Jump to content

Thiago Saad

KL LatAm
  • Content Count

    18
  • Joined

  • Last visited

Everything posted by Thiago Saad

  1. Update: Seems like Heuristic Analysis was disabled to Anti-cryptor task. But even turning it on, same behavior: files can be encrypted using AEScrypt and AC does not act as supposed. Manually changed the Anti-cryptor to use Heuristic Analysis and you can see the results: By the way: The policy created by the wizard of KSC leave Heuristic Analysis of Anti-cryptor disabled, by default.
  2. Hi, I'm not sure how to explain in another words. But OBK described in some other way which i share his thoughts. Steps to reproduce the issue: 1) Install KSC 2) Run Quick Start Wizard 3) Open KSC console > Go to administration server properties > Keys 4) Check that there is no key added to the Administration Server. Suggestion: Use the key or Activation code inserted at the Quick Start Wizard to activate Administration Server. Regards,
  3. Hi, Rebooted machine, restarted AC, tried once again and same result: File encrypted. Please find attached traces during tentative of encryption. kesl.576.2018-01-29T212440.7z
  4. Hi! If i understood you correctly, it is already like that, as you can see on the image. I did not change anything. Can you please explain in another way if i misunderstood? getfacl.txt ls.txt
  5. Environment: Ubuntu 17.10 64bits KESL-Beta: 10.1.0-46 64bits pkg. 1) Updated AV DB using a group task from KSC but to retrieve updates from KL Servers. 2) Copied files to desktop to force detection Conclusion: Detects and take action either using AV Databases and KSN as you can see attached.
  6. Hi Ivan, Done the steps you recommended with no success: 1) AC is started as you can see on collect.tar.gz 2) Iptables rules are different from yours, but if i'm not wrong this is about HB not AC. Please correct me if i'm wrong and the AC relies on the firewall. 3) Done 4) Did not create file with the same name but the same extension. As you can see attached. Please find attached Traces at DBG lvl during tentative or successful encryption (inside the collect), smb.conf, a new collect and also screenshot of the encrypted files. Achb.7z
  7. Hi, I would like to suggest a improvement do KSC 10.5: It is very common that new users of KSC, at the deployment moment, they go through the Quick start wizard and think they actually have activated the Administration server. But the point is: Even though you check: Automatic distribution of the key, the Administration Server itself don't receive the key and the quick start wizard does not help you doing that. B.R.
  8. Yes, my bad. That hostname was specified in the installation of KSC and then i changed the hostname. Everything is working as expected. Thanks
  9. Hi, Steps done: 1) Make sure KESL is removed and have root permission. 2) Install KES 3) Run postinstall and see that there is no prompt for using GUI How can i proceed in that case? Thanks
  10. Hi, I had a situation where i was deploying KESL from the KSC and i could see that my VM had some spikes when downloading packages because of my ISP instability and I could see that some required packages for GUI had been installed, while some others had not. Because of that issue, final result is that i don't have GUI installed in my VM. Tried reinstalling the product manually with dpkg -i kesl-beta and then running post-install.pl with no success. On the release notes the required packages does not cover scenario where anti-cryptor neither GUI will be used, like if the computer has no access to the internet. Can you please update what is the exactly packages needed for the GUI? Currently the error is: collect.tar.gz
  11. Thanks for the provided files: I deployed KLN 64b to Ubuntu 17.10 through KSC 10.5 RC with success. 1) Followed the steps, described at the pages 341 and 341 of admin guide: https://docs.s.kaspersky-labs.com/english/kasp10.0_sc_admguideen.pdf 2) Created a new installation package at KSC with provided files along the klnagent64 .deb pkg 3) Changed the Server Address at Connection 4) Deployed the installation task 5) Task completed with no errors. Note: Was not provided the ss_install.ini but KSC managed to create it. Problem: Not sure if is expected or not and KSC team knows it, but once you import the .kud, instead of grabbing the Administration Server hostname or ip, it always goes with: KL-TEST-LAB As you can see:
  12. Hi Nikolay, Anti-cryptor task is running after installing NFS-server and dependencies: keyutils{a} libnfsidmap2{a} libtirpc1{a} nfs-common{a} nfs-kernel-server rpcbind{a}. But seems like it is not protecting SMB shares. Please find attached traces 300 during an successful tentative of encrypting file using AEScrypt. Also a new collect. Thanks, collect.tar.gz kesl.661.2018-01-09T201638.log
