Jump to content

alioven

Members
  • Content Count

    33
  • Joined

  • Last visited

About alioven

  • Rank
    Candidate
  1. Hello, After around two hours the server finished the upgrading process and it showed events about being overloaded for another hour, but it finally started working, seems it was just a matter of time due to heavy load. Thank you, regards! (it can be marked as solved)
  2. Hello, We are in the process of upgrading our KSC 10 to version SP2 (10.3.407). After installation the event log shows "Updating administration server..." and it doesn't seem to complete such process. We have tried to apply the patch indicated in https://support.kaspersky.com/13049 but the download link sent to our e-mail is not working (404 not found error). Is it possible to obtain the private fix referred in the above link by direct message or similar? Thank you very much, regards.
  3. Those two are not related to the exclusion case for the java updater. We use a tree of policies which have different Trusted Applications based on the group where the workstations sit, but the list of T.A. is global for easier maintenance, witch checks enabling the suitable set for each branch of groups. The two Java lines in T.A. are the real Java engine for the developers, but the case we are reporting is a Scan Exclusion on a particular file of an installer, outside of the path of the main Java programs. The "java_sp.dll" file that is giving the Asparnet alert resides in a separate path, not located in Program Files. However... today Kaspersky is not giving the alert over java_sp.dll, with our without exclusions enabled. May be the signatures have been updated to whitelist this Java update? Update: just tried again without any exclusion or trusting applied, even doing a full manual scan of the file (which always saved the event in the Reports, even if not showing an alert popup like the background module does) and it doesn't detect anything at all with today's signatures.
  4. Sure, re-created it from our standard one, same mask as in the .cfg. Bear in mind that it has two sub-policies that are assigned by conditional tags but both the main and the sub-policies have the same mask assigned. Just tested it again for detection, also. Regards. java_sp_mask.zip
  5. Attached the traces (level 500) and the local active .cfg. It includes also other usual options on our workstations for easier replication of the test. The mask used in this sample was "*.Asparnet.*" but the result is the same with the other cases we tried, including the full exact original name in the alert. Filename: E:\_cosas\jre1.8.0_111\java_sp.dll Best R. asparnet_mask.zip
  6. Hello, We always test it locally first (with disabled policy) and double-check later on using server policies and ensuring the test station is synchronized. On both cases, the exclusion is applied on the workstations and it works when adding the file exclusion but not with object-type. Regards.
  7. Hi, Yes, sorry for not listing it at first, we started by using that exact alert name and the "WebToolbar.Win32.Asparnet.gen". After seeing it doesn't work, we started with the smaller variants and masks. Last one we used was "*A*" just to check such a broad range and it still gives the alert. Thanks.
  8. Hello, The latest Java update, v. 8-u111, is generating an alert on KES 10 SP1mr3 due to the detection of the Ask Toolbar included in the package. The alert points to one of the files created during the setup process of the update, regardless of the web toolbar being marked to be installed or not together with Java. It shows as a red warning, generated heuristically by the file antivirus module, with the detection: "not-a-virus:WebToolbar.Win32.Asparnet.gen" and it doesn't stop the installation process, but it is scaring many of our users. We've tried to hide it by adding a Scan Exclusion. At first we used the Object Name (virus name) option, but no mask has worked for us so far (Asparnet, Asparnet*, *Asparnet*, WebToolbar.* and many others, even *A*). As a workaround, we have made a file ("java_sp.dll") exclusion but we would prefer to not use such an open condition and refine it with the Asparnet-type condition. The old Kaspersky Watchlist link on where we used to check definitions and names is not working (https://www.kaspersky.com/me/viruswatchlite) and a search on Kaspersky Threats (threats.kaspersky.com) doesn't give a result. We wanted to check if the Win32.Asparnet has another name that could be used in the mask for the exclusion. Our questions: a) Is there still a link where to check recently added exact definitions and virus names, just like the old Watchlist? What is the possible problem with the Object Name exclusion we are trying to implement? Could it be related to the heuristical detection not using the Object Name mask because it is not a real signature matching? Link to download the file that generates the alert (password for the .zip: "virus"): https://drive.google.com/open?id=0BzydHftRI...eklwUlZyazcwUms Regards.
  9. Thank you very much, Kirill, downloading it atm. (had used the lite package previously)
  10. Hello, How do we do a standalone installation of the mmc management console with KSC 10 SP2 (10.3.407)? Installing it in an independent administrator workstation offers to install the whole KSC package but no mmc console option is shown for selection. In previous versions the installer for mmc console was available in the folder structure of the installation package but now there is an unique .msi file and we cannot install the package now. Regards.
  11. Hello, After confirmation from Technical Support about a fixed optimization related to the backup process, we are adding here a request for feature: "Allow to define in the server backup task the option to do (or not) disk space de-allocation when using SQL Server". Extended details available in https://forum.kaspersky.com/index.php?showtopic=349269 Regards.
  12. Hello, We guessed so. We've created a case in CA, INC000006061628 (in spanish) similar to the post above, it is still awaiting Technical Support reply, we will ask them to forward this as a future feature then. Thank you.
  13. Greetings, This is a question about the backup function in KSC 10 (current version 10.2.575, patched). This is using a SQL Server database on a remote server. When KSC starts the backup, it does a big transaction that duplicates the database size while, we guess, it cleans up old events and data. After this, it saves the database to disk and then the files related to KSC. We've observed that after the database backup preparation is done, KSC cleans up the big transaction and then it makes SQL Server unassign the disk space allocated. This leaves SQL Server with little room for the next day new events and data and triggers its automatic growing function that will allocate again disk space for the data that is added in the next day. For example: - Prior to backup: Data size: 8 GB, Disk space allocated for DB by SQL Server: 10 GB (data and logs) - During backup: Size is doubled, disk space allocated extended by the same proportion. - After backup: Data size: 7 GB, Disk space allocated: 8 GB (KSC made SQL Server unassign the other 8 GB it used during backup). Our IT department has their own control and optimization scripts for our SQL Server infrastructure, and this "optimization/clean up" by unassignation of disk space that KSC is forcing over SQL Server conflicts with those scripts. Also, this makes SQL Server assign new disk space every day when new data is collected from the workstations and it slighty affects the performance of the database due to small pauses to allocate the disk space and the subsequent fragmentation it causes. We understand KSC will clean up the database again at night backup but we would prefer to control this feature ourselves using our own SQL Server administration scripts. Is it possible to control this final step of the backup function and disable the disk space de-assignation? The GUI has no option for this but may be the developers have some hidden control for it. If this is not implemented, could it be suggested for a future version of the product, please? Kind regards.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.