Jump to content

imperimus

Members
  • Content Count

    8
  • Joined

  • Last visited

About imperimus

  • Rank
    Candidate
  1. We have managed to fix around 200 machines so far so getting through them slowly. We have about another 800 to check and at least 200 of them we know are broken as they manage to report back, but at least we are getting through them quicker now then when we were using recovery mode.
  2. We have been using a batch file that contains the following: kaspersky_tcpip_fix.exe regextr.exe %windir%\system32\config\Regback\SYSTEM c:\output.reg regedit c:\output.reg This will prompt you if you want to import the reg file just click yes. We have combined this with Xcopy and psexec for the machines we can still get to remotely.
  3. I can confirm that the updates from 16:34 onwards to day have not detected had the false positive issue, although we have also put TCPIP.sys in the exclusion list for good measure. As for getting the updates out we have just making sure we force an update before they pickup the file again, which the exclusion helps with as the policy updates take effect quicker than the definitions.
  4. Had no luck with this one, so still going through every machine 1 by 1 doing restore. Going to be a long weekend :-(
  5. The issue seems to be related to HKLM\System\CurrentControlSet\Services\TcpIP On a broken machine this no longer has any entries, but I have not found any other way to get it back yet.
  6. Our sites that are running later version 8 have not experience the problems, so from our point of view it looks like just 6.
  7. We have around 400 PCs effected by this and is going to be a major headache. Once Kaspersky has detected this we have found machines stop working with TCP services such as DNS, cause a lot of the system not to be usable. We have found the following fix to restoring the TCP Stack 1. Remove the AV Agent 2. Restart the machine, and once hit the windows logo boot screen, hard reset the machine to force a Start-up Recovery on Next boot 3. Run the start-up recovery and click yes to system restore 4. Once this has complete you machine should be back on the network All other forms of repair or system restore seems to fail, but the Start-up recovery repair seems to work. Please note we have had some machine lose their Trust relationship whilst doing this. You can put AV back on if you have the exclusions set up correctly. Hope someone comes up with a better fix as this is going to take us a long time to get around all these machines!
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.