Jump to content

ak01

Members
  • Content count

    244
  • Joined

  • Last visited

About ak01

  • Rank
    Cadet

Recent Profile Visitors

656 profile views
  1. The two suggestions do not work, we use legacy bios (not uefi) and driver signature enforcement is disabled. However, I do not want an update right away, just a commitment that there must be an update of KES in order to update windows to 1809 (right now, we have the same issue with 1803, windows update complains about compatibility of KES10SP1MR1 and does not update until I deploy MR2 or KES11). An early information about KES updates would be interesting for us for future planning.
  2. Well in the past whenever the latest KES version worked on an insider preview, it also worked on the final one (and if it did not work, it also did not work with the final one). That’s why we test that. Don’t you have some information from microsoft concerning changes and/or don’t you test/adjust KES as soon as a new insider preview is released? We will try your suggestions.
  3. We tried to install KES11 on Win10 17661, all worked fine until we rebooted the machine. After that we got a bluescreen (at bootup) everytime we reboot ist, so the (test) PC is not usable anymore. we basically have the same problem than (but this thread talks about KIS 2018): Since we had the same problem with 1803 (insider preview) and you released MR2 for KES10SP2 to be compatible, I guess that this is another incompatibility issue: We try to always test new Win10 versions (insider previews) on separated virtual machines to make sure that Win10 will work when it gets released. These systems do not get production data (of corse) so this is just what we found out (for your information).
  4. I just want to have an export of the File/Folder- List which can be copy/pasted or used by a script (to check if that file exists).
  5. We also currently have Linux Thin Clients and this feature could be interesting for external RDP connections (for remote access).
  6. I want to basically have a list (text, not a screenshot) of all these paths. Can you tell me how this is encrypted/encoded?
  7. When I export the exclusions/trusted processes on KSWS10(.1), I get an XML file where I can for example extract all the paths and filenames to check if they still exist. When I do the same on KES Policy, I get a *.dat file which is somehow encrypted/encoded. Do you have a tool which can transform that file into a human readable format (e.g. to extract the paths and so on)?
  8. sure. I will send a personal message. I am not sure if the "removeable drives scan" (is that a task like at KES11?) does something in that case or if the real- time protection does the job (on KES, I can find the task logs but KSWS does not show any activity whithin the logs as it would do nothing). This time, after I tried to open the txt file, the real time protection found the eicar string, nevertheless the exe was found by itself (however this takes about half a minute to a minute from connecting the mass storage device until KSWS complains about eicar signature). Citrix: Can't you trigger for new \\Client\A-Z$ paths and start an automatic scan task for that path?
  9. I am using KSWS10.1 and the feature „removeable drives scan“. According to the admin guide, someone can assume that this feature only works for directly connected usb mass storage devices to the server itself (“You can configure scanning of removable drives connected to the protected server via the USB port.“). According to my post it should also be usable for mapped usb sticks within a citrix terminalserver session (stick is connected to the thin client and is mapped into the session). I set up such a test environment and put a file with the eicar signature (exe and txt Filetype) in it on a usb stick and mapped that into the session but only one time the exe File was found (and it seems that the Real-Time File Protection task found it, not the mass storage feature). It also seems that the mapping of that usb mass storage device is made differently from a local connected one (as far as it looks like within the explorer): Should this feature („removeable drives scan“) work for citrix mapped devices and why does it not find EICAR within a txt file (the policy is configured for “maximum protection”)? Real-Time Protection found the file one time (but I tested it several times): Ereignisname Infected or other object detected Priorität: Kritisches Ereignis Programm: Kaspersky Security 10.1 for Windows Server Versionsnummer: 10.1.0.622 Aufgabenname: Real-Time File Protection Gerät: SRVCXxxxxx Gruppe: Citrix Uhrzeit: 17.04.2018 10:23:29 Name des virtuellen Servers: Beschreibung: Object detected: Virus EICAR-Test-File. Object name: \\Client\D$\testvirus_eicar.com.exe. User: XX\XX
  10. I would suggest that you try to use KES11, it was released yesterday. In my case, I only test new (insider preview) versions on dedicated virtual machines, no productive use! Sometimes that shows incompatibility of software and OS but most of the time it works (released software on new OS versions). Additionally I read that Microsoft canceled/delayed the release of 1803 yesterday because of a major bug.
  11. ak01

    KSWS10.1 Tools

    PRIVACYPOLICY=1 worked with MSI, thank you.
  12. Which MSI Options (beside EULA=1) have to be used to accept privacy policy for the "client" Tools (the local MMC): Die Remote-Installation auf dem Gerät wurde mit Fehler abgeschlossen: Privacy Policy has been declined by the user. Installation of Kaspersky Security for Windows Server Server Administration Tools has been interrupted.
  13. It would be interesting to be able to block software according to the Client Hostname (of e.g. the connected thin client) and not only according to user/group. It is also important to state that this information (thin client hostname) can change since the user can reconnect an existing terminal server session with a different client (hostname). As far as I know the client hostname is stored within an environment variable on the terminal server (session). I have not found any information that application control can do this right now but it would be an interesting feature for future KSWS versions.
  14. ak01

    Scan a file with a C# program

    KES10SP2 aka Endpoint Security 10 for Windows (I think any version). What do you have?
×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.