Jump to content

george.h

Members
  • Content Count

    225
  • Joined

  • Last visited

Posts posted by george.h


  1. Ever since our endpoints did an automatic upgrade to KES 10.2.4.674 (mr2) managing them under KSC just hasn't worked properly. KSC version ss 10.2.434.

     

    For instance some of the scheduled tasks no longer seem to run reliably, and if I browse to a PC in the management console, look at it's properties then tasks (where I'd normally manually trigger and update or virus scan) I keep getting prompted with "The application administration plugin is not installed. Do you want to......". I've downloaded the plugin (KSC10_KES10SP1) and tried installing it but it still doesn't work properly and if I go to another PC it gives me the same prompt again asking to install it

     

    Any ideas?


  2. Hi,

     

    Could you please confirm that host name correctly resolves to IP and backward?

     

    Could you please provide us with installation logs or with task report?

     

    Thank you!

     

    Hi Nikolay,

     

    Yes host name of the target PC resolved correctly between name and IP address both ways. As I said, if I turned File and Print sharing back on it worked perfectly. I'll see if I can find the install log from the original failed install.

     

    I am wondering though if this could actually be a Windows 7 firewall related issue? For instance with File and Print sharing turned on, lots of basic thing you would expect to work do, such as PING. However turning File and Print sharing off does a fair amount of firewall reconfiguration, including blocking PINGs. I have to manually create an inbound rule to allow PINGs (ICMPv4) if I wish to have File and Print sharing disabled but still be able to ping machines.

     

    I'm just wondering what ports the remote install for Network Agent depends upon which may, by default, be open with File and Print sharing enabled, but closed with it turned off, even though Public File sharing is still turned on. I do find it puzzling that when I turned File and Print sharing back on and re-ran the install task, it went straight to running Setup for Network Agent. Almost as if with File and Print sharing turned off it had managed to copy the files, but failed to start setup. What do you think? What ports does that require to be open?

     

    Cheers

    George


  3. Hello All,

    Please having a network of 20 windows server 2008 R2, 5 windows 2008, 115 windows 7 professional and 30 running windows xp professional.

     

    Please how many installation task do i have to create to install kes10 to all machines.

    Thanks

     

    Hi,

     

    If you have a single domain and single Kaspersky Administration Server, probably just one. If the machines are on different sub-nets you may need to create a manual install package for Network Agent and manually install that first on machines on other subnets.

     

    Give it a try first with a single task.

     

    George


  4. Hi,

     

    Are you trying to install Network Agents along with KES on machines by running KSC group task? Are you modifying DC policies in order to disable File and Print sharing?

     

    Thank You!

     

    Hi,

     

    Yes, as a newly rebuilt PC I'm trying to install Network Agent along with KES. File and Print sharing are manually disabled by logging on to the machine using a local account with administrator rights. It is not done using any GPOs.

     

    Regards

    George


  5. Hi,

     

    Could you kindly clarify what version of KSC and KES do you use?

    Are you saying that the problem is not in the product but in the DC?

     

    BR

     

    Hi,

     

    The versions are

     

    KES: 10.2.2.10535 mr1

    KSC: 10.2.434

    KLNA: 10.2.434

     

    The problem is that using the instructions for configuring Windows 7 clients to allow remote installation of KES via KSC - http://support.kaspersky.co.uk/6075 -only seems to work if File and Print sharing is ALSO enabled. "Public Folder sharing" and "File and Print sharing" are separate options in Windows 7 (both set under the sharing options for Domains).

     

    One quirk of Windows 7 is that having File and Print sharing on, unless you take corrective action, allows others on the domain to browse the Users$ share and potentially browse users documents on other PCs than their own. The simplest way of stopping this is to turn of File and Print sharing, but then you can't remotely install KES.

