Jump to content

george.h

Members
  • Content Count

    225
  • Joined

  • Last visited

Everything posted by george.h

  1. Why do I get this sinking feeling that I'm still going to get the same dreaded "unprocessed objects" problem now that I've upgraded to KSC10/KES10? :dash1: :angry:
  2. I've a suggestion for Patch Management.... Scrap your current naming convention of "Patch A", "Patch B", "Patch C" etc. and adopt something more sensible along the lines of Microsoft's KBxxxxxxx. At least when they issue an update you can be sure which one is being referred to as, as far as I'm aware, the KB identifier is unique. This Patch X is frankly absurd. In upgrading from KSC9/KES8 to KSC10/KES10 I came across TWO "Patch C"'s for KSC 10 and they were NOT the same!!!! That is just stupid. George
  3. Well so far everything is now working fine. Now I just need to wait for my first crop of "unprocessed objects" to find out if the promises of that issue being fixed in KSC/KES 10 are true. From what I've read elsewhere on here I'm NOT looking forward to finding out. P.S. Will Kaspersky PLEASE fix the stupid lack of line-wrap when entering posts! Trying to edit a 3KM long line with NO HORIZONTAL SCROLL BAR because the text doesn't line wrap is a ROYAL PAIN!
  4. Oh dear.... I'm not looking forward to my first batch of "unprocessed objects" after upgrading to KSC 10.2.434 and KES 10.2.2.10535 MR1. Especially after being promised that the problem was fixed in 10.... It isn't sounding good... I hope I find out soon as the licenses expire in 31 days and I'd like to know BEFORE I decide to go and renew them. It is one problem I'm fed up with.
  5. Which version of KSC (Kaspersky Security Centre) are you running on your admin server and what version of KES (Kaspersky Endpoint Security) on your workstations? Certainly using KSC 9 to manage KES 8 on workstations "unprocessed objects" were (are) a major pain. The only way to clear them seems to be to manually clear them out from the user interface of Kaspersky on each PC (on the Reports tab under Unprocessed Objects) - I use MSTSC (Microsoft Remote Desktop client) to do it remotely. You then have to wait a while (an eternity sometimes) for KSC to register the fact they've been cleared. Sometimes (!?!??!!) this can be helped along by rebooting the affected workstations and at some point rebooting your admin server as well. However I've yet to see an adequate explanation of why this is, why it seems takes so long for them to disappear, and why there seems to be no reliable sequence of actions guaranteed to clear them out quickly. This is not helped by the fact that quite a few "unprocessed objects" can be false positives from legitimate software such as Aomei Backupper installer and Brother Control Centre 3. Having just upgraded to KSC and KES 10 I'm waiting to see if that is any better.
  6. KES 10.2.2.10535 MR1 has now been successfully installed and updated on the admin server WIHTOUT cutting it off from the network. This time NO ADDITIONAL NIC drivers appeared and everything seems to be running properly. One thing I did notice. Immediately after installing KSC 10 a Microsoft update appeared - Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB2957482). I did not install that before attempting the first installation of KES although that seemed to work OK until the server was restarted. Second time round I applied the Microsoft update BEFORE attempting to re-install KES. I've no idea if that might have any bearing on why the first installation tried to install two duff NIC drivers and killed all network services on it. Anyway I'll be monitoring things closely over the next few days. George
  7. Hi, Well what I found when I was physically in front of the server was that it was up and running! W2K3 was running although I had to do a restart to get the keyboard and mouse to work (I notice line-wrap has stopped working on here again!) - but that is a well known issues with Dell machines when using Belkin Omnicube KVMs. If the machine isn't the selected one when it starts up the BIOS fails to recognise the keyboard and mouse via the KVM. Anyway once I logged in I found the problem! KES has installed two NIC drivers in additional to the normal NetXtreme Gigabit NIC. The original one looked OK in device manager, but the two Kaspersky ones both had yellow warnings saying they were not working. Bottom line is that they had completely cut the server off from the network in the OS. Network connectivity was fine to the BMC using the same NIC! Going into a command prompt IPCONFIG should NO ADAPTORS at all and NO NETWORK information. I uninstalled KES 10.2.2.10535 mr1 then restarted. Normal network connectivity returned and the two Kaspersky NIC drivers had gone. After running the update task on all the endpoints to bring them up to date, I'm now reinstalling KES on the admin server. I'll post another update once that has finished. Does anyone have any ideas why line-wrap when entering posts on here works sometimes (which is fine) but doesn't at others, which is a ROYAL PAIN! George
  8. Well something associated with either Patch C, or the update from KES to 10.2.2.10535 MR1 to KES to 10.2.2.10535 SP1 MR1 (which was the last task I performed on all of the endpoints including the management server using the task already created during installation of KSC 10) has broken the admin server, and possibly one XP workstation. I'm not in the office for another 2 hours so I can't say exactly what has happened, but I've now also used the Dell BMC IPMI Tool to remotely power cycle the server and it is still completely unresponsive. I've also remotely powered it off, left it for a while, then remotely powered it back on and no change. So that leaves one of three things: 1. It's Blue Screened or hung in some other way while starting up following the restart for the KES update or Patch C 2. It HAS started up but for some reason isn't talking to the network - the network hardware and connection is working as the same NIC is used for the BMC (baseboard management controller) that I used to remote power cycle it. This MIGHT also have a bearing on the strange behaviour after installing Patch C, but before restarting for the KES update, where the KSC application couldn't connect to the admin server (on the same server) using "localhost". 3. Some purely co-incidental hardware failure preventing it from starting up. I'll do an update when I know more. However I would appreciate some feedback on this "localhost" issue. I.e. any ideas why after installing Patch C KSC couldn't connect to the admin server via "localhost"? George P.S. At least someone seems to have fixed the line-wrap issue when entering/editing new posts! Thanks!
