/com.kaspersky.passwordmanager.gui.KpmEnterCodeActivity} ClassNotFoundException: Didn't find class "com.kaspersky.passwordmanager.gui.KpmEnterCodeActivity" KPM is regressing over time and this is sad.
  3. It looks like a good workaround but won't be manageable from KSC unless i'm missing something, meaning I would have to use 3rd party tool to deploy a systemd timer.
  4. Hello, I would like to create a scan task for KES 10 Linux that would scan only binaries, but I don't see anything apart a mask to filter what to scan, as binaries don't have any extensions, I don't see how I could filter that.
  5. 1. When a master KSC connects to a a slave KSC, allow administrator to define the NIC used to contact said slave KSC server, currently KSC blindly uses default route and potentially fails because the server cannot be contacted using default NIC. 2. Allow to choose NIC used to download definition updates from KL servers. 3. Allow to choose NIC used to download MS updates.
  6. Also, You can use the parental control to filter that on the http part, but a security flaw of Kaspersky may allow any malicious software that know where to search to get the data you try to prevent leaking as it is stored unencrypted in a world readable file on your computer. While it will prevent kiddies to use your credit card and spend 500$ on league of legend skins, someone else may spend more on consumable purchase using your card, shipping it to some weird address and resell that stuff elsewhere, in a country where you're sure the police will tell you they cannot do anything about that. Best is to educate people to not use numbers that are not theirs.
  7. The ACL problem on programdata doesn't list KSOS at all, if the fix is to be released for it, it would at least reduce the scope of informations leak as it would require one to be elevated (if ACL fixed correctly) to read the config files. KSOS4 isn't based on KTS2016 as far as i'm aware of, and I didn't see any KSOS5 yet. Fixing the ACL is only postponing problems to later, not using programdata at all would be a good move. I was talking specificaly about the latest entry, as it was the most interesting one since it allows abusing kaspersky's ways from the same path.
  8. https://my.kaspersky.com / https://my.kaspersky.com/en/repass/ +33-825-888-612 (France) +1-905-415-4594 (Canada) Or try http://forum.kaspersky.com/index.php?showforum=331
  9. Modify system's default route to send everything to your VPN, if the VPN is down your packets will nullroute. I didn't see a way to change default route for a specific programs using Kaspersky's firewall. You could try to suggest it but there's low chance they'll add it as they still struggle to handle NIC binding correctly.
  10. Reported flaw involve writing, and making Kaspersky execute bad stuff, not reading, which is a different problem. (You should not be able to read some of the files there without elevation) Using the programdata folder at all is a problem by design, by the way Windows handle this folder. KSOS isn't listed on the fixed released versions on the report. If business users don't count, they'll look elsewhere. Sent a mail, if searching of https://encrypted.google.com/search?hl=fr&a...20vulnerability would lead to this page it would have been easier.
  11. This problem is confirmed on each version of Kaspersky based on home versions, including but not limited to KSOS. Depending on how work the higher business products, they may be affected too, didn't test. (Not my job to, not willing to waste my spare time with unresponsive support team) One could retrieve the list of strings/words given to kaspersky to prevent private data leaking, accessing the Kaspersky's file could allow one to obtain information on confidential data it didn't knew before, and know the exact strings Kaspersky will look for when searching for potential leaks, meaning it's worthless as it can be evaded. This issue is already public (meaning deleting this thread won't be useful) as I was fed up working with Kaspersky's support to get bugs resolved (and still seeing KSOS2 bugs in KSOS3 and KSOS4) While this issue will only affect users that trust Kaspersky's proxy filtering AND configured it (or knows it exist at all), I hope it will annoy enough people for Kaspersky to STOP ignoring bug reports for years. I'm fed up to fight with your support for half a year to just acknowledge something is a bug and was not fixed by the random last update that has nothing to do with my report, and yet, there's more fight to do all the time to get the problem resolved, the support team loves to close bug report tickets without checking if the problem was resolved. Thanks Kaspersky labs for building a protection solution that stores important data to folders having read access for "Users" group instead of storing it in private space. (Heard of NT Service accounts ? You could make use of NT Service\avp maybe ?) Big thanks to Kaspersky's support team for being very efficient at using pre defined answers. Congratulation on hiding any mail address I could use to contact the security team directly to report this issue. Yes I am angry and it is not nice, so was Kaspersky being nice to (not) fix bugs I report while I pay for their services, sell their licences to customers instead of selling competitor's licences. How could someone at Kaspersky thinks raw hex would be a secure way to store data. Damn.
  12. There is also a key called '.DEFAULT' , with some chance, it would correctly apply to each new/unset users to this Knowing KTS engine's is used for business product KSOS, I find it sad that it's impossible to edit the default profile from the GUI.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.