Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Peter222

  1. Looks like we have the fix. Support issued PF3121 which seems to resolve the issues. We are still doing preliminary testing, but it looks good right now.
  2. I already have incidents open with support. INCIDENT #: INC000008523184 The issues on Win10 RS3 and Netmotion are occurring with the KES10SP2 and KES10SP1MR4 clients and the Netmotion Mobility client 11.31: KES10SP2 - startup & shutdown delays (over 5 mins) and system sluggishness with delays opening and launching applications KES10SP1MR4 - no delay issues, but internet browsing is not working at all in any browser
  3. Just curious if anyone else been experiencing this type of issue with this software combination? The issue only shows up when Win10 PCs are updated to Redstone 3 (1709). On some test machines, the startup delay can be around 5 minutes and more. The temporary fix we have for an urgent deployment was to uninstall the KSC Network Agent (10.4.343, latest patch A) on machines and run the AV standalone. Not a permanent solution though. Working with Kaspersky and Netmotion support...
  4. Have an incident open regarding this issue: INC000008055876, but not getting anywhere with it. The Critical fix KB13463 (http://support.kaspersky.com/13463#block1) was suppose to add functionality to the Trusted Zones feature to trust processes not only by path and hash, but by path only if desired. The problem with the default functionality is that we have backup software on servers of different versions and what happens is that the filenames are the same between versions, but the file hashes are obviously different, and KS4WS overwrites the trusted processes based on the filename and it's not looking at the file hash. The new functionality also seems half baked in terms of the fact that I had to create registry files and a batch file to push it out to the KS4WS servers (to allow path only trusted processes). This functionality should be included in KSC instead of having to craft registry files, create packages, etc. Not all servers are in a domain either, so group policy is not an option. When trying to add path only in the local console or KSC policy I am unable to add a path and can only browse for local files. See screenshot. I even created XML exports of the various backup executables from the KS4WS servers but when I import them into the KSC policy, again, it overwrites based on the file name instead of looking at both the filename and hash. I was initially told that the backup processes also need to be added to trusted processes after I had some issues with KS4WS blocking some files used by the backup software. After excluding these folders in KS4WS policy at least this issue went away. No the issue of adding the backup software executables as trusted processes remains.
  5. Was surprised to see hundreds of PCs requiring a restart after I received the daily protection report. There are some machines that need to have scheduled reboots since they run 24/7 serving a certain function on the network (time card polling, etc) which is an administrative headache. Hoping not to see anymore of these in future.
  6. There is 4GB free space on this machine because as I mentioned before I've been trying to run traces to try capture the traces when the problem occurs and the trace files have grown rather large. Regarding network agent problems, I connect to the network with our KSC server with VPN periodically. When I'm not on VPN the Network Agent won't be able to connect to the KSC server and is probably logging errors that it can't connect. I haven't had any problems in the past with the KES10SP1MR3 client. I have also uninstalled the KES10SP2 client completely along with the network agent (10.4.343) and have reinstalled from a KSC standalone package with updated databases. So far, I haven't seen the problem return yet, but I'm continuing to monitor this machine.
  7. I've uploaded the GSI log here: http://www.getsysteminfo.com/read.php?file...4a01fd9b77f1ed8 There is no particular scenario that I can identify to recreate the slow down. Sometimes even the Win10 login screen is delayed from showing the users after a reboot, but this is not consistent either.
  8. On the more severe instances I encountered on my laptop it appeared that the OS was hanging. I could move the mouse pointer around but nothing would respond: Windows Start Menu, Ctrl+Alt+Del, anything from the OS. Otherwise, what I've encountered more often and what users are complaining about is the delay when an application is opened. However, I also cannot launch any other applications during the delay. I haven't time it but approximately 10-15 seconds of delay (which is not normal behavior). I've generated the GSI report with event logs (but the file upload says it only allows 300K uploads), but am trying to capture a trace with the slow down. The problem is that it's so intermittent that at the moment my trace files are growing too big and I've had to disable tracing. KES10SP2 did generate some application dump files across some of the restarts that I sent off to Kaspersky lab when it prompted me.
  9. Anyone seen this issue? I've run into this problem before with older KES10 versions and am seeing it again with the latest KES10SP2. We've started upgrading clients from old KES10MR1 (uninstalling and installing the new KES10SP2 client) and some users are complaining that applications are slow to open with the new KES10SP2. I'm also seeing this on my machine. It's hard to pin down when the issue occurs, and now that I'm enabled tracing, I'm not seeing the issue yet. The issue manifest a couple of times where the machine appeared to lock up, but then became usable again after a while (where the Windows start menu would open again). There was one time where it was just taking way too long to become usable again and I had to perform a hard reboot.
  10. Is there a KSC report or maybe a device selection that can be created to display the OS version and/or OS build numbers? This information is available if you click on KES clients individually in KSC and go to System Info\General. Anyway to query this info so I can get it into a spreadsheet or CSV export?
  11. Respect Win10 metered connections Have KES respect metered connections (which are expensive capped mobile connections in a lot of countries) and not perform updates on these types of connections, especially if they're mobile. At least have an option somewhere where you can toggle this for KES updates.
