Jump to content

Michel-B

Members
  • Content Count

    162
  • Joined

  • Last visited

Everything posted by Michel-B

  1. Yet, there's no support articles that reflect this change. Other question related to this: Before I was able to use variables in the folder path. For example: %userprofile%\AppData\Local\* or %localappdata%\Microsoft\* Can you please verify if this is still supported? Executables added to the whitelist with these folder paths are not allowed anymore since upgrading to SP2.
  2. Still, if this is the solution it's unacceptable. Why has this behaviour suddenly changed?
  3. I found out something... When I add the path: C:\Program Files\ It doesn't work. However, when I add one of the following: C:\Program Files\* C:\Program Files\*.* C:\Program Files\*.exe It does work (the last one only for executables obviously). Has this changed in SP2? Because I never had to use the asterisk in SP1.
  4. Ok thanks. Would be nice to have something like that tho. For example: Last Friday with the WannaCry outbreak, I wanted to make sure Anti-Cryptor and Untrusted Host Blocking was running on all my data servers. It was enabled in the policy, but after checking them 1 by 1 I discovered on or more of the tasks wasn't started so I had to start this manually. It would probably have started again if the server was restarted, but that doesn't happen that often.
  5. How about to list clients that have a component running or not. Sometimes, tasks don't start correctly even though enabled in the policy. It doesn't happen a lot, but still. Can I check if a specific task is running on all my clients?
  6. Ok lets focus on the last issue, since the first part is clearly bugged, I'll get back to that later. A category with C:\Program Files\ and C:\Program Files (x86)\ added as Application Folders. I've also added a specific folder with an executable I use for testing just to be sure. Example: Like I said, I've changed it to notify for testing purposes, but it's still reported as blocked in notify mode.
  7. Sadly, I can't really show the previous state anymore. In the meanwhile, I deleted the categories that showed up as 'Category is not defined' in KES and tried re-adding them. In the screenshot below for example, you can see the category called KMWE Software SP1, but when I try to add this to the policy, it won't show up. I've created a new blank category named KMWE Software (without the SP1 in the name) and that does show up, but there's no way for me to copy all the items from the old category to the new one. Now, I'm going to make it even stranger. In my SP2 policy I have removed all of my categories except for Trusted Updaters, Golden Image and a category I've created myself called Safe Folders. I've just created this category from scratch, it didn't exist before. Right now, I did change the action to Notify because I don't want to interfere with people. In the Safe Folders category I've added the folders for Program Files. Still, I'm getting all these events: This happens on a lot of clients (not sure if it's on all), and I can see the policy has been applied to these clients.
  8. This is a huge problem... I have literally hundreds of executables and scripts based on MD5 file hashes in there... Sadly, no. I do have it set to Block. I believe this is a bug in KSC that's been around for a while now. Please refer to this topic where a similar issue occured: https://forum.kaspersky.com/index.php?showtopic=326757 I see now that, when I add a faulting category to a rule, the rule's name is displayed as 'Category is not defined' in KES and then breaks the entire module. I also get the notification when the policy is applied: Event type: Task settings error. Settings not applied
  9. I've upgraded my KSC to 10.4.343 and now have issues with Application Startup Control. I understand this part has some significant changes to it and I had to recreate the policy, which is fine. The Application Categories I created did migrate to the new version so I used those when I built my new policy. Now it turns out the whole component simply isn't working anymore because of some categories I've added. I'm using a White List setup but everything was whitelisted. Even executables and script that actually HIT the default deny rule were allowed. How is this possible? And how do I use the categories I've created in the earlier versions? I suspect it has something to do with the fact I'm using a MD5 file hash as a condition, is this correct? If that's the case, I have a serious problem. I have hundreds of files added to my whitelist for this one company based on the MD5 file hash.
  10. Isn't using a designated update agent per branch an option here?
  11. No relevant changes to the infrastructure. I've also just deleted the task and recreated it, but it doesn't help. I keep seeing errors like: Error verifying file signature 'http://dnl-18.geo.kaspersky.com/updates/kas5/data.check.keb' The tasks eventually completes, but I would like to have this fixed. What is KAS5 anyway?
  12. Ever since upgrading my KSC to SP2, the repository update task finishes with the following errors: I'm assuming the 1st error causes the second one. What is this and why is it failing? The settings in my task are set to Autodetect updates list. KSC version 10.4.343
  13. You can just extract it from the KES10 package: http://support.kaspersky.com/kes10wks#downloads The file is called aes_encryption_module.msi and you can use that file to create an installation package in the KSC.
  14. If you run a different tool to calculate the MD5/SHA1 hash values, do they actually match the ones listed in your application category? You can also add a file based on publisher or something, that's what I usually do to catch multiple versions of the file.
  15. I've already sent this before, here's the newest one. Not much has changed really...
  16. Check the inbox, I've sent the traces. As for the default deny; I've added categories with software I allo to run and switch their status to 'On', whereas I switched the states to 'Off' for the "Allow All".
  17. Could you please explain how I create a category that only includes .tmp files in a users Appdata\Local\Temp? I thought this wasn't possible. Please not that the files names are not the same every time.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.