Jump to content

Michel-B

Members
  • Content Count

    161
  • Joined

  • Last visited

About Michel-B

  • Rank
    Cadet

Recent Profile Visitors

276 profile views
  1. KES: 11.0.1.90 KSC: 10.5.1781 Client OS: Windows 10 x64 1809 Server OS: Windows Server 2016 I'm using Application Startup Control in White List mode. This works fine, except for one thing that I cannot figure out: We have developers who create their own applications (executables mostly). Whenever they create a new version of the application, we had to add them to a category for whitelist. That's why I chose for the option to add applications to a category based on metadata I was told that this only works for applications who have been signed with a valid certificate. So we purchased one and instructed our developers to use it to sign their application. I've added the certificate to the Trusted Publishers computer stores on every client that wants to run the application. Even when I do all this, the application still gets blocked. I've created a test environment with a clean KSC and client and cannot get it to work. What am I doing wrong here?
  2. I've sent a PM with the download link to the GSI report. Please note that I had to disable protection in order to be able to run the GSI tool. I have the golden image added, but it is ignored because of that one faulty category.
  3. That's annoying, because it did in fact always work like I intended it. Until the update. Now I've tried using the "Category with content added automatically" but that fails for my. Create a new category with content automatically added Set the path to the folder and scan the folder I can see all executables added with their SHA256 hash in the conditions I add the category to the folder Executables are still not whitelisted and KES is showing the category as 'Category is not defined'. I've added the category, policy and a screenshot Test Policy.klp Auto_add_category.klc
  4. A file send to us by e-mail was blocked by Kaspersky Security 9.0 for Exchange (9.4.189.0). Anti-Virus database issued: 21-8-2018 11:36 (latest) Anti-Spam database issued: 21-8-2018 11:51 (latest) The file is blocked because of an Excel file with macro's attached. Check the attached screenshot for details. The exact same file scanned with KES 11 with the latest database is considered clean. Also, when I use your online scanning tool (Virusdesk) it comes back as clean. Why does Kaspersky for Exchange still consider it malicious, even though they both use the latest databases? For security reasons, I'd rather not share the file unless absolutely necessary.
  5. I've sent the policy and category export through a PM. Originally, this was a converted policy, but for this case I've created a brand new policy and category that I've used to testing. Those are the ones I've just sent you.
  6. Since upgrading to KES 11.0.0.6499 and KSC 10.5.1781, some Application Folder's with variables in them are no longer working, it used to work before upgrading. Can you confirm if anything has changed? We're using Application Startup Control in whitelist mode and have added a category to whitelist certain folders. This works when I use the example path: C:\Users\user01\AppData\Local\* However, when I use the following, it no longer works: %userprofile%\AppData\Local\* Has anything been changed related to using variables in folder paths?
  7. Create an installation package using the switches: /qn /norestart Also, look into device selections so you can easily see which device doesn't have the patch applied yet. For example, for Core1: (Device name="*" and Application name="Kaspersky Security 10.1 for Windows Server" and Critical update name="Kaspersky Security 10.1 for Windows Server Cumulative critical fix product core 1 (KB14306)" (not installed))
  8. For what it's worth. Core1 patch fixed all the CPU usage issues for me as well.
  9. Is this specifically for MKT's issue or could this possibly fix CPU usage issues on all Windows Servers since they've upgraded to 10.1? I'm asking because I also have several servers where K4WS suddenly uses 40-70% CPU since the upgrade.
  10. Don't mean to interfere with this topic, but I've had something similar happen a while ago where I had a broken software category. It wasn't visible in the policy or something like that, or listed as Unknown (don't know the specifics). Compare the categories in the policy to the ones you have listed under 'Application Management > Application Categories'. Even though the policy that was 'broken' wasn't the one that would've affected the software involved, it still broke the whole application control. It was for an older version, but perhaps worth checking out.
  11. Thank you. As this is a workaround, is a permanent solution being developed? I'd like to know, because msiexec.exe is a very generic and widely used process.
  12. Thanks for the reply. You are correct that this is because of self defense. When I disable it, the setup continues succesful even with all KES components enabled. I've created 2 install logs, one with self-defense (install fail) and the other without (install success). Is this something that has to be fixed by Pulse or can Kaspersky create a fix for this? pulseclient_install_logs.zip
  13. First KES is installed. After that, I try to install the VPN client with KES running. It will not install, even if I shut down KES. I can only install the VPN client when I completely uninstall KES. After installing the VPN client, I can install KES again and both will function normally. The logs were created on a clean installation of Windows 7. So: Install Windows 7 Pro x64 Update Windows completely Install KES and update, reboot Install Pulse Secure client Download new trace + GSI logs here: https://nmddrive.twc.nl/my-pub/FileLink/7fc0f6f1-a316-1336-b476-b3828e9b8be5/false
  14. I've attached the KES trace files. Also, the debuglog is created by the Pulse Secure setup. KES.10.3.0.6294_07.13_13.53_3140.GUI.log.zip debuglog.log
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.