  12. I'm testing with the Mobility version 11.01.15791 and during install I've noticed that it now adds the registry "fix" for the 10.72 version automatically, but under a different string value name, with the same value (avp.exe). I have not tried falling back to MR2 and then updating to MR3 with the Mobility 11.01 client, because I've already updated to the Win10 Anniversary Update (Redstone 1) which is only compatible on MR3. From the incompatibility list text file that accompanies MR3 the Mobility Client versions that will be uninstalled are all 10.72 flavors (Win7 32/64 bit and Win8-10 32/64bit). I don't suspect 11.x would be uninstalled because it's not listed. All existing Mobility 10.72 clients would be your problem child and would need to be upgraded to version 11 prior to installing MR3 or approving it in KSC.
  13. More control over local tasks rather than just disabling them in KSC policy! There is no ways to run a local vulnerability scan task so the user can see vulnerabilities reported in the local KES interface when the KSC policy has local tasks disabled. For IT administrators at least have a report that will show the vulnerabilities on the KSC server by computer. I see most people are disabling the local tasks because of the preset full scan which does not work with maintenance schedules. Again, please allow more control over the local tasks from the KSC server rather than just disabling them. You can't replace the vulnerability local scan tasks with a group task because you don't see the results on the local KES client interface.
  14. Created new incident INC000006577341 and attached the requested files. Added previous incident number INC000005714545 (1/29/2016) to the case for reference.
  15. I cannot produce a GSI report since I cannot login to the desktop because of the freeze/lock up issue. The only way to get this working is to add the Netmotion reg key: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NMDRV\Params\Mobility Client\NoDllHookProcesses] "KasperskyAvp"="avp.exe" I don't know if this will hamper troubleshooting, but I will go ahead and create a new company incident and post the number here.
  16. I've have done both of these in my previous incident. Also, I have FTP'd the executables twice to Kaspersky R & D.
  17. The issue was and is still that the PC will lock up/freeze after logging in when the KES10 SP1 MR2 (and now still MR3 client) and the Netmotion VPN client is installed. Here is my incident number from 1/29/2016: INC000005714545 Konstantin, you were the one who indicated in the referenced post (https://forum.kaspersky.com/index.php?s=&showtopic=345867&view=findpost&p=2606118) that "Netmotion support will be released in next builds of MR3 beta."
  18. Installed KES 10 SP1 MR3 and now found that my NetMotion Mobility Client 10.72.56065 is on the incompatible software list and gets uninstalled automatically when MR3 is installed. This was suppose to be supported with MR3, see: https://forum.kaspersky.com/index.php?s=&am...t&p=2606118 Had to locate a bootable USB copy of Win10 to edit the registry hive to add the Netmotion fix manually, before restarting the PC. Unfortunately, you still have to install the registry file that Netmotion Wireless provides to not hook the avp.exe DLL to get it working on MR3. MOST law enforcement agencies use the Netmotion VPN client in their environments to support their typically roaming behavior across various types of networks without loosing session connectivity to applications. This begs the questions, how many law enforcement agencies are using Kaspersky? Highly disappointed with Kaspersky. Great product, but patches and version releases are way behind the industry norm. And yes, I've reported the issue with Netmotion early on when KES10 SP1 MR2 was released and from the forum I see several folks have incidents submitted.
  19. This behaviour is not as easy to capture as I thought. It appears to be happening intermittently, not always on hibernation. I'm going to hold off for the MR3 beta testing to include the Netmotion fixes, as I suspect it might be related to Netmotion.
  20. I've noticed this issue since MR2 (on both Win7 and Win10 Pro) but seems to persist with the MR3 beta. Any application takes 20 seconds or more to launch. This behaviour is more noticeable after resuming from hibernation. This issue isn't isolated to 1 machine. I have a IT engineer in another department with 10 brand new Intel NUCs running Win10 Pro and the MR2 client seeing the same thing. On my laptop I'm also running the Netmotion client and I'm aware of the issue with Netmotion and KES10 locking up the system and the Netmotion registry fix to have Netmotion excluded from hooking itself with the avp processes. Not sure if this is a new issue or not?!
  21. You can mark it as solved. I decided to go with KES10 SP1 with the file server components only and disabled the Network Blocker. BTW, answering my own questions a reboot is not needed after installing the KES 10 SP1 client. I decided to go with KES 10 SP1 as I know there are no patches for it at the moment which will require a reboot.
  22. Any reboots after installation and any reboots after any patches that need to be installed? These are servers in a production environment so reboots aren't much of an option until maintenance windows.
  23. Are there any patches that I would need to install for KES 10 SP1 on a file server or KES 8 WSEE for that matter after installing the KES client?
  24. I will be installing on two domain controllers for the domain, both are Windows Server 2012 R2 std. Any issues I should know before hand if I install the new KES 10 SP1 for file servers? We are busy using these servers to migrate from a Novell environment and scripts and migration utilities will need to be run on them. Just want to get a better picture before I proceed.
  25. Which KES product can I install on the W2k12 domain controller? Which one should I install? KES 10 SP1, KES 10 MR1 or KES 8 WSEE? I have 5 more Windows Server 2012 R2 and Windows Server 2008 R2 servers that I need a server AV installed on. Recommendation?
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.