  9. Thanks Dmirtry. That one installed OK. However, when I tried to start the Kaspersky Security Centre application it consistently failed to connect to the admin server using the original settings of "localhost". I had to change it to the actual server name for it to connect. Is this an intended change? I think you can understand my frustration with the patch naming convention when that is already TWO "patch C"'s for the same product which is rather ridiculous. EDIT: After installing the patch the server was asking to be restarted to complete the update of KES to 10.2.2.10535 MR1 so the last thing I did was initiate a restart and now the server isn't responding at all, not even to PINGs. There is nothing I can do now until I get into the office tomorrow to see what has happened. I just hope this hasn't caused it to Blue Screen. I've a nagging suspicion that on of the old XP workstations has done the same with KES 10.2.2.10535 MR1, but agian I won't know until I get in tomorrow.
  10. Hi Helmut/Dmitry, I've now got it all up and running. It was less hassle, as I mentioned earlier, to just rip out KSC 9 completely and install KSC 10 from scratch. I've now completed that and rolled out KLNA 10 and KES 10 to all of the endpoints successfully. It will probably take a little while for things to settle down and for me to be sure it is all running smoothly with updates running and that all the outstanding patches are installed (please see my previous point about patch naming - I'd appreciate some official feedback on that). I've tried looking for Patch C for KSC 10 and all I could find is Patch_10_1_249_server_c.zip. Is that the correct one? If so I tried running it on the admin server and it bombed with "Incompatible version". Any suggestions? Much appreciated. George
  11. Thanks Helumt I appreciate your views. However as we are only a small company with relatively few workstations (<20) I really see nothing of any value in the existing databases to preserve. The ONLY thing that may have been of value are the policies which you are advising not to use. That sounds to me like there IS NO migration path from KSC 9 to KSC 10 and the cleanest and simplest solution is to rip everything out and start again. I just wish Kaspersky would grasp the nettle and be honesty about it! That and STOP this stupid patch naming convention of Patch A, Patch B etc. It really is archaic and meaningless. Every patch should have a UNIQUE identifier. How many Patch C's have there been??? Do Microsoft (for all their sins) issue 14 different updates all with the same name (KB134546 for example)? No they don't...... I'm going down the rip it out and start again..... Luckily our licenses are due for renewal mid August and so far Kaspersky isn't looking favourite....
  12. Hi Helmut, So what you are saying, basically, is don't bother trying to do an in-place upgrade - rip out KSC 9 and install KSC 10 from scratch. Re-create all the policies and tasks from scratch. Then rip out KES 8 and install KES 10 from scratch. Is that correct? If so then, what you are really saying, is there is NO migration path to KSC 10. Rip everything out and start again? Then I think KB ID 9315 should be removed and replaced by the truth.....
