Jump to content

george.h

Members
  • Content Count

    225
  • Joined

  • Last visited

Everything posted by george.h

  1. Thanks Ivan..... Interestingly this is the first time I've heard it stated that having to manually deal with unprocessed objects on each endpoint individually is by design. Bit of a major design flaw (to my mind). I'll have to manually trigger an unprocessed object on one of the endpoints (I know which applications I can use to do this) and send you the results of klnagchk from it. GSI? Could you clarify what you mean for this please? Also the Kaspersky event log, is that from KSC or the endpoint? I'm assuming you mean the endpoint. Regards George EDIT: I've just looked up GetSystemInfo (GSI) report..... I'll collect that on the endpoint for you also. Do you need anything from the server running KSC?
  2. No - because we don't qualify for that and the UK support "outlet" are frankly a waste of time. However it is an issue that has appeared in this forum numerous times...
  3. KSC is 9.3.75 running on Windows Server 2003. Network Agent on the endpoints is 9.3.75. The endpoints had been all XP SP3, now almost all Win 7 SP1 64 bit. Both have always shown the same problem. There are three issues with this which have been present, if memory serves, for at least 3 years now - certainly as long as I've been looking after this installation. None have ever been properly addressed through several releases of KES, KSC and NAGENT. 1. If you view an endpoint in KSC showing as having unprocessed objects and click on the "Unprocessed Objects" link in the right hand panel where the endpoints details are shown, all you get is a list of events on that endpoint. NONE of which (as far as I have ever seen) says "Unprocessed object". Unless of course I'm meant to read through every single event entry to find it - which I won't. 2. There is NO WAY to clear this without direct interaction with the affected endpoint's desktop. Either by doing Remote Desktop or physically visiting it. 3. Even after clearing the "Unprocessed objects" from the endpoint(s) their status doesn't change in KSC. It does, EVENTUALLY, after at least 12 hours. However that means KSC is wrongly reporting the endpoint's status for a VERY LONG TIME. So, are Kaspersky EVER going to fix this? Properly!
  4. Is there EVER going to be a fix to get rid of the awful "Unprocessed Objects" bug? Even adding exception to stop erroneous reports from regular software I still find that I get Unprocessed Objects which I have to MANUALLY connect to EACH CLIENT, clear out and yet STILL KSC shows damned Unprocessed Objects Come on Kaspersky FIX THE DAMNED THING!
  5. Confirmed - all working now.... Much appreciated. George
  6. I wouldn't quite say that yet.... I just did a test scan using the software that gets flagged as possibly infected and thus "unprocessed" and it still happened. However, I double checked it's entry in the Trusted section of the policy and I'd mis-typed it. So just re-testing....
  7. That is exactly how I have been doing it. Just to be sure I've just went back into the active policy and checked and it had gone. So I de-activated the policy, went back in, added the file again into the trusted zone (with everything except Allow Interaction with User Interface ticked - see screen shot), closed, applied it, then re-activated. Waited until it had been deployed to the 10 local machines, went back into the policy (without de-activating) and it had gone again - screen shots attached. Just found it - I hadn't unticked "Inherit settings from Parent Policy" which was removing it again. I'll have to do some testing to verify that it is actually doing it and no-longer flags the app as "Unprocessed".
  8. They are definitely false detections. All of them, if I remember correctly, due to "PDM.DNS Query". I've attached this particular example but it is by no means the only example, and it is DEFINITELY NOT A NEW VIRUS. So I think emailing it to "newvirus" is not the right way to go. I also think that sending each of them to you to be excluded from the databases is a bit of a long-winded way of preventing these false detections. From that should I infer that there is no way of adding exception to KES using a security policy in KSC9 to prevent such detections? Please bear in mind that this is all to get around the annoying and frustrating "Unprocessed Objects" issue. I trust you have noticed that in the security policy I have turned off notification to KSC for this - but I still get them..... BrccMCtl.zip
  9. Ok.... I've now done a modified policy to exclude an application called Brother Control Centre 3. This is part of the driver suite for a Brother MFC-9450CDN network fax/scanner/printer/copier. It is one of a number of applications that fall foul of the "PDM.DNS Query" detection. In other words every time a user launches Control Centre 3 (usually to scan a document) their machine logs an unprocessed object which I have to clear on the client PC, AND I get email warnings of the form: Event Probably infected object detected happened on computer 95RKH1J in the domain COLOURHOLOGRAPH on 25 April 2014 2:39:55PM (GMT+00:00) Result: Detected: PDM.DNS Query Object: C:\PROGRAM FILES\BROTHER\CONTROLCENTER3\BRCCMCTL.EXE As I've mentioned we have several applications that trigger this, none of which are infected. Not being able to stop these false detections is really annoying. Not being able to clear them from KSC9 is VERY annoying.... Modified active policy attached. Regards George Active_Policy_with_exclusion.zip