     

    Now I'm not sure if this is an issue in Windows 7 on domains, or a problem with KSC. If it is SUPPOSED to work with "Public Folder sharing" ON and "File and Print sharing OFF" then clearly something is not right. It could well be a Windows 7 problem that Public Folder sharing just doesn't work unless File and Print sharing is ALSO turned on. If that is the case then the KB article needs to be updated to reflect that. If it is NOT a Windows 7 problem and IS a KSC issue, then it needs fixing.

     

    From the way the install task failed (it took a while copying files before it failed) and the very short time it took after I had turned File and Print sharing on and restarted the task (it went almost immediately to installing KLNA), I wonder if the problem is not copying the files, but starting the installation once the install files are there.

     

    George

    ;)


  6. Has anyone came across the following situation:

     

    Windows 7 Pro PC just rebuilt and added to the domain. Public Folder (in domain) sharing is turned ON, Network Discovery (in domain again) ON, File and Print sharing (in domain) turned OFF (stops everyone browsing each others User$ shares).

     

    According to the info I've found remote install should work with just the Public Folder sharing enabled. However I can't get it to work unless File and Print sharing is ALSO turned on. The install fails trying to install the network agent saying the PC is turned off.

     

    Any ideas?

     

    For the moment I've just turned File and Print sharing back on to get KES installed.


  7. Hi,

     

    Thank you for that info.

     

    We will be waiting for your reply!

     

    I Nikolay,

     

    Removing the last traces of AVG Free made no difference. I've now created the two GSI reports (one from each machine). I've also created a Company Account to submit a support request so that I can upload to two GSI reports (since I can't upload them here).

     

    I've FINALLY managed to get the incident created - INC000005040905 - and attached the two GSI reports.

     

    I have to say your incident reporting system is pure garbage! That is one of the worst, most unfriendly, and clunky systems I've ever encountered. It took me nearly 20 mins to figure out how to attach files. Much of that because it took SO LONG before the Java applet finally started (on a 3.3GHz iCore 5!!!). You should also be aware that we like a lot of companies are on the verge of ditching Java on client machines. Partly because of Oracle's policy of pushing crappy Yahoo out with updates, partly because it is frankly a waste of time and a bigger security risk than it is useful.

     

    Seriously, that system is a BIG disincentive to reporting issues that way..... You can't even copy and paste the damned incident number from it easily! I had to wait for the confirmation email to do that.

     

    Stupid stupid system....


  8. Hi Artem,

     

    No problem. I'll run the GSI tool on both machines for you when I get into the office in a couple of hours and upload them both (if possible).

     

    One quick thought, which may be relevant, because we had run out of Kaspersky licenses both of these machines had been running AVG Free. When we renewed our licenses in August this year we increased our license count from 14 to 21, then uninstalled AVG Free before installing KES/KNA 10.

     

    Regards

    George

     

    Hi Artem,

     

    Erm, how do I upload even one GSI report? Even WIHOUT the Windows Event Logs it is almost 2MB in size and the very miserly upload limit here is a fraction of that?

     

    George

     


  9. Could you provide us GSI report from one of the problem laptop?

     

    BR

     

    Hi Artem,

     

    No problem. I'll run the GSI tool on both machines for you when I get into the office in a couple of hours and upload them both (if possible).

     

    One quick thought, which may be relevant, because we had run out of Kaspersky licenses both of these machines had been running AVG Free. When we renewed our licenses in August this year we increased our license count from 14 to 21, then uninstalled AVG Free before installing KES/KNA 10.

     

    Regards

    George


  10. Could you clarify, All these computers (with XP, with 7 and KSC) have the same time and data?

    These laptops and computer that have successful task run. Are they working under one policy? Could you provide us this policy?

    Also we need GSI report from the problem laptop.

     

    What about the first problem, did workaround help?

     

    BR

     

    Hi Artem,

     

    Yes both of the laptops, along with all of our other PCs, have the correct time and date. This is obtained from our domain controller (configured as the authoritative network time source) following DHCP which itself gets the time from the UK NTP pool.

