Jump to content

dpeters11

Members
  • Content Count

    485
  • Joined

  • Last visited

About dpeters11

  • Rank
    Cadet

Recent Profile Visitors

848 profile views
  1. 10.5.1781, which is the agent on the endpoint as well.
  2. An older system recently came back into the fold, unfortunately it's on KES 10 SP1 MR1, which I know is no longer supported. It was encrypted with FDE, and I'm trying to decrypt it to get it on the current version of AV. In my console, and in the client itself, it looks like it successfully decrypted. However the preboot login screen is still present, and so the AES agent etc won't uninstall, as it's still saying it's encrypted. I tried re-encrypting it by putting it in a group I have with an encryption policy for that version, and while it says the policy was applied, under encryption status, it still says no encryption police specified. Other than reimaging the machine, what options do I have?
  3. Keep in mind, there really is no difference between KES 10 SP2 and KES 10 SP2 MR1. If you update the definitions in your SP2 package, that is the same as SP2 MR1.
  4. I understand that this is for the operating system fixes with Spectre and Meltdown, but want to make sure I'm clear on something. If I update the databases in my main SP1 package, that is all that is needed for a new system and I do not need to switch to MR1, correct?
  5. The KB only talks about KES 10 SP2. We aren't fully on that version, any issues with KES 10 SP1 MR1 or MR3?
  6. It's solved. I doubt that any upgrades we do would have the same issue, my system isn't the most normal, if we even really put out MR4 at all. I'm hoping that by the time MR3 goes EOL, we'll be on SP2+.
  7. It worked this time, I also took an extra precaution of manually selecting SP2 and making sure nothing was left of it. I got the screenshot I needed of the process, so I'm good to go.
  8. I can do that. I'll decrypt it, run the remover, reinstall mr3, re-encrypt and retry mr4. It's just odd that MR3 updated to MR4 fine, until the issue with updating the encryption, then I got the recalled patch error.
  9. I don't see it listed under software updates in KSC. I'd been trying to install it as a package from KSC. I just tried a standalone exe, same failure but I do get setup logs. No private patches, this was a clean install of MR3 yesterday after removing SP2. kl-install-2017-07-21-12-54-12.log kl-setup-2017-07-21-12-53-54.log
  10. When it installed the first time, I got these errors. After the reboot, it had reverted itself to MR3. When I attempted a reinstall after that (including another reboot), it failed with the recalled patch message. What's strange, I don't see an install log. There's an MSIxxxx.log and a ucaevents, but those are from the mr3 install yesterday GSI report is here https://app.box.com/s/exqzy72hmi43gax5dnfu Event type: FDE upgrade failed Reason: Upgrade initiation failed Encryption type: Encryption of hard drives Event type: Error encrypting/decrypting device Action: Encryption Reason: Encryption paused for the duration of update installation Encryption type: Encryption of hard drives
  11. Testing this version for systems that we can't yet go through the decryption process for SP2. I installed SP1 MR3 yesterday and encrypted. Today I installed MR4. It installed OK the first time, but then failed the encryption update and reverted. I cleared up some more disk space etc in case that was the issue, but now MR4 won't install at all. Remote installation has been completed with an error on this device: Fatal error during installation. (Error 27357.Installation package has been found to contain recalled patches , {1E08552F-85AE-453C-A35E-EB1980F5C667}. Installation will be aborted.) This still happens after I updated the package databases.
  12. I think you can upgrade to MR4 with no decryption, but you can't go to SP2 without decryption. The way Kaspersky has been doing it lately (at least starting with SP1 M2) is that you can go to MR releases within a version but can't go to a new SP level.
  13. Looks like it's a good thing my policy is set to not restart...
  14. One thing I've wondered about, if a system is full disk encrypted, would ransomware like this work?
  15. So the only port I need open from the DMZ to the Internet is 13000 for systems out on the Internet to get definitions from the gateway and keep their status updated?
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.