Jump to content

Abissa

Members
  • Content Count

    17
  • Joined

  • Last visited

About Abissa

  • Rank
    Candidate
  1. Yes I do have concern as the last detections on that machine are from 31.05.2016 and even the next day (01.06.2016) we don't see any details on the report for that machine. This is happening consistently.
  2. they are already provided on the original post but here they are again. Virus count = 20, "View report on detected vituses" for the machine = 0. 2 screenshots, the one with virus count and the one with the report (View report on detected viruses).
  3. Hi Guys, How do I get a KSC10 report listing all the virus detections on machines for let's say the past week ? I would like to see all virus detection with the following info: Machine name, user, detection date, name of virus, path of virus, action done by KES10 etc... My issue is each time a machine has been flagged as "many viruses detected" and I right click on the machine and select view virus activity, the report is empty saying there are no detections. Same if I go to the machine properties -> Protection (see screenshot MachineProperties.JPG). It says Viruses found 20 but if I click on "view report on detected viruses" the report is empty. (see Virusreport.JPG) So I guess there is something wrong ? We use KSC10.2.434 (with patch D) Clients are on KES10 sp1 MR2 Thanks.
  4. QUOTE(Michel-B @ 29.02.2016 09:12) <{POST_SNAPBACK}> I have submitted the requested info, but seeing as 3 different people with different versions reported this issue in this topic alone, I'm assuming this is very easy to reproduce by the developers. Yes I have now submitted the incident to companysupport with Server and console Traces.
  5. QUOTE(Michel-B @ 26.02.2016 12:30) <{POST_SNAPBACK}> I'm wondering if you've ever resolved this, because I just came across the exact same issue. Using a default deny setup and since a couple of days all my custom added applications messed up and couldn't be started anymore. Quite fun when 300 people suddenly start calling about application malfunctions. Came across this topic, and realized there was a file added based on a certificate. After removing this, the category seemed to work again. KSC 10.2.434 + patch D KES 10.2.4.674 EDIT: I have a server trace file, if you want it, tell me where I can upload it. Don't wanna post it on a public forum. Don't know if there's anything interesting in it though. It just a trace of me adding a file based on cert to a category. Also created an incident: INC000005852596 I must bump this thread, certificate based category has never worked for us too since we installed KSC10 last year. Same behaviour, if I add a certificate to an existing rule, the rule get "corrupted" in the policy and it displays Category not defined. If I create a new application category and add a certificate to it, the newly created category is not displayed in the drop down list of Application Startup control policy. I have never bothered until now because we were not using this but now we will use this feature so this is an issue. Server KSC10.2.434 with patch D, using both KES10 SP1 MR1 and MR2 policies. Look forward for a resolution, it's clearly a broken feature.
  6. Perfect, so that means both option will work the same. Thanks for confirming. You can mark this as solved if needed.
  7. Dear all, What is the best practice for adding domain users to an existing encrypted machine in KSC when we use SSO (scenario being several users accessing the same machine). Right now when we setup the encryption on a machine the current Windows user is automatically added, this is fine. But what if some time later I need to add another user so he can access the same machine as well? I know my way around the "Encryption (account management)" task edition but would like more information about "password-based authentication" options, more precisely if I should select the "change password upon first authentication" or "do not require password change" options. My concern in the end is to make sure that when users have to change their Active Directory password when it expires, the Kaspersky pre-boot password gets correctly updated, and this for all users of the machine, in the SSO context. - If I select "Change password upon first authentication", I can type a dummy password in the console, and change it on the first login of the user on the machine so it matches the existing AD password. - If I select "Do not require password change" I can directly type the current AD password of the user in the console. Is there a difference between these 2 options about the behavior of the password updating later on? Will the pre-boot password get properly updated when the user changes his AD password in both cases? Thank you for your help! Best, Nicolas
  8. Thank you, I ran Microsoft Safety Scanner and it removed the threat.
  9. Hi, We received the below alert of an untreated threat and I would like to know if we can run any other KL tools to ensure the computer is clean. Is there any offline scanner we can run in Safe mode ? or any recommendation would be greatly appreciated. I believe the user ran the file. We use KES10mr1 Furthermore I can't find any description of this particular virus when I search securelist. Description : Kaspersky Security Center: Event "Disinfection impossible" happened on computer XXXXX in the domain XXXXXXXX Result: Untreated: Trojan-Downloader.Win32.Upatre.dnp User: xxxxx (Active user) Object: C:\users\xxxx\Downloads\doc_2174312-82.zip/doc_2174312-82.scr Thanks
  10. Hello, Is it possible to integrate Kaspersky with Logrhythm SIEM ? I have seen that so far KSC is supporting only ArcSight and QRadar but did anyone tried to integrate it to with this SIEM product ? Thanks.
  11. Forgot to mention in our case it would be KES10 with Security Center 10.
  12. Hello, Anyone know how to check if our KL products have been effectively patched against the 0 day vulnerability found 2 days ago by Google engineer ? http://www.theregister.co.uk/2015/09/08/kaspersky_0day/ Thanks.
  13. Yes that is correct. Even with all Kaspersky components and services stopped, the script error occurs. I uninstalled the NDIS filter as described here http://support.kaspersky.com/9990#block4 and still the script error occurs. I disabled all components and stopped all KL services in Windows and the script error is still there. And finally after uninstalling KES10 and reboot, the script runs fine again. :dash1: but reinstalling KES10 and the script error comes back. Erratum: On my original post I said that it was only when version 10.2.2.10535mr1 has been installed but it happens with 10.2.2.10535 as well.
  14. I disabled all components and policy and I'm still getting the incorrect function error. I uninstalled KES10 mr1 on the laptop and the script runs fine again. Reinstalled KES10 (10.2.2.10535) the script runs fine. Once KES10 is updated to 10.2.2.10535 (MR1), I get the script error.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.