Jump to content

Michel-B

Members
  • Content Count

    162
  • Joined

  • Last visited

Everything posted by Michel-B

  1. Was there ever an update on this? I've just realized we're having the same issues. KES 11.0.1.90 NA 10.5.1781 KSC 11.0.0.1131 Issues on Windows 7 + Windows 10 1709, 1803 and 1809. Server 2016, no issues.
  2. KES: 11.0.1.90 KSC: 10.5.1781 Client OS: Windows 10 x64 1809 Server OS: Windows Server 2016 I'm using Application Startup Control in White List mode. This works fine, except for one thing that I cannot figure out: We have developers who create their own applications (executables mostly). Whenever they create a new version of the application, we had to add them to a category for whitelist. That's why I chose for the option to add applications to a category based on metadata I was told that this only works for applications who have been signed with a valid certificate. So we purchased one and instructed our developers to use it to sign their application. I've added the certificate to the Trusted Publishers computer stores on every client that wants to run the application. Even when I do all this, the application still gets blocked. I've created a test environment with a clean KSC and client and cannot get it to work. What am I doing wrong here?
  3. I've sent a PM with the download link to the GSI report. Please note that I had to disable protection in order to be able to run the GSI tool. I have the golden image added, but it is ignored because of that one faulty category.
  4. That's annoying, because it did in fact always work like I intended it. Until the update. Now I've tried using the "Category with content added automatically" but that fails for my. Create a new category with content automatically added Set the path to the folder and scan the folder I can see all executables added with their SHA256 hash in the conditions I add the category to the folder Executables are still not whitelisted and KES is showing the category as 'Category is not defined'. I've added the category, policy and a screenshot Test Policy.klp Auto_add_category.klc
  5. A file send to us by e-mail was blocked by Kaspersky Security 9.0 for Exchange (9.4.189.0). Anti-Virus database issued: 21-8-2018 11:36 (latest) Anti-Spam database issued: 21-8-2018 11:51 (latest) The file is blocked because of an Excel file with macro's attached. Check the attached screenshot for details. The exact same file scanned with KES 11 with the latest database is considered clean. Also, when I use your online scanning tool (Virusdesk) it comes back as clean. Why does Kaspersky for Exchange still consider it malicious, even though they both use the latest databases? For security reasons, I'd rather not share the file unless absolutely necessary.
  6. I've sent the policy and category export through a PM. Originally, this was a converted policy, but for this case I've created a brand new policy and category that I've used to testing. Those are the ones I've just sent you.
  7. Since upgrading to KES 11.0.0.6499 and KSC 10.5.1781, some Application Folder's with variables in them are no longer working, it used to work before upgrading. Can you confirm if anything has changed? We're using Application Startup Control in whitelist mode and have added a category to whitelist certain folders. This works when I use the example path: C:\Users\user01\AppData\Local\* However, when I use the following, it no longer works: %userprofile%\AppData\Local\* Has anything been changed related to using variables in folder paths?
  8. Create an installation package using the switches: /qn /norestart Also, look into device selections so you can easily see which device doesn't have the patch applied yet. For example, for Core1: (Device name="*" and Application name="Kaspersky Security 10.1 for Windows Server" and Critical update name="Kaspersky Security 10.1 for Windows Server Cumulative critical fix product core 1 (KB14306)" (not installed))
  9. For what it's worth. Core1 patch fixed all the CPU usage issues for me as well.
  10. Is this specifically for MKT's issue or could this possibly fix CPU usage issues on all Windows Servers since they've upgraded to 10.1? I'm asking because I also have several servers where K4WS suddenly uses 40-70% CPU since the upgrade.
  11. Don't mean to interfere with this topic, but I've had something similar happen a while ago where I had a broken software category. It wasn't visible in the policy or something like that, or listed as Unknown (don't know the specifics). Compare the categories in the policy to the ones you have listed under 'Application Management > Application Categories'. Even though the policy that was 'broken' wasn't the one that would've affected the software involved, it still broke the whole application control. It was for an older version, but perhaps worth checking out.
  12. Thank you. As this is a workaround, is a permanent solution being developed? I'd like to know, because msiexec.exe is a very generic and widely used process.