  10. :dash2: I should have put my glasses on! Thank you! I must be going (even more) blind... Policy attached. This is the standard policy at the moment witout any exceptions - I removed them when I couldn't get them to work. I'll just do a modified one and upload that when done. George Active_Policy.zip
  11. How do I export the policy? All I can find is Export List which contains nothing but the name of the active policy. Is there EVER going to be a proper solution to the Unprocessed Objects "feature"?
  12. I have a network with 14 enpoints on it running KES 8.1.0.1042. These are (now) a mixture of Win 7 Pro SP1 and XP Pro SP3 managed using KSC 9.3.75 running on a Windows 2003 Server box. Basically the issue comes from that old bug bear of Kaspersky, the infuriating "Unprocessed Objects". You know, the yellow warning you get when Kaspersky misdetects a pefectly valid program as a potential threat which can only be cleared by visiting or remote controlling the client PC to clear - although it takes AGES after clearing it before KSC recognises the fact. Well, 99.9999% of the time on my network these are false detections from things like Brother Control Centre 3 (Brother's network scanner/printer/copier/fax control utility) and stuff like that. So I thought I'd add it in as an exception to kill these damned annoying warnings. I use a security policy to lock down the user interface on the PCs themselves and thought I'd try adding the exceptions via the policy so that I can deploy and manage them centrally. However I just cannot get it to work. Has anyone been able to add exceptions using this method? If so, how do I get it to work? I'd much MUCH rather NOT have to start opening up the end users interface to allow them to do it - they will add all sorts of crap. Any suggestions would be much appreciated...... George
  13. Our support "officially" is via Wick Hill in the UK who are frankly a waste of space. So I'm not even going to waste my time going down that route again.
  14. No response from Kaspersky I guess means "go away - we're not going to fix the problem".... Same old rubbish support from Kaspersky.....
  15. Forgot to add, all endpoints are running 8.1.0.1042. On the other main endpoint which keeps complaining about unprocessed objects, the object is keeps repeatedly objecting to is the ATI Control Panel from the video driver! (ATIPTAXX.EXE). Again, another false alarm that can't be cleared remotely and just keeps comming back.
  16. And what does this version offer? Is this just a recommendation to update in the hope it will do something (as usual) or does it actually finally fix the problem of not being able to clear unprocessed objects from endpoints? Also, does it provide a way to kill off false detections other than "re-scan" (which usually does nothing) - and remotely? What new bugs does it introduce? I've been bitten far too many times with Kaspesky with updates supposed to fix things and always introducing a whole new bunch of pains - often without even fixing the problems the updates are supposed to. EDIT: Well there is a surprise, I'm already running KSC 9.3.75. Still no fix for unprocessed objects after 2+ years....
  17. Uprocessed Objects has been a pain in behind for ages. My site has just started throwing these up again, on a couple of machines - one for the JAVA component of the Arduino IDE, the other for the updater EXE or Notepad++. Both false alarms. The worst part is you can do SFA about them from KSC. You have to visit the endpoint (or RDP to it) to clear it out. Even then these two particular ones keep comming back. So far have found no way to tell Kaspersky that it's wrongly detecting these items.
  18. It works, but if you go into the installation package property you have no options to control what parts do and don't get installed, it just runs the EXE. I prefer Helmut's method - run the EXE on a PC (I used my Kaspersky Admin server), let it unpack everything to C:\KAV, but then cancel the install when it actually asks if you want to go ahead and install. The install cancels but leaves the install source files in C:\KAV (or which ever directory you choose if you choose a different one). Included in the lowever levels of the directory structure you'll find a file with the KPD extension. Now, making sure your Kaspersky Admin server has access to this directory (which is why I did it on the server itself), run through creating an installation package but select the KPD option and for the source browse down to the KPD file. Apart from the first step of unpacking the files (which I'd forgotten how to do - thanks Helmut!), it is just as simple as creating it from the EXE. However, once the installation package is created, right click on the package and select PROPERTIES - you'll have loads of options to decide precisely what components you want installing. You may not want to use that level of control YET (all components are installed by default), but you've got it should you want/need it without creating a new install package. George
