Jump to content

jearnhart

Members
  • Content Count

    60
  • Joined

  • Last visited

About jearnhart

  • Rank
    Candidate
  1. Orondelli, or to it may concern, ~30 days later.... I learn of a Private Fix that supposedly addresses this issue. Only works on MR3 installs. I tried it on MR2 and it failed to install. I am rolling it out and monitoring to see if it worked. It definitely doesn't delete/trim/truncate the existing files, but hopefully they stop increasing in size. Only time will tell. I found out about it at POST#6 of this thread: https://forum.kaspersky.com/index.php?showtopic=358690 "Considering reports, there is a known issue that happens on some hosts with KES 10 SP1 MR3. File g_objdt.dat in %ProgramData%\Kaspersky Lab\KES10SP1\Report may be growing despite the size limitations you set in the policy (certain entries ignore that limitation by design). According to the known issue 1807440, you can remove this file if it causes concern (however it can only be deleted locally, after turning off Self-Defense). If you see this issue reoccur often, please request a diagnostic patch pf1749 from CompanyAccount (state the issue number, pf, and provide a link to this topic). See if the issue reoccurs with the patch installed."
  2. Now let's hope Kaspersky developers figure this problem out before my license renewal time in early 2017. I'm testing Trend Micro out in a lab environment because of all the hassle and time I've spent on this and other issues related to faulty AV software. But at least I have a quicker way to deal with the issue... I've looked inside a few of these G_OBJDT.DAT files and most of it is garbled, but I can see some EXE and DLL files referenced, along with some file paths and such. I have also noticed that KES10 starts up faster when it doesn't have to scan through a 4GB file during startup. And uses less memory too. Just for fun, I found a Windows 7 workstation with KES10MR1 (10.2.1.23) still installed, and is used by a regular person (PC is not idle), and the G_OBJDT.DAT file was created in November of 2014 (nearly 2 years ago!) and is only 5.79MB in size. On another Win7 workstation but having KES10MR2 (10.2.4.674) installed, power-user, the file was created 6-28-16 (~3 months ago) and is only 2.38MB in size. So all Kaspersky developers need to do is determine HOW or WHY that file is 'growing out of control' on Windows 10 and then release a patch or PF that deals with it, even if it is a simple process to truncate or delete the file if it grows past a certain size. Or if that process already exists, determine why it is failing to work properly on MR2 and MR3 on Windows 10 computers. Thanks!
  3. Thanks again. Funny how you can use something for years, yet still not get around to seeing everything. Cheers.
  4. Thanks for the Self-Defence idea. It works. Now if only I can figure out how to stop/start KES remotely from KSC, I could do this like a ninja while people are working on their computers. (stopping all components is not the same, I tried.) Still a lot better than Safe Mode though! Thanks again. Cheers,
  5. Greetings, Further testing and research have led me to some interesting discoveries. 1. All computers exhibiting this problem have a G_OBJDT.DAT file sized at the 32bit process file size limit of ~4GB. (displayed as 4,194,399KB) 2. I am able to 'recover' these computers by deleting all the content in the "C:\ProgramData\Kaspersky Lab\KES10SP1\Report" folder. 2a. I have to use SAFE MODE to do it, even TAKE OWNERSHIP fails when trying to delete these files normally. 2b. ***If there is a utility to delete/clean these files or perhaps a command prompt trick without safe mode, let me know please.*** I will research further. 2c. Afterwards, the Integrity Check is clean again. No more write errors. 2d. I got this idea from this forum post: https://forum.kaspersky.com/index.php?showtopic=353691 3. I believe this glitch is related to this thread as well: https://forum.kaspersky.com/index.php?showtopic=349090 3a. The final answer given was to REINSTALL the software. (which would delete the REPORTS directory.) 4. This explains why UPGRADING from MR2 to MR3 doesn't solve the problem. Upgrades do not delete the report files I bet. But a full uninstall will delete them. 5. I have begun 'spot-checking' workstations to document file-sizes of the G_OBJDT.DAT file. (4,195,238KB and 4,195,196KB are few more examples.) 5a. One KES10 client (integrity check still succeeds) was reinstalled on 9-6-2016 (16 days ago) and G_OBJDT.DAT is already 2.49GB in size. (power-user) 5b. Another KES10 client (integrity check still succeeds) that was originally installed 6-30-2016 (~82 days ago) is only 917KB in size. (barely used by interns) 5c. This leads me to conclude that it is activity-based. System Watcher logs? Unable to truncate/delete themselves when they reach max file size for a 32bit process (even on 64bit OS)? Hope this helps narrow down the cause. The symptoms are strange for something as simple as an oversized/unwriteable log/report file, but I guess they are all interrelated somehow. We are a pretty simple environment. DELL hardware, Microsoft software, pretty normal stuff. I can't imagine any conflicts. (We do have a lot of exceptions in the Web Control policy, maybe I'll put a few workstations in a 'simpler policy' in KSC just for further testing.) Cheers,