  13. Thanks for the reply. You are correct that this is because of self defense. When I disable it, the setup continues succesful even with all KES components enabled. I've created 2 install logs, one with self-defense (install fail) and the other without (install success). Is this something that has to be fixed by Pulse or can Kaspersky create a fix for this? pulseclient_install_logs.zip
  14. First KES is installed. After that, I try to install the VPN client with KES running. It will not install, even if I shut down KES. I can only install the VPN client when I completely uninstall KES. After installing the VPN client, I can install KES again and both will function normally. The logs were created on a clean installation of Windows 7. So: Install Windows 7 Pro x64 Update Windows completely Install KES and update, reboot Install Pulse Secure client Download new trace + GSI logs here: https://nmddrive.twc.nl/my-pub/FileLink/7fc0f6f1-a316-1336-b476-b3828e9b8be5/false
  15. I've attached the KES trace files. Also, the debuglog is created by the Pulse Secure setup. KES.10.3.0.6294_07.13_13.53_3140.GUI.log.zip debuglog.log
  16. I've never tried it this way (I've always use Update Agents or create a standalone package and use another deployment system), but can't you just add a network location as update source in the update task?
  17. No, nothing is shown. No events. But even when I turn off KES (Exit), it still fails. I have to completely uninstall KES for Pulse to install. Could it have something to do with a filter driver conflict?
  18. When KES 10.3.0.6294 is installed on a Windows 7 x64 PC, the Pulse Secure VPN client cannot be installed. The setup does a rollback halfway during the installation and the MSI fails with error 1603. When KES is shut down, it still doesn't work. Only when completely removing KES I can install the client and it works fine afterwards (with KES installed). On Windows 10, there don't seem to be any issues. You can download the latest version of Pulse Secure here: https://nmddrive.twc.nl/my-pub/FileLink/e5b6cd87-10db-30cf-c552-8dfba55a2ae2/false
  19. As with every kind of security, don't rely on a single product or feature. Solid security is built from many layers. Solely focussing on Kaspersky it would be something like this: 1. Virus comes in through a webpage of e-mail --> Mail and Web Anti-Virus 2. If not detected by previous --> Application Startup Control can make sure you cannot run scripts of executables if you're working with a whitelist 3. If not blocked by previous --> File Anti-Virus with a signature or heuristic could detect it 4. If not detected by previous, the cryptolocker is able to run --> Application Startup Control can minimize the impact the process can do on your endpoint 5. When the cryptolocker is running --> Anti-Cryptor with Untrusted Host Blocking can make sure the encryption of files on your file servers is stopped before you can do serious damage Of course it starts by minimizing the risks of malware entering your company. For example: - A decent spam/virusfilter for your e-mail solution - IPS/IDS on your gateway - Blocking unknown USB disks with Device Control or something similar If all of these mechanisms fail, you're screwed, but the chances are fairly small if implemented well. If you, however, rely just on a File Anti-Virus scanner and that component fails to catch it, you're already screwed.
  20. I think we have figured it out. We're using TPM in conjunction with Bitlocker and require a 4 digit PIN. Since the Creators Update, a 6 digit PIN is required. Source May I recommend Kaspersky changes this as well, or at least show a warning and/or provide documentation. The error codes that KES/KSC provides are very vague.
  21. Are their any known issues with Bitlocker FDE and the Windows 10 Creators Update (Redstone 2)? We're trying to setup Bitlocker full disk encryption on a HP Probook 650 G2 with Windows 10 1703. Clean install. When we reinstall the same notebook with Windows 10 Update 1607 it works without any problems. In that case, we use the exact same installation package, policy and installation procedure. The following message appears in the Kaspersky event log: Failed to prepare the system volume for encryption. KES 10.3.0.6294 (strong encryption) KSC 10.4.343
  22. Are you able to edit files on an encrypted laptop? The answer to that question is obviously yes, so the same goes for a cryptolocker.
  23. Whatever the previous latest version was. SP1 MR3. But I don't think this has anything to do anymore with the upgrade itself. It just seems that since SP2, you cannot use these variables anymore, just like you cannot and a folder path with just a \ anymore and need to add *. I have recreated the policies and categories from scratch, so they're now all new in SP2.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.