  19. Hi Helumt/Ivan, Many thanks for your help..... Best wishes... George
  20. Hi, Can anyone remind me of how to get from the downloadable exe for KES 8 CF2 (8.1.0.1042) to the directory structure containing the KPD file. I want to create a proper install package (not a stand-alone EXE install package) where I can control the install options fully. I get the nasty feeling it is going to be: "yeah - run the exe on a PC to install it and then copy the directory structure off of there". I do hope there is a better way..... Cheers George
  21. Why do you make it so difficult to find updates for 8 on your website....?? Where are they? It is really really annoying! I'd much reather you fixed the problems in 8 and not wasted time pushing 10. Found it - under Support - Knowledgebase & Faq - Business. Why can't it be somewhere sensible like "Trials & Updates"???
  22. Thanks for the links to KES8/KSC9. However, why has it been moved or is it just a part of the "new look" website. Sadly I find it a mess and a pain to navigate. As for the "local office" issues, are you refering to Kaspersky UK (who just told us to that we had to talk to Wick Hill) or Wick Hill whose sole response was a single call and the answer "Don't know". No investigaion, no request for information, nothing. By the way, my remote deployment across a VPN freezing at 83% was fixed by upgrading our internet links to 100Mbs (down and up)at HQ and 50Mbs (down)/10Mbs (up). I strongly suggest that your mechanism for remote deployment via the Network Agent (9.2.629 I think) is seriously broken if it can't cope with normal internet connection speeds for deploying to remote sites - and no doing "local installs" is not an acceptable option.
  23. But the mechanism you describe just doesn't seem to work reliably - as shown by the number of issues others have posted about just getting patch c to deploy (not to mention a and b ). My experiences so far on just the first two machines trying to get patch d onto them has been less than great. And these are machines that haven't had the more serious issues since patch b..... At least you've given us the first hint at how patch deployment and installation is "supposed" to work (which is much appreciated). We've been asking for this from the start of these issues and just been totally ignored. Can we have a FULL description of this and how we can tell if it's failed without having to post log after log. The two patch logs seem to contain lots of detail (which doesn't tell us much) and not enough basic stuff like "Patch D install success" or "Patch D install failed for reason xyz".
  24. Well, I've tried patch d on a second machine and here is what happened. Forced an update by starting the update task manually on the machine via KSC. Update completed successfully and machine showed as requiring a reboot. Rebooted machine. Over 30 mins later KES still wasn't running until a user login occurred. No patch D. Waited another 45 mins to see what happened. No further reboot request on the PC nor did it show as requiring a reboot in KSC (as the other machine DID). Did a reboot anyway. Result - STILL NO PATCH D! Logged onto machine remotely, browed to the patches sub-folder, and manually forced the patch to install by double clicking on the MSP file. Finally after ANOTHER reboot patch d is there. So, conclusions so far? - Even if it fixes the problems casued by patch b, c etc, it is still a PITA to push out. And this is supposed to be an acceptable fix????? So, marks for this attempt 1/10 - must try a LOT harder. Also, why is this not a cummulative patch so that it can be deployed and installed in one hit? Why do we have to go through the pain of the a, b, c route first? :angry:
  25. Well, Patch D installed on first test machine. However, it took TWO reboots. The first was indicated in both KSC and on the PC, so I did a reboot. After reboot KES didn't start until I logged in after leaving it for 20 mins after the reboot before logging in. KES was the last thing to appear after login (hmmmm). No indication on the PC that a reboot was required. KSC not showing Patch D as present on it, then started indicating another reboot was required. PC still showing no requirement for a reboot. Ok - did the second reboot. After another delay (time passes.................) with KES shown as running, but protection off, it eventually goes back to OK and showing Patches a, b, c ,d and PF4 installed. That seems like one reboot too many, especially as the user (in this case me) was given no indication that the second one was needed. EDIT : Logged back in and the Quick Launch icons had been turned off, and altered the locked positions of hidden icons on the task bar.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.