Jump to content

OneJeremias

Members
  • Content Count

    8
  • Joined

  • Last visited

About OneJeremias

  • Rank
    Candidate

Recent Profile Visitors

148 profile views
  1. In case anyone else was interested in my second request about being able to classify computers using arbitrary tags, I just discovered that this functionality is actually already there. If you right-click any computer(s) in KSC and choose "Properties", there is a "Tags" section in the resulting window where you can add and select custom tags for those computers. Once you've defined them, you can go to Reports and Notifications --> Computer Selections and create a Computer selection based on the presence of the tags. Makes it very easy to drop machines into custom groups, and from there you can run a task on that selection.
  2. I would like to see some extra tools built into the right-click options, such as shutdown, restart, force logoff, ping, test for logged-in users, wol, etc. Many of these I have configured manually using the "Custom Tools" right-click option in conjunction with PStools, but I think it could be done better if it were built-in. Also, it would be nice to be able to add custom fields to machine records that would allow us to classify systems any number of ways, and make those available as sort options on the Computer list. Or perhaps be able to create folders that represent categories of machines that do NOT in any way affect which AV policies those machines operate under. I want to be able to classify some computers as "Sales", some as "Remote", some as "Marketing", and be able to dynamically add and remove computers from those categories via drag-and-drop, then execute tasks as needed for each of those groups. Exporting group lists to excel would be helpful for using these lists in other programs. I realize these capabilities extend beyond the bounds of security, but since KSC is already a place from which I do much of my computer management, I figured I'd put it out there.
  3. We have incident 1521877 open with Kaspersky. They provided a document that detailed the minimum policy exclusions to get Java working, but their instructions did not fix it: Java is still not working. I requested that a private fix be released to mitigate the issue until CF1 comes out, especially given that they've got a working beta patch for a different version of their product. Two months (starting from now) is a long time for a corporation to deal with this until the release, as many network switches and equipment use Java applets, and requires us to turn off Kaspersky to use them. Compounding the issue is another problem that prevents the user from disabling Kaspersky on Windows 8: if too much time has passed since booting up, attempting to disable Kaspersky results in a quick flash of Windows 8 warning that states that the application will be turned off, and does the user agree to this. The warning disappears before the user can interact, and KES10 interface becomes unresponsive; disabling AV can only be done from Security Center until reboot occurs. So not only do we have to disable Kaspersky to use Java, many times we can't even do that without opening KSC first!
  4. We completed our testing with enabling and disabling self-defense, and it does not seem to be the culprit for most of the issues I listed above. Here is what we know: 1. Disabling self-defense stops the KLNAGENT errors as expected. We'll have to look at a policy exclusion to prevent this from happening without disabling self-defense. 2. Interaction errors with KSC do not seem to be tied to self-defense in any way. They happen occasionally (for us), and do not seem to negatively affect anything. We have about 165 systems and we receive between 0 and 2 a day. This is one of our pending issues with Kaspersky, but I'm guessing we'll just need to ignore them unless they become more frequent. 3. KLAVA update errors seem to happen a few minutes after the first successful update after bootup. We have an update task that is scheduled to run miss tasks, so on boot it runs the update. The first update succeeds, but then the event log shows it scheduled again, and it runs about 10 to 15 minutes later, and fails updating the KLAVA object, whatever that is. This is one of our pending issues with Kaspersky, and does not seem to be tied to self-defense. 4. Blacklist errors happen with computers that have not been on in a long time. If an update fails when this error occurs, subsequent errors seem to resolve the problem. Not tied to self-defense. I hope this helps.
  5. Yep, we disabled, but although the frequency of update errors seems to have been reduced, I did receive one today. Our interaction errors have also been minimized but not eliminated. We're going to run this way for a little longer, then switch back to enabled self-defense and see if errors pick up again.
  6. There's definitely something wrong with the Self-Defense component. We ran with self-defense disabled all day yesterday, and things seems to go much smoother, although we moved all managed computers to a virtual admin server and I'm not sure if we have all the notifications set up correctly yet, so I might just be flying blind. I have done some checking through the critical events though, and it was much cleaner than usual. Another day or two should paint a better picture.
  7. Actually, we are dealing with the same issue (self defense blocks KLNAGENT modification of connector.rpt), and it may be tied to more than just the connection errors. We have been having random systems show "error updating component (KLAVA)" when running an update task from policy, other systems yield a "black list of licenses is corrupted or not found" error, and yet others having an "error in interaction with KSC" connection error. Those exact email notifications are listed below for the sake of documentation: Event Error updating component happened on computer XXXXXX in the domain $$$ on Friday, May 04, 2012 9:12:29 AM (GMT-05:00) Event type: Error updating component Result: Error updating component Object: KLAVA Object\Path: KLAVA Object\Name: KLAVA -------------------------------- Product: Kaspersky Endpoint Security 8 for Windows Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Computer: XXXXXX Domain: $$$ Notifications: Critical event: 5/14/2012 7:29:22 AM: Event type: Black list of licenses is corrupted or not found Application\Name: Kaspersky Endpoint Security 8 for Windows Component: Protection Result\Description: Invalid key file ---------------------------------- Event Error in interaction with Kaspersky Security Center happened on computer XXXXXX in the domain $$$ on Monday, May 14, 2012 8:24:01 AM (GMT-05:00) Event type: Error in interaction with Kaspersky Security Center Result: Failed to receive file ---------------------------------- On ALL of our systems, we see the klnagent.exe action blocked by self-defense, but on clients that show the errors above, the klnagent.exe block is usually the most recent error, usually between 1 and 15 minutes before the others occur. They may not be related at all, given that not all clients exhibit the above errors every day. We have an open ticket with Kaspersky on both the klnagent error and the others, and we were asked to enter exclusions in the policy for the klnagent.exe file and the connector.rpt file, and see what happens. Instead we have temporarily disabled self-defense, and tomorrow we'll see if we receive any errors. I will try and remember to post the results here.
  8. Can anyone shed light on what this event means? It shows up in the Kaspersky Application event log. I've come across it numerous times when researching KSC interaction errors, and I'm not sure if they're related.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.