Jump to content

Kirill Tsapovsky

Admin
  • Content Count

    14,777
  • Joined

  • Last visited

Everything posted by Kirill Tsapovsky

  1. По вопросам, связанным с уничтожением вирусов, обратитесь, пожалуйста, на форум фан-клуба. Чтобы диагностировать "неизвестный" хост и понять причину ошибки, необходим собранный на нем отчет GSI (или как минимум вывод утилиты klnagchk, запущенной на хосте с правами админа; утилиту можно найти в папке с установленным Агентом администрирования). Спасибо.
  2. Добрый день. Отключение от сети необходимо, чтобы исключить вероятность повторного заражения (в зависимости от типа угрозы). Пожалуйста, обратите внимание, что данный форум посвящен техническим вопросам работы антивирусного ПО. По проблемам, связанными с уничтожением вирусов, обратитесь, пожалуйста, на предназначенный для этого ресурс: https://forum.kasperskyclub.ru/index.php?showforum=26 Спасибо.
  3. Hello. Due to legal reasons, the end used must accept the KSN statement in order for KES to run on the host. The installation itself is silent, but the agreement will be shown to the user on first start of KES whether it is initial or somehow delayed. Thank you.
  4. Hello. This instance of KES is malfnctioning, either due to corrupted application files, or due to conflicting software. Please make sure you do not have any incompatible software on the host (e.g. installed after KES), and reinstall or repair KES. Thank you.
  5. Добрый день. Согласно информации от разработчика, выборка включает все устройства, обнаруженные в сети в течение суток до ее запуска. Пожалуйста, сообщите, если ранее указанную проблему удастся воспроизвести. Спасибо.
  6. Hello. This behavior is expected on part of KES, and caused by wbengine.exe activity which tries to remove KL files from System Volume Information folder without releasing locks on such files. This can be avoided by recreating the OS backup task, adding KL files (klmeta.dat, iswift.dat, ichecker.dat) to exclusions. Thank you.
  7. Hello. Unfortunately, manual SVM deployment is not supported. Installation can only be done via KSC, after performing the necessary configuration, including login credentials. Thank you.
  8. Hello KSC service are not all intended to work as Local System. Please find the list here: https://support.kaspersky.com/9298 Please see the Kaspersky Event Log on the server, and provide its export if possible. Alternatively, please collect a GSI report from the server (see the signature to this message), and it will contain the necessary data. It is possible that the server has been corrupted and needs to be reinstalled. The described changes in the system are not related to KSC functionality. Thank you.
  9. Hello. Please elaborate on "using KSC 10.4.343 & KSC 10.5.1781". On which of the servers does the issue reproduce? The list of computers where a specific application version is used can be viewed in the application registry, in the properties of said application entry. Alternatively, a computer selection can be created, with the condition to include only hosts which have a specific version installed. A software versions report does not represent data in this manner. Thank you.
  10. Да, как уже упомянул Zandatsu, проблема в открытых замках. Открытый замок в политике напротив некоторой настройки отключает наследование этой конкретной настройки далее по иерархии. В случае, если существует дочерняя политика, соответствующая настройка будет открыта в ней для редактирования. Если ниже по иерархии только конечные хосты, настройка будет открыта для редактирования там. Соответственно, изменить иерархию и обеспечить ожидаемую работу наследования можно, переместив машины из корня основной группы в еще одну дочернюю, создав в ней отдельную политику, настроив в ней сети в настройках Сетевого экрана и закрыв замок напротив них. Таким образом, основная политика будет оставлять настройки Сетевого экрана открытыми для переопределения, а дочерние - переопределять и форсировать применение этих настроек на хостах, каждая соответственно потребностям своей группы. Спасибо.
  11. Hello. You can find the list of plugins in this article: https://support.kaspersky.com/9333 However, plugins for unsupported versions (like KES 10.2.1.23, which MR1 possibly stands for) are not published there, or available for download any longer. There should not be any issues simply removing the redundant policy though. Thank you.
  12. Hello. The lock on the setting needs to be closed to enforce the corresponding setting down the inheritance chain, in this case down to the endpoint configuration. Open locks are not enforced, and therefore their corresponding settings will not be applied on endpoints. Thank you.
  13. Hello. There is no specific support for LDAP on Linux in KSC, or instructions to configure it. If the domain can be polled using Network discovery, there should be no issue performing the mentioned task. Otherwise please ensure that KSC has access to Active Directory services. Thank you.
