Jump to content

yghnetadmin

Members
  • Content Count

    21
  • Joined

  • Last visited

About yghnetadmin

  • Rank
    Candidate
  1. When I upgraded KSC to 10.3.407 I upgraded all of the network agents in our organization including the VM's. I would like to stay at version 10.3.407. If that is a bad thing I'll need to downgrade to 10.1.249. I'm asking about this because the implementation guide says "To ensure optimal performance of the Light Agent component, you are advised to use Network Agent of version 10.1.249."
  2. That took care of the problem. Do I need to downgrade the Network Agent to version 10.1.249 or can I stay at version 10.3.407 to match my KSC version?
  3. I'm using KSV 3.0 Light Agent version 3.2.0.381 with SVM version 3.2.99.5024. The network agents are version 10.3.407. I have an alert that says "Databases are corrupted" but I can't update the databases. There is a task called Update but it has a status of Malfunction and it says "No update source specified." I believe this is happening on all of my virtual machines. How do I specify the update source and update the databases? Some steps I have tried are reinstalling the light agent and network agent. I've tried backing down the network agent to version 10.1.249. I've also cleared the update repository and downloaded them again.
  4. I created a category scanning the set of computers I'm testing on. I also ran the Inventory task on them. Then I went to the policy and enabled my new application startup control rule along with the Golden Image and Trusted Updaters. Then I turned off the Allow All rule. I created several more rules trying to fix the problem, but it didn't help. I created a category with condition Path To Folder = c:\Windows\Temp\ and applied it in a rule allowing NT Authority\System but deny all others. That didn't help either.
  5. One more thing I found is that if I edit the settings locally I can add a rule for uncategorized items and grant permission to System and deny to all others. This fixed the problem on my PC. I'm having trouble configuring a rule in my policy to mimic that.
  6. One more thing. The notification email I receive as an admin says: Product: Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 2 for Windows Operating system: Microsoft Windows 10 Enterprise (build 10586) Computer: PCName Domain: DomainName Notifications: Critical event: 4/8/2016 6:15:35 PM: Event type: Application startup prohibited Object\File path: c:\windows\temp\m_a3523.tmp Object\KL category: Uncategorized User: NT AUTHORITY\SYSTEM (Initiator) Rule\Category: Default Deny Rule\Rule type: Not test
  7. I'm trying to setup whitelisting with Application Startup Control and it isn't working for me. I'm using KSC 10.2.434d and KES 10.2.4.674. I turned off Allow All and added a number of rules including files I scanned for on my PC. All of the rules I created include the groups Everyone, System, Authenticated Users. I'm not having any applications blocked, just c:\windows\temp\*.tmp files and a lot of them. Here is an example: Please allow access to the executable file of the application m_a3523.tmp that has been blocked according to an Application Startup Control rule. Parameters of the executable file: Original file name: <Not defined> File path: c:\windows\temp\ Publisher: <Not defined> Product name: <Not defined> Version: <Not defined> Executable file launch attempt information: Computer name: PCName User name: NT AUTHORITY\SYSTEM Rule blocking the executable file: Default Deny Launch attempt date and time: 4/8/2016 6:15:35 PM
  8. It happened to most of the VM's. I've attached a Word document with all of the screen caps. I noted one setting that I had changed after receiving the errors. Scan_Settings.doc
  9. I have completed this for one of five hypervisors. It runs fine except for when I run the weekly full scan. It maxes out the SVM's CPU and the VM's lose connection to it. The log message says the scan "Completed with error - SVM is unavailable"
  10. I have this completed and things are working fine. Since it's not using the vShield VMTools, should I also uninstall vShield from the ESX hypervisor? I don't see it in the software requirements.
  11. So I have to remove the vShield Drivers on the VM's before migrating. Do I reinstall them after the migration is complete?
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.