     

    All of the machines are running under a single policy in the root "Managed Computers" container. The machines themselves are in two sub-containers for our two locations. The two laptops in question are in the same container as eight other machines which all appear to work fine.

     

    I've attached both the top level default policy and "Install Update" task.

     

    Regards

    George

    Colour_Holographic.zip


  11. Hi,

     

    Unfortunately there is no such option to delay starting missed tasks, but as workaround you can use randomization time for missed tasks, for example 5 min.

    It should solve this problem.

     

    BR

     

    Thanks Artem.

     

    I've now checked this on two of our laptops. Both were switched on at about 10:30am. Neither attempted to run the missed "install update" task. In addition BOTH machines were on and connected to the network at the normal 11:00am time for the scheduled update task to run. Neither of these machines ran it, yet all of our other machines did. I've looked in the Kaspersky event logs and there are no errors showing. The time and date on both laptops is correct (picked up from the domain controller).

     

    I restarted both laptops at around 11:45am and again NEITHER ran the missed update task. The Install Update task itself is deployed from the top level Managed Computers container and was successfully deployed to all machines.

     

    Any ideas why these two machines are neither running missed tasks NOR running the scheduled update task at the scheduled time.

     

    One is running Windows 7 Pro 32 bit and shows it last running the update task 4 days ago, the other is XP Pro (SP3) and both show the "Install Update" task next due to run on 03/09/2015 at 11:00am, even though it is 08/09/2015 today!

     

    All machines are running KES 10.2.2.10535 (mr1).

     

    KSC is 10.2.434.

     

    Interestingly the XP machine began to run the update task at 12:01!

    Both also appear to have an issue with the Virus Scan task as well.


  12. Hello,

    no, KL products do not have such behavior.

    Thank you.

     

    Thanks for confirming that Dmitry. Some of your competitors products are a real pain because the DO have such behaviour LOL!

     

    What I am finding though is because the machines that "miss" the scheduled updates are all laptops, when they do get switched on they generally connect via WiFi. What I think I'm seeing, and am trying to confirm, is that because it takes a little time for the WiFi connection to come up and get established, the "run missed update task" fails because the network connection is not ready when it runs.

     

    If this happens, how many times (or for how long) does the update task attempt to connect to the update servers (either KSC or Kaspersky's own) before it gives up?

     

    Also, how soon after the machine starts up does Kaspersky attempt to run any "missed tasks"?

     

    Is there any way of incorporating a delay to allow time for a WiFi connection to become established before running a missed update task?

     

    Best regards

    George


  13. Hi,

     

    Please clarify what do you mean exactly by multiple "schedule slots"? Please provide us illustrating screenshots if possible.

     

    Thank You!

     

    Hi apologies for the late reply. I'll try to explain using the following example.

     

    At present I have updates configured to run every 12 hours at 11:00am and 11:00pm. If the user is not in for a couple of days and his laptop remains switched off, it could miss four "schedule slots" for:

     

    Day1: 11pm update (1 slot missed)

    Day2: 11am update and 11pm Update (a further 2 slots missed)

    Day3: 11am update - user gets in 11:45am (the further and final slot missed)

     

    I've seen some anti-virus software which when the machine IS switched on would then attempt to run FOUR updates either simultaneously or FOUR one immediately after the other, one update for each scheduled update it has "missed". This can obviously create resource problems on the laptop. However I have NOT seen this behaviour with Kaspersky.

     

    What I am seeing however is not always running the missed task. I'm currently trying to figure out why, if it a network connection issue or something else

     

     

     

     


  14. Hello.

     

    From your description, it would appear that "Run missed tasks" option ("Schedule" tab) was previously cleared, and now it is checked. Please see if that is the case.

     

    Thank you.

     

    Hi Kirill,

     

    Yes it was ticked! I obviously missed it. ;)

     

    Presumably if multiple "schedule slots" for a single task are missed, because it has been off several days, only a single instance of the task is queued for execution when the endpoint does get switched on?

