Jump to content

kesrs

Members
  • Content Count

    35
  • Joined

  • Last visited

About kesrs

  • Rank
    Candidate
  1. Not sure I understand what you mean by "make a backup copy". Are you saying I should make a full backup of every file on the machine before running a scan? That way, if a file gets incorrectly deleted, I can restore it?
  2. If I do this, will it delete Outlook.PST files if it can't disinfect them? This is traveling user and the laptop is not on our corporate network. Will the RDP still work for this?
  3. I exported the settings from task in KSC to a klt file. See attached The "local" KES interface is ~800 miles away on a remote worker's laptop. I don't have time to step out of my office and walk over to him right now :-) Is there any other way to handle this? ScanSettings.klt.txt
  4. The virus scan task is detecting several items on a user's computer. Unfortunately, the result is "Untreated". I've attached a screen shot of the virus's report. Here's a line of text from it: Trojan Result: Untreated: Trojan.Win32.Bromngr.aq Object: C:\ Documents and Settings\ Roger\ AppData\ Local\ Microsoft\ Windows\ Temporary Internet Files\ Content.IE5\ 40QDZ5ZV\ pack[1].7z/ protector.dll I've tried going into the repository in KSC 10 and deleting the objects; however, the next virus detects them again on the user's computer. From what I see, they are contained within the same file ( "pack[1].7z" ). How can I remove them from the user's computer? BTW, why is it detecting them under "Documents and Settings"? This is a Windows 7 box. That folder does not exist because Windows 7 stores user data under "C:\Users". Thanks. KES 10 MR1 / KSC 10 MR 1
  5. My typical workflow is as follows: 1. Go to main vulnerabilities screen 2. Make sure the "Fixes are available" filter is off. 3. Review the vulnerabilities 4. Right-Click on a vulnerability, and choose properties to see advisory information, Etc. 5. Click "Vulnerability instances" to see which computers are affected. From a security perspective, my company wants to know about all vulnerabilities, regardless if a fix is available. A hacker doesn't care if we could fix a security issue; he/she only cares if it is there. We need to know our level of exposure. Hiding vulnerabilities just because we can't patch them is a bit like hiding our heads in the sand. If a fix is not available, we can take measures to mitigate the issue, such as uninstalling the vulnerable software or restricting its access. I'm a little surprised that the "Fixes are available filter" is on by default. I'd like to think a well-known security vender like Kaspersky would be interested in making sure it clients knew their level of vulnerability at all times. Clarification: I do understand that files under $PatchCache$ are not vulnerabilities. My comments above are reference to true vulnerabilities that are being hidden by default because a fix isn't available.
  6. I got a reply this "resolution" in the incident: The problem with Adobe, and I do apologize for the inconvenience, is that application like adobe, java, and others, do not delete their old application files when they are updated. They leave the old application behind. The only way to clear this is up is to delete the old application version after it has been updated. If the Adobe Acrobat files are just left over files from a previous version (which I agree with because they are in $PatchCache$, why is KES 10 detecting them as vulnerabilities? I don't think c:\Programs (x86)\adobe\reader 11.0\reader\acrord32.exe is a left over file, though. What to do I need to do about getting KES to understand that it is fully patched?
  7. That makes sense about the ones in $PatchCache$. What about acrord32.exe in c:\Programs (x86)\adove\reader 11.0\reader?
  8. Here are the screen shots. From what I see, all the Adobe Acrobat vulnerabilities are being detected in the same file (nppf32.dll) so I only sent one screen shot of the instances Acrobat instead sending one screen shot for each vulnerability.
  9. Here is a screen shot showing the vulnerabilities listed for the computer I submitted the GIS for. The first 5 involve Adobe Acrobat. From what I see in the referenced advisories, they do not exist in the version that is installed on the computer (Acrobat Pro 9.5.5). The last one involves Adobe Reader. The referenced advisory indicates that it exists in 11.04 and was fixed in 11.05. Reader 11.05 is installed on the computer. Name Severity Type Manufacturer Application Protection technology URL SA47133 Critical Third-party developer Adobe Systems Adobe Reader http://secunia.com/advisories/47133/ SA48733 Critical Third-party developer Adobe Systems Adobe Reader http://secunia.com/advisories/48733/ SA52196 Critical Third-party developer Adobe Systems Adobe Reader http://secunia.com/advisories/52196/ SA51791 High Third-party developer Adobe Systems Adobe Reader http://secunia.com/advisories/51791/ SA53420 High Third-party developer Adobe Systems Adobe Reader http://secunia.com/advisories/53420/ SA54754 Warning Third-party developer Adobe Systems Adobe Reader XI http://secunia.com/advisories/54754/ VulScan.klt.txt
  10. Its running. I'm confused. How would Windows Update affect something from Adobe?
  11. We run the built-in "Find vulnerabilities and application updates" task nightly. The KSC 10 indicates it was first detected on November 20 (see attached screen shot). Adobe Acrobat was upgraded to 9.5.5 in sometime around December 13 - 20. The nightly vulnerability scan has run many times since then.
  12. The vulnerability scan performed by the network agent is reporting objects found in C:\ Windows\ Installer\ $PatchCache$. For example, here's one for Adobe Acrobat 9: C:\ Windows\ Installer\ $PatchCache$\ Managed\ 68AB67CA330100007706000000000040\ 9.0.0\ nppdf32.dll According to the referenced advisory ( http://secunia.com/advisories/47133 ), this vulnerability affects Adobe Acrobat versions 9.4.6 and prior for Windows. We have Acrobat Pro 9.5.5 installed. The only detected instance of this vulnerability on the computers is under $PatchCache$. Is there any way to get to get KE to recognize that the computers actually do have a non-vulnerable version installed? Thanks! KES 10 MR1 Network Agent 10.1.249
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.