Jump to content

RichardLong

Members
  • Content Count

    10
  • Joined

  • Last visited

About RichardLong

  • Rank
    Candidate
  1. RichardLong

    KES 10 SP2 - Restart request

    Again, I think todd has said it very well. We understand the need to update these components, but this cannot happen as part of a task we run many times per day. We had our agent set up similarly to his description for the same reason, but have always scheduled and deployed our upgrades/updates in ways which the agent's message and restart would never be triggered. I'm thoroughly pleased with the efficacy of Kaspersky's protection, but this decision and action has really ruined several people's day, and that is just in our office. I can't imagine how many other KES admins out there that aren't participating in the forum had the same experience. Please, for the sanity of the administrators and our users, make these types of updates into patches we can integrate into our change management processes.
  2. RichardLong

    KES 10 SP2 - Restart request

    I agree with todd and others, this is not a consumer version and there are expectations in the corporate world that we can notify users (and more importantly, management) in advance of a forced reboot. Most of our users have never seen a Kaspersky message and have been flooding the internal help desk with calls. This is the type of change that should be made in approved updates and not routine daily detection databases. We need an explicit option or recommended configuration to prevent this kind of behavior. The log files should be unnecessary since Kaspersky knows (or should know) exactly what it is pushing. There's too much going on with Kaspersky in the news to have this literally thrown in every executive's face. There are going to be a lot of questions today and blaming the vendor rarely is acceptable in many organizations. I've already been on defense with Kaspersky internally and this 'expected behavior' is not helping.
  3. I hate to jump into a conversation, but am I reading correctly that KSC/KES users cannot expect the Application Control module to block any applications until 5 minutes after the workstation has started/restarted?
  4. Windows 7 SP1 Outlook 14.0.7173.5000 (32bit) as part of Office Professional Plus 2010
  5. I tried switching it to "When read" but it still behaves the same. Note that this does not occur when sending a message to myself, only when I receive one from another person.
  6. "Scan when receiving" is enabled, "Scan when reading" is disabled. Status shows Email protection is enabled. I'm not seeing any other options, please feel free to point out anything I may have overlooked. Thanks, Richard
  7. We have noticed a new behavior recently with Kaspersky Endpoint Security v10 SP1MR2 and MR3 in the last two or three weeks on Windows 7. It was not reported to me until Tuesday so tracking down the date when it started is not possible. When a user receives a signed email message with an attachment, upon opening the email in Outlook they are prompted to save changes to signed messages. The dialog box message is "You have changed this message. If you save the changes, the message will no longer be digitally signed. Do you want to save the changes?" Normally this is expected only after an email is opened, and something has changed (such as expanding a distribution list). After opening and closing the message, reopening the message does not prompt the user again, most of the time. We disabled the KES Outlook plugin and the behavior stopped, however due to our user base I have reverted the configuration to use the plugin as running without it is too risky. All of our users that receive signed messages have been experiencing this for the last two or three weeks. No configuration changes have been made recently. Our configuration for Mail Antivirus is as follows: Custom -General ----Incoming messages only ----POP3/SMTP/NNTP/IMAP traffic ----Additional: Microsoft Office Outlook plug-in ----Scan attached archives -Attachment Filter ----Rename specified attachment types (skipping listing these) -Additional ----Heuristic Analysis - Medium scan Is anyone else experiencing this? Is there something obviously wrong with my current configuration? Thanks, Richard
  8. RichardLong

    Vulnerability Assessment & Patch Management

    This is actually a very good topic for my organization. 1 - Our internal patching is geared entirely towards Microsoft Updates. We are currently very, very behind on third party software. KSC is the only viewpoint I have (security team) into how bad our patching actually is, and provides a good cross-check for the SCCM results for MS Patches 2 - Please, change the Vulnerabilities report. I would like to see CVE, KB, or other vendor-specific details in the report, as well as having the ability to click on a KLA vulnerability link and see actual information on the vulnerability. Currently if I click a "KLA" link it just opens the exact same report in my default web browser. This complaint extends to malware detections as well, if I click on a detection name I don't want another report, I want information on the malware. In the documentation it refers to the Virus Encyclopedia but I have yet to find it. (See KSC 10.3.407, English, editing a KES v10SP1MR2 policy, General Protection, Exclusions, Add, Object name. It is very possible I'm an idiot on the Virus Encyclopedia and missing something, but the Help instructions don't provide a link or describe what part of the object name is important) 3 - A report without an entry for every single machine would be appreciated. I have created a custom report that basically has no Details section, but for our day to day reporting I just need the raw numbers on how many machines have which CVEs (a CVSS base score would also be very useful). It is hard to understand exactly what is being shown without taking the results as raw input and doing a lot of unnecessary research and manipulation. 4 - For software that is widely distributed and tends to have a large amount of version spread on a substantially sized network (with poor patch management and software installation policies), such as Adobe Reader or Flash, please give us the data views to say to our bosses 'on our #### systems, ### have critical Adobe Flash vulnerabilities, with an average of ## critical, ## high, and ### low per affected system across all versions of the software.' Currently I have to dig through way too much external information to say how many issues are from Flash (or Acrobat, or whatever) as each vulnerability is a separate line item, and each version of the software is a separate set of line items, and each system affected is yet another line item. There are literally over 17000 lines in the detail report (yes, we suck at patching). I have no way to determine which ones are overlapping. This is a nightmare for me. 5 - On the software inventory, link back the vulnerability data as described in #4. 6 - I don't foresee us pushing patches with KSC due to internal politics, but I would if they'd let me. Other's descriptions of how medium and large shops already have something in place for this... That's great for them, but in my experience not all of them do. Having this capability (even if it isn't a full blown feature) could be very useful for the odds and ends that the MS/SCCM guys don't want to touch. Thanks for everything so far, I have my gripes about some fairly minor things but overall I am continuously pleased with the KSC/KES v10 for business. We use a lot of the features and having it on one console makes it easy for a small security team to (attempt to) manage a lot of responsibilities (e.g. malware protection and USB device control) that would normally end up being spread to other groups within IT. As a last note, and I submitted this under the previous request for ideas.. Please, let us turn off the complaint buttons on policy popups. Seriously.
  9. I would really like to have the option to remove the "Complain" links found in user messages (specifically Device Control popups, but I'd like to see all of them gone). If a user would like to lodge an objection in our organization, they must contact our Help Desk by entering a Service Request via an internal website or by telephone. We do not want them to see a Complain link as we will not act on requests submitted in that fashion. Also, I'd like to be able to suppress the scanning progress/results from popping up after inserting a removable disk (we perform a quick scan on every insertion). The user doesn't need to know that it is being scanned unless there is a malware detection. For Full Disk Encryption, I'd like to see a better looking power-on UI. We currently use Sophos which has a pretty slick interface to enter the domain/username/password, and we'd like to migrate to Kaspersky's FDE but the UI is not acceptable to our upper management.
×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.