Jump to content

virtual.roofy

Members
  • Content Count

    1
  • Joined

  • Last visited

About virtual.roofy

  • Rank
    Candidate
  1. Hi Folks, I too was having Issues with Unprocessed Objects, specifically WinVNC. (never been an Issue in previous Administration Kit) :-/ I have Created several Groups beneath Managed Computers to Control specific Desktops and Servers, for Example: Group - Physical XP Desktops To Fix the Issue for WinVNC Unprocessed Objects: Delete the Default Protection Policy, Create New Protection Policy Protection Policy - Physical XP Desktops General Protection Settings > Exclusions and trusted zone > Settings > Exclusion rules Tab Known Working Example(s): Add / Modify Object: %ProgramFiles%\ULTRAVNC\VNCVIEWER.EXE Rule Description: Object will not be scanned if the following conditions are met: Object: %ProgramFiles%\ULTRAVNC\VNCVIEWER.EXE Threat type: Invader (loader) Protection components: specified: File Anti-Virus, Scan, System Watcher Add Modify Object: %ProgramFiles%\ULTRAVNC\WINVNC.EXE Rule Description: Object will not be scanned if the following conditions are met: Object: %ProgramFiles%\ULTRAVNC\WINVNC.EXE Threat type: Invader (loader) Protection components: specified: File Anti-Virus, Scan, System Watcher Add Object: %ProgramFiles%\UltraVNC\WinVNC.exe Rule Description: Object will not be scanned if the following conditions are met: Object: %ProgramFiles%\UltraVNC\WinVNC.exe Threat type: not-a-virus:RemoteAdmin.Win32.WinVNC.gc Protection components: specified: File Anti-Virus, Scan I also needed to Add Exclusion Rules for WinVNC Local Distribution Point, otherwise KES8 would Scan and complain about Unprocessed Objects / Disinfection Impossible, etc, etc... *Sigh* Add Object: %SystemRoot%\<Application Distribution Path>\UltraVNC_v1082.msi Rule Description: Object will not be scanned if the following conditions are met: Object: %SystemRoot%\<Application Distribution Path>\UltraVNC_v1082.msi Threat type: not-a-virus:RemoteAdmin.Win32.WinVNC.gc Protection components: specified: File Anti-Virus, Scan Add Object: %SystemRoot%\<Application Distribution Path>\UltraVNC_v1082.msi//Data1.cab//_42 Rule Description: Object will not be scanned if the following conditions are met: Object: %SystemRoot%\<Application Distribution Path>\UltraVNC_v1082.msi//Data1.cab//_42 Threat type: not-a-virus:RemoteAdmin.Win32.WinVNC.gc Protection components: specified: File Anti-Virus, Scan Finally... Clear the Warnings Event Log You should not need to Move Computers to Unassigned Computers Reboot Kaspersky Security Center 9 - You may still Receive Warnings in the Event Log "Potential Threat Detected" after Performing the above & KSC9 Reboot Clear the Warnings Event Log, again Wait an hour, Check the Warnings Event Log, again - Issues with Unprocessed Objects, specifically WinVNC should not appear. Cheers, virtual.roofy
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.