  6. I created one of these GSI reports about 3 years ago and spent hours redacting usernames, computernames, domain names, etc from the files. I think it was the one from the KSC server, so it basically mapped out my entire network in too much detail for my comfort. Even this GSI report I ran today on a workstation, wow, it'll take me several hours with Notepad++ to search/replace information in the 54+ files involved. I'm considering creating a temporary local non-domain account on the affected computer and re-running the GSI program in order to save time redacting. Maybe I'm being a bit Tin Foil Hat, but I wonder how many people put these GSI reports up on public forums on public file-sharing services, using their real names and email addresses. I'll be uploading mine via CompanyAccount if I ever get around to it. I think we've been pretty descriptive in our explanation of the problem. Even without a GSI report, do you have access to internal bugfix/privatefixes/etc progress from the developers? (For KES10 SP2 or whatever is next) Has anything like this been reported and recreated successfully at Kaspersky Labs yet? I can confirm that this is a Windows10-only thing. Windows 7 does not seem affected. I just had ANOTHER confirmed glitch caused by this issue today. It was affecting GOOGLE EARTH this time. (First time for that one.) Ran Integrity Check, gave the errors. So I had the end-user disable/exit KES10, then Google Earth worked fine. Spent the next 15 minutes of my life running an UNINSTALL KES and REBOOT task, waiting for it to complete, then running a KES10MR3 installation task. Ran the definition updates. Integrity check is good now. User is able to use Google Earth again *WITH* KES10 running. (Please see my original post in this thread where I list 5+ different types of software affected by this.) Thanks in advance for any info you can provide to give us hope. (While I work on redacting the GSI file.) Cheers,
  7. Thanks for the Tip. Never used Integrity check before. On unaffected computer, it comes up clean. On an affected computer, it shows 'module signature check failed' on 239 of 270 modules, with a result of 'write error'. Now I have a way to check the status of my KES10 clients remotely and not involving the users. Thanks. If anyone else is having this issue, please add a comment, even if it is just "me too".
  8. Actually, that's a 'feature'. They purposely did that to fast-track MR3 out the door for the Anniversary Update and to allow the Policies/Tasks/etc of KSC to remain 100% compatible with MR2 stuff. At least that is what I read earlier in the forum. Still looked a bit unprofessional, regardless.
  9. I think I have the same issue as mentioned by others in this thread. I am fighting with an issue for several months that is intermittent but is DEFINITELY caused by Kaspersky KES10. It has something to do with certain HTTPS/encrypted connections. I have not been able to use KSC policies/exceptions/whitelists to solve the issue because it affect programs that install into USER profiles and one application uses non-static directories that change over time. I was hopeful that the issue would be addressed in MR3 because I saw a PF that mentioned “connections to GoToMeeting being blocked”. (which was one of the apps involved.) I have started rolling out KES10 MR3 a few weeks ago, and came across another computer with this problem. So I opted to run an upgrade TASK from KSC to update MR2 to MR3 on that computer. But the HTTPS problem still existed. The temporary ‘fix’, is to manually uninstall Kaspersky Endpoint 10 using Windows Control Panel (add/remove), then reboot, then reinstall it. Then the symptoms are gone, and memory usage is back to normal, for a few months at most... Are there any Private Fixes (PFs) that didn’t make it into KES10 MR3 that involve solving an issue with four interrelated components: IM AV, WEB AV, EMAIL AV, and WEB CONTROL on Windows 10 64bit? Additional details: I’ve been keeping notes. The first time it happened was in April (5 months ago) on the first computer I upgraded to Windows 10 (1511) along with KES10 MR2 (10.2.4.674). Here is a list of things this issue has affected: (and in all cases, the problem goes away if I disable IM AV, WEB AV, EMAIL AV and WEB CONTROL components.) All four must be disabled. 1. GoToMeeting - Connection errors. Exiting KES10 allowed connection to continue. 2. Skype - Didn’t record the exact errors. Exiting KES10 allowed connection to continue. 3. Our accounting software. It uses HTTPS and .NET to make connections internally. Reporting Services error says “Unable to connect to the remote server. An attempt was made to access a socket in a way forbidden by its access permissions. IP: xxx.xxx.xxx.xxx:443” 4. Remote Desktop software. (3rd party, not Microsoft.) I was able to confirm KES10 was at fault multiple times. 5. Parts of DELL.COM website. Tried adding website to Web Control policy as an exception. Nothing in logs indicating a problem. Exit KES10, worked fine. Restarted KES10, stopped working. In all cases, uninstalling, rebooting and reinstalling KES10 MR2/MR3 cleared up the issue temporarily as it seems to return in several weeks or a few months. (Well, I haven't had a documented 'repeat' with MR3 yet, but only time will tell. But since I 'upgraded' an affected workstation from MR2 to MR3 (using KSC task) and the problem remained intact, I am not confident MR3 doesn't have the same issue.)