  13. Hi Helmut, Will that migrate my existing policies and groups in the process? Regards George
  14. Hi, I'm trying to migrate our Kaspersky Admin Server from KSC 9.3.75 (the current version) to the current version of KSC10 (KSC10.2.434en.exe). Before trying this I read KB ID 9315 so followed the procedure in that to do an "in place migration/upgrade". Everything seemed to go OK and it started to do the install. The first task on it's list was something about removing the old version (I didn't take a close note of exactly what it said). After a while it gave that item a green tick and moved onto the second, Upgrading Administration Server. After a while that stopped and said it could not complete as it had encountered an error. No indication of what the error was. So I tried again (as it recommended). I got to the same point, although it didn't list the first task and went straight on to installing/upgrading the Administration Server. This time there was only a very short delay before it bombed with the same problem. I've tried it four times in total and all end the same way. The third and fourth were done with KES8 on the server shutdown. No difference. I went though the event logs but couldn't find anything. I did eventually find some logs in the Windows\Temp which I've attached. I've also attached some screen shots of the process I've been through - I missed the screen shot of backing up the current Admin server. The Admin Server itself is running Windows Server 2003 STD 32 Bit SP2 with all current updates applied. Other than acting as a low usage file server it's main roles are as a secondary DC, WINS and internal DNS server and being the Kaspersky Admin Server. Yes I know 2003 is almost dead (brand new Windows Server 2012 R2 STD box arriving this week), but until the new server is ready to replace our primary SBS 2003 server AND this one, this box is going to have to remain our Kaspersky Admin Server for a little while. Anyway any help/suggestions would be much appreciated! George P.S. Could someone fix the dreadful topic entry/edit? The lack of auto-wrap when entering text is dreadful and trying to edit the text of a single 3KM long line (with NO horizontal scroll bar!) is a REAL pain. Come on guys, surely your forum can do auto line wrap when entering the text of a post? KSC10_Setup_Install_Errors.zip
  15. Hi, Leaving "do not disconnect from server" ticked for this PC in KSC had not made any difference after over 12 hours. It has now cleared and went back to green but that was after: 1. Rebooting the client PC 2. Rebooting the admin server (a Windows 2003 server box!) 3. Waiting another 12 hours! This is far from an acceptable behavior for this. Clearing the unprocessed objects from the client should result in it showing as cleared in KSC at the next contact with the admin server, not after over 48 hours (in the case of on of the two PCs) and over 12 hours after rebooting both the PC AND the admin server (the second PC). This is an issue which has been raised multiple times over the life of KES 8/KSC 9 and has never either been properly explaind (in terms of how has happened or even how it is meant to work) nor fixed. Luckily I only have a couple of server and a dozen or so PCs.... God help anyone who gets this problem (as they have in the past) and have hundreds or thousands of PCs.
  16. Thanks I'll give that a try and see what happens. I did double check on the problem PC if there was any trace of the problem objects but no there isn't. On the client the infected emails had been deleted (and from the deleted items folder), the event logs had been cleared and showed no indication of unprocessed objects and the there was nothing showing on the client under either unprocessed or quarantined objects. I'll force a restart on the PC later this evening (when the user has gone home).
  17. Interesting development over the weekend. After over 48 hours one of the two machines has went from showing amber and "Unprocessed Objects" in KSC to green. The other is still showing an amber warning and "There are unprocessed objects". This is particularly interesting as nothing has changed on either of the two PCs.
  18. Hi, I'll look into this but it would be far from an acceptable solution. Unless I have misread things I'll need to update all my client PCs to KES 10 and update my Kaspersky server to KSC 10 as well. If correct then that is hardly a "work-around". Certainly not the sort of task I'd want to do when about to start an Office 365 migration and then migrating our main servers to 2012. Regards George P.S. Off-topic a bit but when creating/editing a post (IE 11) why does the text I enter not "auto-wrap". It is rather a pain to have to scroll all the way to the end of a very long line with not horizontal scroll bar.
  19. Hi, As per my original post, KES is 8.1.0.1042 (apologies for typo in original post), KSC is 9.3.75 as is Kaspersky Network Agent. We have a major server upgrade in the pipeline so I will not be looking to upgrade to KES 10 until after that - if at all. I'll take a look at the two links and get back to you. Regards George P.S. "actual versions" ??? EDIT: I've just checked out the two links you kindly posted. However all they do is confirm that this is a problem which has NEVER been fixed. There are no proper solutions in either. 8.1.0.1042 is already beyond CF2 and PF4 was installed. STILL doesn't fix it. Also I get the distinct impression that it is still an issue in KES 10.
  20. Every so often this thorn keeps cropping up. We've recently seen a number of dodgy email come in with suspect attachments - the usual xxxx.ZIP containing what appears to be a PDF file but is actually an executable. First of all of the three incidents so far only the second was flagged by Kaspersky (taking your eye off the ball?). The others were contained/prevented by staff diligence. The actual threat when eventually detected (after the next 12 hourly update) was: Event Threats have been detected happened on computer 66DLPZ1 in the domain COLOURHOLOGRAPH on 15 May 2015 6:43:33AM (GMT+00:00) Event type: Threats have been detected Application\Name: OUTLOOK.EXE Application\Path: C:\Program Files (x86)\Microsoft Office\OFFICE11\ Application\Process ID: 4028 Application\Options: "C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE" Component: Mail Anti-Virus Result\Description: Detected Result\Type: Trojan program Result\Name: Trojan-Downloader.Win32.Upatre.mdp Result\Threat: High Result\Precision: Exactly Object: [From:David Fuentes][subject:Document for May 5][Time:2015/05/06 08:32:39]//may.zip//jnzic.exe Object\Type: Email attachment Object\Path: C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE Object\Name: jnzic.exe The particular even above was from the third incident when KES (8.1.0.1024) eventually flagged it the next day. The problem is this. I now have two machines which are showing the dreaded "Unprocessed Objects". I've gone onto the workstations themselves, cleared out the unprocessed and any quarantined objects. I've ensured the emails containing the attachments have been deleted AND deleted from the Deleted Items folder. However they STILL (over 24 hours later) are still showing "unprocessed objects" in KSC (9.3.75) - Kaspersky Network Agent is also 9.3.75. All workstations are running Windows 7 Pro 64-bit. So HOW THE HELL do I get rid of the "unprocessed objects" warning for these machines in KSC, without having to faff around a lot? This to me has NEVER been adequately addressed by Kaspersky and would appear to be just as bad in KES 10, judging by the posts on the forum. Are Kaspersky EVER going to fix this properly and, even better, allow it to be cleared from KSC without having to touch individual workstations. Our licenses are coming up for renewal in August so the answer to this is going to determine if we renew (and upgrade to KES 10) or go elsewhere.
