Jump to content


  • Content Count

  • Joined

  • Last visited

About jbeluche

  • Rank
  1. Hi, Thank you for your answer. I'm confused to confess that I've not read carefully the documentation. The documentation explain the SVM selection. I understand that it's not fixed, but is there a way to know which SVM is currently used by a Light Agent?
  2. Hello, We are using Light Agent on a VMware vCenter composed of 6 hypervisors. We deployed one SVM by hypervisor. Last week, we added a new hypervisor so a new SVM on it. We forgot to installed the license on this new SVM and I discover that some VM not hosted by this hypervisor tried to use it. I though that the Light Agent would use the SVM hosted on the same supervisor. How is it really working? Is there a way to know which SVM is used by a Light Agent? Integration Server is selected in SVM discovery settings.
  3. Hi, Yes, you can mark this topic as solved. Thank you
  4. With your help, I better understand were is our mistake. We managed the devices on the master KSC and we though that the KSC in DMZ will only served as a proxy. But in fact, the devices must also be moved intro groups from "unassigned devices" group. We moved the laptop into a group and now the policy is correctly applied. So I guess we need to manage roaming devices on the master KSC and on the slave DMZ KSC. I'll search again in the documentation. Thank you for your help.
  5. Now that you mention it, I see that there is a message when the policy is applied. Therefore, I look again into the problem and I think I've omit an important information. Our master KSC is in our LAN network and we've created a slave KSC in our DMZ. On this slave KSC, they are no specific policy or tasks except the policies inherited by the master. We also add a rule in the network agent policy that enable a profile named "Nomade_Profile" which change the server address and enable the OOO Profile. This profile is enabled when Windows domain is not accessible. You can see below screenshot of the network agent policy. If I'm correct, when a laptop is outside our company LAN, the network agent policy is correctly switching to the "Nomade_Profile" as Windows domain is unavailable. It is correctly reported by klnagck.exe. Also, OOO policy parmerters are set correctly as I see the "Network Attack Blocker" time changing to 61 minutes. But then, like you say, there is no more policy applied as the message ", you are working under a policy" disappear. This explain why all settings are unlocked. Problem is, I don't see where is my mistake. Is it because the laptop is able to contact the slave KSC by internet? But in this case, shouldn't the active policy be applied?
  6. Hello, I send you the files by private message. Thanks ! Jérémy
  7. Thank you for your answer. In the KSC configuration, the switching is define to be on "Domain unavailable". It's working correctly, as reported by the klnagchk.exe command. My issue is that when my laptop switches on OOO policy I'am able to change all KES settings despite the policy is configured to lock them. Above is the OOO policy screenshot: And in the KES when using OOO profile, I can edit the parameters and I see that the minute value is correct (61 minutes instead of 60 minutes in the default Active policy) And the klnagchk.exe says: C:\Program Files (x86)\Kaspersky Lab\NetworkAgent>klnagchk.exe Starting utility 'klnagchk'... Checking command line options...OK Initializing basic libraries...OK Current device is 'COMPANY\LAPTOP' Network Agent version is '10.4.343 (a)' Reading the settings...OK Settings verification...OK Network Agent settings: Used profile: 'Nomade_Profile' Administration Server address: 'kcenter-dmz.company.com' Use SSL connection: 1 Compress traffic: 1 Numbers of the Administration Server SSL ports: '13000' Numbers of the Administration Server ports: '14000' Use proxy server: 0 Administration Server certificate: not installed Open UDP port: 1 Numbers of UDP ports: '15000' Profiles Profile name: 'Nomade_Profile' Administration Server address: 'kcenter-dmz.company.com' Use SSL connection: 1 Compress traffic: 1 Numbers of the Administration Server SSL ports: '13000' Numbers of the Administration Server ports: '14000' Use proxy server: 0 Switch to out-of-office mode: 1 Locations Location name: Nomade Profile to use: "Nomade_Profile" Condition: Available Windows domain, "0" Synchronization interval (min): 15 Connection timeout (sec): 30 Send/receive timeout (sec): 180 Device ID: Attempt to connect to the Administration Server...OK Attempt to connect to the Network Agent...OK Network Agent is running Receiving the Network Agent statistical data...OK Network Agent statistical data: Total number of synchronization requests: 1 The number of successful synchronization requests: 1 Total number of synchronizations: 0 The number of successful synchronizations: 0 Date/time of the last request for synchronization:07/03/2018 16:23:23 GMT (07/03/2018 17:23:23) Deinitializing basic libraries...OK I hope it's more clear to you.
