Jump to content

Michel-B

Members
  • Content Count

    162
  • Joined

  • Last visited

Everything posted by Michel-B

  1. I did find the process that generates the temp files. I've added that executable to the Trusted Zone as well, but that doesn't help either. Why would Application Startup Control specifically block .tmp files anway?
  2. I guess, but I'm not sure. It's the main process to start the application and the files get generated upon launch. I'd have to try and find out to know for sure but that's not easy.
  3. I have, but it didn't help. Out of curiosity; does the Trusted Zone have any relation to the Application Startup Control.
  4. KES SP1 MR3 - 10.2.5.3201 KSC - 10.3.407 When start the program "DMP ProX Manufacturing", it creates .tmp files in de users local temp folder (C:\Users\username\AppData\Local\Temp\). These files are blocked by Application Startup Control. I can't whitelist them based on hash because they are different files every time. I don't want to whitelist the entire Temp folder because that creates a huge security risk. How can I solve this? Trace files
  5. Can we make this a suggestion to change in an upcoming release?
  6. I can do that and it would work, but that's a problem. I'm going to encrypt 150 notebooks which is going to take a while, because not every notebook will always be at the office. If it takes, say, 3 weeks, I have to disable the password for these 3 weeks which is just a major security issue. Is there no other way to fix this?
  7. KSC 10.3.407 KES 10.2.4.674 Encryption Module (256b) 1.1.0.73
  8. I have about 150 notebooks with KES policies that enforce a password on the application. Now I want to enable FDE so I've installed the encryption module and want to enable it using a task. This doesn't work, because of the password I enforce in the policy, I receive the Application Content Modification Error. I don't want to disable the password on all these laptops, is there any way I can still enable the Encryption Module?
  9. I'll see if I can test it some more, because that's basically what I did. Although I first removed KES + Agent and then the device from the portal, but still.
  10. It's working after I've created a new user, waited a little while and then send an invite and install. What would be the correct procedure for removing and re-adding a Windows PC, to the same user account?
  11. I can't speak for Kaspersky, but here's my thought. Anti-cryptor is only available on Kaspersky Security 10 for Windows Server (technically, it's not KES) and it monitors shares only. I think the idea behind this is that the regular protection like the ones found in, for example, KES would pick up the cryptor as malware and prevent it from running. When it's not able to do that, anti-cryptor is like a last resort because it merely detects possibly malicious encryption events. It doesn't really do anything with that, but utilizes the 'Untrusted Hosts Blocking' to disconnect and block the client from that server. I personally don't understand why the detection mechanism used by anti-cryptor cannot be implemented in regular anti-virus, but perhaps someone with deeper knowledge can explain.
  12. The following error occurs on a HP Zbook 17 G2 with Windows 10 1511 when enabling FDE using KES 10.2.4.674. Event type: Error encrypting/decrypting device Action: Encryption Reason: Device is incompatible with authentication agent Device\Device name: LITEON CX1-JB256-HP Device\Device ID: 00523431G1DT Device\Device type: Hard drive Encryption type: Encryption of hard drives User: NT AUTHORITY\SYSTEM (System user)
  13. I've created a new user a few days ago, waited a day and then send an invitation to this user. I've used that invitation to install KES on my PC. This at least 3 days ago. It still doesn't show up under my devices.
  14. Here we go. E-mail received from event - I highlighted the computer name issue, empty domain and wrong timezone. Same event, as seen in the portal - Highlighted the event and circled the difference in timezone.
  15. Cloud uses Network Agent 10.3.428 whereas the latest version for on-premise installations is 10.3.407 as far as I know. So I doubt that would be possible right now.
  16. All the info should be in the 2 screenshots in the bottom of my first post. Could you please clarify what more you would like? The first one is a screenshot from the e-mail notification I received, the second one is the event overview in the portal.
  17. I've enabled a bunch of events for my Android phone for testing, and I receive the following info: A few things: - I see 'samsung SM-G920F' as computer name. I have no clue which device this is if I have 30 users that all have the same type of phone. It would be nice to at least show the user that the device is registered to. - "in the domain ....." is empty, Android/iOS devices won't ever be connected to a domain I guess - Minor things: it says "happened on computer", but in this case it would be better to call it a "device" rather than a "computer". - Time zone settings difference in emailed events vs event overview in the portal.
  18. It would be nice if you have a checkbox or second button that allows for locating without locking. Say a device gets stolen and I want to know where it is, I can imagine I don't want to alert anyone who has the device that we can remotely control it, because they might just turn it off. If I do want to lock it, there's always the 'Lock' button I can press as well. But, that's just me. Don't know how other people feel about it.
  19. It seems to work now. By the way: Is it normal that, when you Locate a device, it gets locked and you need to unlock it with the 'Unlock code'? Is there a way to disable this? I can imagine that, in some cases, you want to locate a phone without locking it.
  20. Windows. Android seems to be working fine now after you told me to remove it from the recycle bin.
  21. This button doesn't reallt seem to do anything, correct? I've used this on a user and even though the user does get flagged as 'Admin', it doesn't receive an email to register on the portal.
  22. I reset the password of my admin account, which works well. However, after getting the page that confirms the password has been changed and clicking the 'Continue' button, the following error appears: Password is reset correctly however and I can login fine afterwards.
  23. Still no difference. It looks like it's connected to s023.cloud.kaspersky.com but it still doesn't show up under 'Devices'. I feel like this may be because I had it in there before and deleted the device and reinstalled the client.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.