  10. I cannot locate a list of issues resolved (bugfixes) or any detailed release notes for this version. I tried looking in the two associated documents and even downloaded the software and started the install routine to see if the splash screen included release notes or dropped them in a temp folder somewhere. I am running 8.2.124.0 and want to know if it's worth the effort/risk to upgrade to the latest version. In particular, we had another mail flow stoppage today due to Kaspersky anti-spam services, and want to know if the update addresses that issue. (Exchange 2010 SP2) This is only the second (2nd) time this problem has occurred on our email server. The first time it happened was April 18th, almost 5 months ago. Thanks!
  11. I would also like this option. I was working with tasks today (updating Acrobat) and wondered why there wasn't an easier way to 'retry' the failed ones.
  12. I just thought of a feature request as I was logging on to my KES server this morning. I understand the need to restart the KES services every night, but it would be nice if the console would 'remember' which folders I had 'expanded' in the left panel, and re-expand them for me upon 'Reconnecting'. (and reset focus on the folder that I was using BEFORE the nightly services restart.) Minor issue...only takes 5-10 seconds to re-expand....but I thought I would mention it anyway. (Probably not worth the effort or the potential problems it could cause in multi-user environments...) cheers.
  13. The word "new" was referring to the topic, not the ideas and suggestions: "new topic where you can share your ideas, suggestions and feedback on Kaspersky Security Center 10." Plus, "feedback" usually refers to something that already exists. And in all actuality, having a product with less bugs WOULD be a valuable added feature. I think they have a pretty good list of features already...and should spend their time refining what already exists...and making it work flawlessly, and to provide top-notch support again. Just my $0.02 (two cents)
  14. Yeah. I hope it turns around soon. Still have nearly 2 years left on my 3 year license. (Only 60 nodes, but still....) Been wanting to get something installed on our Smartphones that I can centrally control, but haven't had the time to deal with it. Poor Silverlight. Reminds me of XPS trying to take a bite out of PDF. I'll hand it to Adobe, they are quite adept at making money off of an open standard. I really wish developers would stop re-inventing the wheel all the time. Keep updating your software until it is perfect or near perfect! Seriously, can you think of any software that TRULY had 'new innovative features' over the last 5-10 years? (Aside from the mobile space...) Most desktop Office/productivity/Client/Server software has served the same purpose for a very long time. Perhaps IPv6 would have required something new someday. I dunno. I'm just getting sick of the constant update cycles....and the poor quality of the "latest and greatest" releases. Although I was initially against the SaaS and subscription licensing models, it does seem to be the only solution that will allow developers to 'refine' their products properly. Now if we can just get them to realize that they don't need to keep DRASTICALLY changing (aka BREAKING) things.....we'll be in good shape. I'm looking at you Oracle.....Adobe......Microsoft.... I've seen too much time spent on FLUFF and UI updates and not enough time spent on underlying reliability, usability and SECURITY as of late, and it is depressing. People, listen: If your software is good, the subscriptions will come. Just keep perfecting what you have. Stop this 'built from the ground up is better' mentality.
  15. Call Netflix and tell them to hurry up and switch from Silverlight to HTML5? jk jk http://www.crn.com/news/applications-os/24...development.htm But seriously. I don't have any 'good' suggestions. I've had certain websites not work and had to disable the WEB CONTROL component for certain employees during tax season. One time, disabling Web Control through policy didn't even solve the problem, so I had to give the user permission to manually disable KES from the taskbar when they needed to use a particular website. Talk about a crappy workaround!
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.