  8. Hello, Since the replacement of Google Drive by Google File Stream, we've a lot of notifications from KES SP2 about file process error (Windows 10 1709): Application: Windows Explorer User: COMPANY\jbeluche (Active user) Component: File Anti-Virus Result: Processing error Object: GLOBALROOT\Device\Volume{8bbaee64-42f6-49a2-bfdf-4882767802db}\Team Drives\desktop.ini:user.drive.progress Reason: Read error These errors happen when I'm browsing the folders with file explorer or when a scan occurred. Of course, if I create an exclusion for the letter of the drive, the process error disappears. But as I can't guess the letter for the thousand computers in our network, it's not a suitable solution. Is it a bug because files don't really exist on the computer (Files on-demand)? If yes, is a patch coming out soon? Is there a workaround? On some others computers, Windows 7 (KES 10 SP1, each time the computer start, a quick scan occurred on the drive created by Google File Stream like it does when you connect an USB drive. Disabling "scan removable drives" would work but it's unacceptable as it means all USB key won't be scanned. Is there a workaround? Thanks for your help.
  9. Hello, We are deploying a new KSC (10.4.343) with KES 10 SP2 ( We have created an "Active" policy and an Out-of-Office policy (they are at the root of Manged devices). The device is in a sub-group where they are no specific policies. In the network agent policy, we have created a rule (Domain is unavailable) to detect when a computer is not in the coporate network and so it enables the Out-of-Office policy and change address to a KSC in our DMZ. This is working well except that when a laptop switches to the Out-of-Office policy, all settings are unlocked despite the lock icon is set on the Out-of-Office policy For the Active policy, it's working as intended: settings where the lock icon is set are grayed out on the same laptop when it's in the company network. We know that the Out-of-Office policy is correctly applied because if we change a parameter between the Active and Out-of-Office policy, it is correctly changed when the laptop switches is policy (for example, Web Anti-Virus is disabled for Out-of-Office policy and enabled for Active policy). Did we miss something? Or is it the normal behavior? Thanks for your help.
  10. Hello, I'm sorry, the user never gave me the requested information. If I manage to get them, I'll complete the thread. Thank you.
  11. Hello, We have connection issue between our users computer and a server using WebSocket. Computers are running Windows 7 with KES With this setup, the WebSocket started by the Java application is closed and the app is not working. If I disable the "Web Anti-Virus" task, the WebSocket can establish the connection and the app is running correctly. In the report, no information is logged except that the task has been disabled. The task uses the default setting: - Recommended selected (everything checked, medium scan for detecting viruses and light scan for phishing). - Block download selected - no trusted URLs defined Is there a way to have more information explaning what KES is doing to the WebSocket connection? And is there any parameters that are recommended to be set to improve WebSocket support? Thank you for your help!
  12. http://forum.kaspersky.com/index.php?showtopic=220849 I've contacted the technical support so I can't test it without their approval, but it seems to be answering our problem.
  13. I've upgraded our Kaspersky Administration Kit 8 to Kaspersky Security Center 9 and, since the update, the average CPU utilization for klserver.exe process and sqlservr.exe process is between 20% to 30%. The KSC9 is running on Windows 2008R2 in a virtual machine (ESXi 4.1) with 4GB RAM and 1 virtual CPU (X5560 @2.8GHz). The database is using Microsoft SQL Express 2008. I have searched the forum for similar problem but without success. If someone have any idea or solution, I would be grateful.
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.