     

    I've seen other anti-virus software (not Kaspersky) that appears to queue an instance of a missed task for every schedule slot that is missed! So if it missed 4 scheduled executions it attempts to run 4 instances when it is switched on, which can cripple the PC.


  15. Hi,

     

    Since upgrading our network from KSC9/KES8 upto KSC/KES10 (and yes "Unprocessed Objects" DOES work MUCH MUCH better in 10) I've noticed some interesting behaviour from the default Install Updates task.

     

    Under KSC9/KES 8, when operating under a policy, if an endpoint was not connected to the network (switched off etc) at the scheduled update task time it did't get the updates (database updates etc). It either had to wait until the next scheduled update time or I had to use KSC to manually start the update.

     

    Under KSC/KES 10 I've noticed that when I do a remote wake up of endpoints that were switched off at the time the "Install Updates" task was scheduled to run (currently 11am and 11pm), the first thing they seem to do is run the update task. At the moment there is just a single global Install Updates task for all managed endpoints and a single policy for all managed endpoints.

     

    I'm wondering if someone could clarify if:

     

    1. Is this a new default behaviour?

    2. If so what are the parameters for this? i.e. does it always happen or is there a time "window" in which it will happen etc?

    3. Are there any options to control this in KSC? I happen to like it but some control over it would be nice.

    4. If there are option in KSC to control this behaviour where can I find them? I've looked but can't find anything in either the Policy settings or the Install Updates task settings. Of course I could be being blind LOL!

     

    Much appreciated.

    George


  16. Update settings for mobile mode section, you can adjust the settings that are applied when running the update task if no connection is established between the computer on which the application is installed and Kaspersky Security Center. other way you can create a out of office policy (triggers only if clients is disconnected from the KSC or 3 synch with server fails) for laptops and allow the local task to be displayed then local update task (inbuilt) will run automatically, in my opinion it does not harm the system security. Once the client is back in the office the "Active" policy will automatically applied which then hides the local tasks.

     

    i hope it helps you!

     

    Thanks Hafeez! That is a very interesting suggestion, I'll give it a go. Having said that I've noticed some interesting behaviour with the default "Install Updates" task - but this thread is not the place to discuss it. I'll raise a new topic in the main forum for that.

     

    Cheers!

    George


  17. At the moment KES 10 clients operating under a KSC 10 policy can't manually run updates. Users who, for practical reasons, keep missing scheduled updates across the network can therefore end up quite out of date. Their only option is to ensure their machines (usually laptops) are on the network at one of the scheduled update times, which may not always be possible without them causing a great deal of grief for network admins.

     

    I'm aware that I can go into a policy under Advanced >> Application Settings and tick "Allow local tasks to be displayed and managed". However this also gives the user full access and control over the tasks settings - which is WAY too much. I would like more granular control so that I can allow a user to RUN certain local tasks manually, but NOT alter any of the settings.

     

    This will allow these "awkward" users to keep their machines up to date manually even when they, for practical business reasons, keep missing the scheduled updates.

     

     


  18. Is there any way of allowing a user to manual run an Update task from the client interface of KES 10 WITHOUT allowing them access to the settings for the task? I ONLY want to be able to allow them to run it, not change it.

     

    I'm aware of the "Allow local tasks to be displayed and managed" setting under Advanced Settings >> Application Settings in the policies, but this I feel gives TOO MUCH control. It seems to only give the option of they can't do anything or they can do everything including screwing around with the update task settings.

     

    Much appreciated

    George


  19. Hello.

     

    Thank You for the information provided.

     

    Could You please specify, can we mark the topic as solved?

     

    Thank You.

     

    Hi,

     

    I've been monitoring things for 7 days now and I'm happy that it all appears to be working. It will take a while for me to get used to the differences between KSC9 and KSC10 though.

     

    This incident can now be closed.

     

    Many thanks for you help.

     

    Best regards

    George

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.