Jump to content

dpeters11

Members
  • Content Count

    485
  • Joined

  • Last visited

Everything posted by dpeters11

  1. 10.5.1781, which is the agent on the endpoint as well.
  2. An older system recently came back into the fold, unfortunately it's on KES 10 SP1 MR1, which I know is no longer supported. It was encrypted with FDE, and I'm trying to decrypt it to get it on the current version of AV. In my console, and in the client itself, it looks like it successfully decrypted. However the preboot login screen is still present, and so the AES agent etc won't uninstall, as it's still saying it's encrypted. I tried re-encrypting it by putting it in a group I have with an encryption policy for that version, and while it says the policy was applied, under encryption status, it still says no encryption police specified. Other than reimaging the machine, what options do I have?
  3. Keep in mind, there really is no difference between KES 10 SP2 and KES 10 SP2 MR1. If you update the definitions in your SP2 package, that is the same as SP2 MR1.
  4. I understand that this is for the operating system fixes with Spectre and Meltdown, but want to make sure I'm clear on something. If I update the databases in my main SP1 package, that is all that is needed for a new system and I do not need to switch to MR1, correct?
  5. The KB only talks about KES 10 SP2. We aren't fully on that version, any issues with KES 10 SP1 MR1 or MR3?
  6. It's solved. I doubt that any upgrades we do would have the same issue, my system isn't the most normal, if we even really put out MR4 at all. I'm hoping that by the time MR3 goes EOL, we'll be on SP2+.
  7. It worked this time, I also took an extra precaution of manually selecting SP2 and making sure nothing was left of it. I got the screenshot I needed of the process, so I'm good to go.
  8. I can do that. I'll decrypt it, run the remover, reinstall mr3, re-encrypt and retry mr4. It's just odd that MR3 updated to MR4 fine, until the issue with updating the encryption, then I got the recalled patch error.
  9. I don't see it listed under software updates in KSC. I'd been trying to install it as a package from KSC. I just tried a standalone exe, same failure but I do get setup logs. No private patches, this was a clean install of MR3 yesterday after removing SP2. kl-install-2017-07-21-12-54-12.log kl-setup-2017-07-21-12-53-54.log
  10. When it installed the first time, I got these errors. After the reboot, it had reverted itself to MR3. When I attempted a reinstall after that (including another reboot), it failed with the recalled patch message. What's strange, I don't see an install log. There's an MSIxxxx.log and a ucaevents, but those are from the mr3 install yesterday GSI report is here https://app.box.com/s/exqzy72hmi43gax5dnfu Event type: FDE upgrade failed Reason: Upgrade initiation failed Encryption type: Encryption of hard drives Event type: Error encrypting/decrypting device Action: Encryption Reason: Encryption paused for the duration of update installation Encryption type: Encryption of hard drives
  11. Testing this version for systems that we can't yet go through the decryption process for SP2. I installed SP1 MR3 yesterday and encrypted. Today I installed MR4. It installed OK the first time, but then failed the encryption update and reverted. I cleared up some more disk space etc in case that was the issue, but now MR4 won't install at all. Remote installation has been completed with an error on this device: Fatal error during installation. (Error 27357.Installation package has been found to contain recalled patches , {1E08552F-85AE-453C-A35E-EB1980F5C667}. Installation will be aborted.) This still happens after I updated the package databases.
  12. I think you can upgrade to MR4 with no decryption, but you can't go to SP2 without decryption. The way Kaspersky has been doing it lately (at least starting with SP1 M2) is that you can go to MR releases within a version but can't go to a new SP level.
  13. Looks like it's a good thing my policy is set to not restart...
  14. One thing I've wondered about, if a system is full disk encrypted, would ransomware like this work?
  15. So the only port I need open from the DMZ to the Internet is 13000 for systems out on the Internet to get definitions from the gateway and keep their status updated?
  16. Ok, but in terms of ports open to the Internet, which ones are needed for client communication?
  17. I've got a system in our DMZ that I want to use as a connection gateway for systems that are not connected to the VPN for management. The server currently is able to communicate with the KSC for it's own, with TCP 13000, 14000 and 18000 plus udp 13000 open to the internal KSC (10 SP2 MR1). What ports are needed from the connection gateway to the internet for client communication? Is it just TCP 13000 and 14000 or do I need 13292 and 13293 (defaults in the gateway section of the update agent properties)?
  18. Ok, so since that recommends disabling SMBv1, then it seems safe to say that Kaspersky products don't use SMBv1.
  19. Not really, Wannacry is just bringing the issue to the forefront. Microsoft is trying to get v1 disabled, and the way I see it, there likely will be other vulnerabilities in it. If we don't need it, then why keep it enabled.
  20. Well, I guess my question is, will anything dealing with Kaspersky break? Meaning if we disable SMB1, will I still be able to deploy to a client (either with or without the agent installed), communication between the client and KSC/update agents still work? I'm asking for several reasons: Kaspersky states that port 445 needs to be open, so that indicates to me that SMB is used, but not the version. One of your competitors does require SMBv1 in at least one situation for authentication so made me think of AV. I know I could just try it and see if AV breaks, but was hoping someone would know.
  21. Our KSC is on version 10 SP2 MR1, most client agents are also on that version (but not all). Would there be any issue with Kaspersky if we just disable SMBv1? We do have the MS17-010 patch installed, with System Watcher but we're looking at this as a defense in depth.
  22. In a perfect world but it's not feasible for us to be able to decrypt, update and re-encrypt devices that quickly, with the end user notification and instructions that have to go out etc. We've been able to do this in the past, when we had pre SP1 systems and SP1 systems mixed.
  23. Ok, maybe recovery was the wrong word. If a user is at the Kaspersky preboot screen and can't log in, the help desk will log into the console, right click on the computer and access offline mode. That's where they'd do the challenge response to reset the password. In this case, it seems like the screen doesn't appear when an SP1 MR3 system is selected. It does appear when an SP2 system is selected. We need it to work with both.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.