  14. Добрый день. Пожалуйста, опишите подробнее, в чём проявляется применение политики "не полностью". В интерфейсе KES видно, что политика применяется? Остальные настройки, кроме Сетевого экрана, применены из политики и недоступны для изменения? Каков ожидаемый вид списка сетей в Сетевом экране? Необходимые сети были добавлены и настроены в политике? Убедитесь, что замок напротив этой настройки закрыт. Спасибо.
  15. You can find the standard support KL scope terms here: https://support.kaspersky.com/support/rules#en_us.block2 Unfortunately, said information cannot be used to forward the investigation since it is contradictory. This issue needs investigating by HP, as explained earlier. From KL perspective, there is already a workaround, which is to remove HP Velocity. Thank you. UPD: I can see there is already an RnD-initiated discussion with HP over this error, following the previous cases. However, the current solution stands, for reasons mentioned. Changes are to be expected in future versions of either product.
  16. Добрый день. Решение проблемы осложнялось тем обстоятельством, что ошибка была вызвана не нашим продуктом, а спецификой работы определенных версий wbengine.exe: Решение в данном случае было возможно путём явного добавления в KES функционала поддержки резервного копирования Windows, какой существует в KSWS. Это и было сделано в KES 11. Спасибо.
  17. In the original post, it says However, this cannot be accurate: "BSOD with fwpkclnt.sys" is itself an obvious fault with drivers. For this reason, I have mentioned that a more technical explanation from them could help us, however a sole mention that HP disown the error, will not. Thank you.
  18. Not sure what "pushing back to HP support" in this context means: the error stated in the opening post of this topic is known, and the culprit is the HP driver. The suggestion to address HP for a solution is a logical extension of said fact. Engineers in CompanyAccount will collect the required minimum of information depending on the issue symptoms before presenting any conclusions. However, if there already is (for example) a technical explanation from HP hinting how KES might affect its driver's operation and consequently what can be done on KL part to resolve the issue, it can make sense to proceed with collecting the reproduction data. In this case, please proceed as previously mentioned. Thank you.
  19. In this case, this must be an entirely different error. fwpkclnt.sys is explicitly the HP driver. Please verify that the memory dump us not referring to it; otherwise, the driver must have been removed improperly. When the new data is available, please attach it into the existing incident; alternatively, please close the incident to continue the case within this topic. Thank you.
  20. Hello. Unfortunately, since the issue only occurs in KES 11, a system information from a host which has a different version and the issue does not reproduce, cannot be used for analysis. However, there is a known issue with HP Velocity (which will likely be listed as the faulty driver in the memory dump). From KL perspective, the solution is to remove the faulty software. Please address HP support is you require more information about the specifics of the fault. Thank you.
  21. Регистрация событий в KES зависит от поведения системы. Для того, чтобы решить проблему в KES 11, пожалуйста, используйте описанный выше способ. Спасибо.
  22. To investigate from the perspective of Network Agent, please provide relevant data (Kaspersky Event Log, included in the GSI report from an affected host, reproduction scenario from the perspective of Network Agent). The AD suggestion can be helpful if you let us know which one setting in Windows policies is responsible for the issue, and in which exact manner the issue can be reproduced by using the one said setting. The provided description of the policies, unfortunately, does not unambiguously explain which settings in OS each of them modifies, or why two are provided without mention of whether they were observed to have the effect on the Network Agent service independently, only in tandem, or otherwise. Thank you.
  23. Hello. Unfortunately, I could not establish from the description what the mentioned issue is, but I assume the following: Entering ku* in the search box will return all host names that start with symbols ku and contain any number of consequent symbols. None of the host names you specified match this search mask. If you need to find computer names which contain the symbols ku but does not necessarily start with them, you should use *ku*. If your host names are uniform (i.e. each of them starts with 4 digits, followed by a dash, followed by a human-readable name you need to search by), you can use this example: ????-ku* This will return host names which start with exactly 4 symbols, followed by -ku and then by any number (including zero) of consequent symbols. Thank you.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.