  13. Hi Dmitry, No, NFS Server is not installed nor configured. Can you please tell me what are the requirement for Anti-cryptor? I just followed the installation requisites on the release notes. Software requirements: 1. Supported operating systems: 32-bit operating systems: * CentOS-6.9; * Debian GNU/Linux 8.9; 64-bit operating systems: * Red Hat® Enterprise Linux® 7.4 * CentOS-6.9 * Ubuntu Server 16.04 LTS * Ubuntu Server 17.10 LTS * Debian GNU/Linux 8.9 * Debian GNU/Linux 9.2 * openSUSE® 42.3 2. Perl interpreter: version 5.10 or higher (www.perl.org) 3. Installed Which utility 4. Installed packages for compiling applications (gcc, binutils, glibc, glibc-devel, make, ld), source code for the operating system kernel – for compiling modules of Kaspersky Endpoint Security 10 for Linux Beta, in operating systems that do not support fanotify. 5. Kaspersky Endpoint Security 10 for Linux Beta is compatible with Kaspersky Security Center 10 SP1 and Kaspersky Security Center 10 SP2. To ensure proper functioning of the Kaspersky Endpoint Security 10 for Linux Beta administration plug-in, Microsoft Visual C++ 2015 Redistributable Update 3 RC (https://www.microsoft.com/en-us/download/details.aspx?id=52685) must be installed. Thanks in advance,
  14. You can have more information in this link: https://forum.kaspersky.com/index.php?/topic/383377-general-information/ The following information is found inside the release_notes but basically you need to use this procedure: *Make sure to download the respective package to match the architecture of your Operating System. And of course, follow the above post's recommendation, as it was mentioned, the experts does not speak French. Installing the application -------------------------------------------------------------------------------- Installation: To install the application in Linux, run the following commands: - For 32-bit operating systems: - For systems using RPM: # rpm -i kesl-10.1.0-46.i386.rpm # /opt/kaspersky/kesl/bin/kesl-setup.pl # rpm -i klnagent-10.5.1-7.i386.rpm # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl - For systems using dpkg: # dpkg -i kesl_10.1.0-46_i386.deb # /opt/kaspersky/kesl/bin/kesl-setup.pl # dpkg -i klnagent_10.5.1-7_i386.deb # /opt/kaspersky/klnagent/lib/bin/setup/postinstall.pl - For 64-bit operating systems: - For systems using RPM: # rpm -i kesl-10.1.0-46.x86_64.rpm # /opt/kaspersky/kesl/bin/kesl-setup.pl # rpm -i klnagent64-10.5.0-32.x86_64.rpm # /opt/kaspersky/klnagent64/lib/bin/setup/postinstall.pl - For systems using dpkg: # dpkg -i kesl_10.1.0-46_amd64.deb # /opt/kaspersky/kesl/bin/kesl-setup.pl # dpkg -i klnagent64_10.5.0-32_amd64.deb # /opt/kaspersky/klnagent64/lib/bin/setup/postinstall.pl
  15. Anticryptor is not working on Ubuntu 17.10 64bits Desktop. The task is stopped and manually starting it seems to have no effect. How to reproduce: 1) Install O.S. 2) Update the O.S 3) Install build-essentials 4) dpkg -i kesl 5) run kesl-setup post installation script 6) Fanotify is available and is used by KESL in my scenario 7) run chmod a+X /var/opt/kaspersky /var/opt/kaspersky/kesl 8) Install klnagent64.deb 9) Run post-install of klnagent Install samba Create a share and confirm that is reachable from other computer Try to enable anti-cryptor through local GUI, CLI: kesl-control --start-task 13 or KSC Traces 300 are collected during the tentative of starting the task. Please find traces, event.db and collect.tar.gz. collect.tar.gz New folder.zip
  16. # Subject KESL GUI Link to trace files directory is broken. #How to reproduce: Open KESL GUI > Support > Tracing Click on the link: "Open directory with trace files..." #Steps taken to troubleshoot Manually granting read permission to "other" or chmod 755 on the folder /var/log/kaspersky/kesl Regular user can browse the folder but KES GUI opens the user's folder instead the traces' folder. Or even the same user that runs KESL-GUI proccess. If you select any file from some folder, the next time you click "Open directory with trace files..." it will browse the folder which contains the file you selected previously. # System info Ubuntu 17.10 64b #Expected result: Browse the folder that was generated traces, /var/log/kaspersky/kesl
  17. After removing the key file, you cannot add it back through local interface. You will need to activate the application through CLI. (How to reproduce): 1) Open KESL SP1 GUI > Support tab > Click in the License number 2) Click the X, in order to remove the active key, press yes 3) Try to add back the key, and the option: "Add" will be grayed out. O.S: Ubuntu 17.10 Desktop 64b Collect attached. collect.tar.gz
  18. Can you please share with us, files for remote installation of KNA 10.5.1-7 through KSC? Package containing .kud, .sh, .ini, the same way as published for the KESL remote installation.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.