Jump to content

george.h

Members
  • Content Count

    225
  • Joined

  • Last visited

1 Follower

About george.h

  • Rank
    Cadet

Recent Profile Visitors

404 profile views
  1. Sorry to contradict you Kirill, but "It is recommended that you use the latest version of KES (SP2, 10.3.0.6294), where this behavior is reworked." is wrong. We're running KES SP2 (10.3.0.6294) with KSC and NA 10.4.343) and is STILL happens. So, it may have been reworked, but it STILL happens and certainly has NOT fixed it.
  2. Why not just make the script available freely instead of requiring a support incident be raised via Company account? Especially as doing so WITHOUT the paid subscription (at additional cost) for support via there you just get moaned at for using Company Account (it has happened every time I did it just to upload traces before they started allowing them to be sent via ftp). Is it some state secret? Why not give out some details about what sort of circumstances and scenarios it occurs under? Or is that some utra-sensitive state secret as well? This "unprocessed" objects which refused to be cleared "issue" comes back time, and time, and time again with KES. I've seen it repeat virtually throughout the whole, almost five years, of managing Kaspersky at our company. It never goes away for long. But what do I care. I'm not sure if I can bothered with the machine I've had this issue on for the past (almost) week. We only have 14 days left on our licenses then were throwing Kaspersky out for good.
  3. This topic can be closed off. I will create two new topics to address the existing issues. I'll close off INC000007828983 as that was purely a mechanism to uploaded traces. Much appreciated George
  4. Hi Kirill, "Unrelated" is a matter of opinion and perspective. The key issue of this topic is "WOL unreliable" with random machines failing to be woken up for updates via WOL, or failing to run the task if on, and not shutting down afterwards reliably. The advice I was given was "upgrade to KES/KSC SP2" ( no version number given, which WAS confusing ). However, after establishing clearly WHICH version SP2 referred to ( KES 10.3.0.629 and KLNA/KSC 10.4.343 ) I followed it to have the WOL issue progressed. All the other issues are as a DIRECT RESULT of following that advice. If you wish me to split them off, fine. However, in my view they are related, related to following the advice from Kaspersky which directly caused them, namely: 1. One laptop repeatedly reporting multiple (initially 34 each time) "Object not processed" events - no answers provided. Fiixed by me by ripping out KES 10.3.0.629 and KLNA 10.4.343 complete using kavremvr and re-installing. 2. All four machines at the far end of a Watchguard BOVPN suddenly failing to update ever single time (after SP2 upgrade) from the Kaspersky Admin server. Every time failing with "Error in interaction with Kaspersky Security Center - failed to receive file" - actually reporting error 50. No answers provided to date. Temporary work-around of configuring update task to use Kaspersky Servers as an additional update source worked for several days before they ALSO suddenly started failing. Fixed only by modification of firewall rules, rules which had been working fine. And I STILL do not know if this even fixes the original issue. All I can say is WOL now behaves differently, yet again, to how it used to. Regards George
  5. I wonder, have you seen this:Kaspersky files antitrust complaint against Microsoft.
  6. Ok I've managed to get the four machines at the far end of our Watchguard BOVPN updating again, at least from Kaspersky's servers, by tweaking of the HTTP Proxy rules on the Watchguard T10 firewall on that site. It has more restrictive policy for HTTP responses where the body contents included Windows EXE/COM. By easing that slight (now set for AVScan as per the policy on our main M200 firewall) they are now receiving updates again, but still not as they should be. I added the Kaspersky Servers as an update source to the update task as a stop-gap measure, when I found that updating from our Kaspersky Admin server suddenly stopped working across the BOPVN after upgrading to SP2. That part STILL doesn't work, when it had been working fine prior to upgrading to SP2. The stop-gap measure had been working for about a week until that suddenly started to fail as well - yet no changes (until now) had been made to our firewalls. Clearly something has changed about the way KES/KLNA interact with the Admin Server (and Kaspersky servers) during the update process, but what? I still need that to work as allowing multiple machines on our internal network to obtain Kaspersky updates NOT via out Admin Server is not a solution.
  7. Hi Ivan, This is now becoming critical. The four machines at the far end of the Watchguard BOVPN have ONLY been receiving updates since being upgraded to KES 10.3.0.6294/ KLNA 10.4.343 (and KSC being updated to 10.4.434), by me adding in the Kaspersky Servers as an update source in addition to our Admin Server. Now TWO of the machines are persistently failing to update even from those. Instead they log a multitude of events such of the type below (which are only about a quarter of them) before failing all together: Event type: Network update error Result: Error downloading update files Object: http://dnl-09.geo.kaspersky.com/ Object\Path: http://dnl-09.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Event type: Network update error Result: Error downloading update files Object: http://dnl-06.geo.kaspersky.com/ Object\Path: http://dnl-06.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Event type: Network update error Result: Error downloading update files Object: http://dnl-16.geo.kaspersky.com/ Object\Path: http://dnl-16.