  21. Interesting that the last anti-virus database was created on 20/06/2014 and the last anti-spam database was created on 13/05/2014. But as I said, all going to be moot as I need to get our mail off Exchange 2003 so we can finally (!) complete our migration to Windows 7 Pro 64-bit and Office 2013.
  22. Hi Helmut, Thanks for the definitive answer which explains what I'm seeing. Interesting how one of Kaspersky's resellers quite happily sold us (via WickHill) a new 12 month license for this on 20th June 2014 - didn't say a word about it being End of Life and no more database updates as of 31/12/2013. That I find quite annoying - that Kaspersky (albeit via their authorised resellers) will quite happily take money and issue licenses for an end of life product. Hmmm... It will be a moot point soon anyway when we decommission Exchange 2003 and move to Exchange On-Line.
  23. Hi, I've just noticed that Kaspersky Security Centre 5.5 for Exchange Server 2003 (SBS 2003 actually, Exchange version is 6.5.7654.4) has been logging the following error every time it tries to update the anti-spam database (every hour): Update resulted in an error, anti-spam database has not been updated: compilation failed. (screen shot attached) It seems this error has been going on for quite some time. I've been trawling through the KB and posts on the forum and tried the action listed in KB articles 4556 and 1980, but neither have worked. Does anyone have any further suggestions? Officially support in the UK is provided through Wick Hill, but frankly I may as well stick it in a bottle and throw it in the sea - that is more likely to get response before they give one. Attached is a screen shot of the last manual update I tried and a diagnostic log from yesterday. The following lines in the log appear to stand out: 16:28:56: Getting user defined sites information from file 'C:/Program Files/Kaspersky Lab/Kaspersky Security for Microsoft Exchange Server/sites.xml' (using <site2> tag) 16:28:56: Read from file failed, because unable to open 'C:/Program Files/Kaspersky Lab/Kaspersky Security for Microsoft Exchange Server/sites.xml', last error 2 16:28:56: Failed to read XML sites configuration file 'C:/Program Files/Kaspersky Lab/Kaspersky Security for Microsoft Exchange Server/sites.xml' 16:28:56: Failed to get user defined sites information from file C:/Program Files/Kaspersky Lab/Kaspersky Security for Microsoft Exchange Server/sites.xml 16:28:56: Getting user defined sites information from file 'C:/Program Files/Kaspersky Lab/Kaspersky Security for Microsoft Exchange Server/asbases/transport/updcfg.xml' (using <site2> tag) 16:28:56: Read from file failed, because unable to open 'C:/Program Files/Kaspersky Lab/Kaspersky Security for Microsoft Exchange Server/asbases/transport/updcfg.xml', last error 2 16:28:56: Failed to read XML sites configuration file 'C:/Program Files/Kaspersky Lab/Kaspersky Security for Microsoft Exchange Server/asbases/transport/updcfg.xml' 16:28:56: Using hardcoded source list Kaspersky Security Centre version is 5.5.1388.0 Any help would be appreciated. George _UPD.LOG
  24. Unfortunately I don't think so. When I tried to reproduce the problem to capture the event logs and other information, I don't think I allowed enough time for the unprocessed object to register with KSC on the server before I cleared it on the endpoint. So now I have to find another opportunity to commandeer a endpoint PC to try again. George
  25. Will do..... Typical though, I've just tried reproducing it and couldn't. I could get the "Unprocessed Object" notification email ok (I'm configured to receive these) but I think I may have cleared the unprocessed object of the client PC too quickly as when I went into KSC there were no unprocessed objects showing. I'll have to uninstall the test software, retrigger the unprocessed object event then wait for it to appear in KSC. Then I'll be able to try clearing it on the client PC and capture the log files. George
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.