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Event type: Network update error Result: Error downloading update files Object: http://dnl-08.geo.kaspersky.com/ Object\Path: http://dnl-08.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Event type: Network update error Result: Error downloading update files Object: http://dnl-19.geo.kaspersky.com/ Object\Path: http://dnl-19.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Event type: Network update error Result: Error downloading update files Object: http://dnl-01.geo.kaspersky.com/ Object\Path: http://dnl-01.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Event type: Network update error Result: Error downloading update files Object: http://dnl-12.geo.kaspersky.com/ Object\Path: http://dnl-12.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Event type: Network update error Result: Error downloading update files Object: http://dnl-14.geo.kaspersky.com/ Object\Path: http://dnl-14.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Event type: Network update error Result: Error downloading update files Object: http://dnl-07.geo.kaspersky.com/ Object\Path: http://dnl-07.geo.kaspersky.com/ User: NT AUTHORITY\SYSTEM (System user) Release date: 08/06/2017 9:33:00 AM Regards George
  8. I don't understand what you mean. This is this (single) local user account created by KSC on the server (CHL-FS-01 not a DC) upon which KSC is installed, and under which the KSC Administration Server runs. On the other hand, ripping out KES 10.3.0.6294 using kasrmvr, then ripping out KLNA 10.4.343 and re-installing the whole lot from scratch, does appear to
  9. Hi Konstantin, I've created traces and a GSI report on the affected Dell Precision M3800 laptop. However, before submitting those I thought, as this is the ONLY laptop to have exhibited this issue, it would be worth trying one last thing. So, I've used kavremvr v1.0.1194 (the newest I could find) to competely uninstall KES 10 SP2 (10.3.0.6294), then used KSC to remotely uninstall KLNA, and completely reinstall it from scratch. So far I've not had a repeat of any of the "object not processed" notifications. However, the acid test will be when it is first powered on tomorrow morning. After updating it's databases and doing a full scan I've left it shut down. Being a laptop isn't woken up via WOL for overnight updates and scans. I did get this notification during the re-installation which I've not seen before, but then all the other endpoints did not have KES and KLNA completely removed before upgrading: Event "Suspicious network activity detected" happened on computer CHL-FS-01 in the domain COLHOL on 05 June 2017 20:06:33 (GMT+00:00) Event type: Suspicious network activity detected Application\Name: Kaspersky Endpoint Security 10 for Windows Application\Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP2\ User: ****\******* (Active user) Component: Protection Object: 9D34V32.colhol.com Object\Name: 9D34V32.colhol.com Reason: The number of login attempts by the user CHL-FS-01\KL-AK-3B52CF9DDC87C0 exceeded 30 for 2 minutes during the period from 05/06/2017 19:51:32 to 05/06/2017 20:06:32. Is this normal (user name blanked out by me)?
  10. Any news on why none of the machines at the far end of our WatchGuard BOVPN can no longer receive updates from KSC since upgrading toKES/KSC to SP2? I provided traces, GSI reports etc on the 24th May. This is starting to become a real pain.
  11. Hi Nikolay, These are not "unprocessed objects" the are "not processed - skipped". It's quite hard to find any information of how to deal with them.
  12. I think I now have a handle on the spurious multiple "unprocessed objects" issue with the Dell Precision M3800 laptop. Looking though the end points logs it appears that for some reason it took KES a while to sort through and verify the authenticity and digital signatures of a number of system files. As it was able to verify each one, it elevated it's Application Control privilege into the "Trusted Applications" group. Once that had happened, each system file stopped causing an "unprocessed object" alert. The one remaining one is an update for NVIDIA: Event "Object not processed" happened on computer 9D34V32 in the domain COLHOL on 25 May 2017 13:00:49 (GMT+00:00) Event type: Object not processed Application\Name: Unknown User: NT AUTHORITY\SYSTEM (System user) Component: Application Privilege Control Result\Description: Not processed Object: C:\ProgramData\NVIDIA\Updatus\Packages000a139\CoProc update.22132285.exe Object\Name: CoProc update.22132285.exe Reason: Skipped So once that gets verified and elevated (manually by me perhaps), the Kaspersky issues for this laptop should be over.
  13. I should point out that I'm using the Company Account purely as a way of uploading the requested information. I'm not looking for support via that route.
  14. Thanks Kirill. I did notice that in the trace logs it was showing "error 50" beside the "Error in interaction with Kaspsersky Security Center". On the other issues - the laptop with the multiple unprocessed objects seems to have "settled down". At least it is now producing far fewer notifications. Best guess is that when I upgraded it to KES 10.3.0.6294/KLNA 10.4.343 it had to complete a full scan following the upgrade it was chucking out all sorts of spurious notifications. Doesn't fill me with confidence without knowing why - especially as it was the only machine to do it. Any thought on that?
  15. Hi Nikolay, I've created trace files for one of the machines giving the "Error in interaction with Kaspersky Security Center. Failed to recevie file", along with GSI report from the host. Uploaded to Company Account under INC000007828983 Regards George
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.