Jump to content

m.khorram

Members
  • Content Count

    12
  • Joined

  • Last visited

About m.khorram

  • Rank
    Candidate

Recent Profile Visitors

208 profile views
  1. Hi please check the unprocessed file and quarantine repository to check if KES is detect them as a malicious file or not . also for trouble shoot disable the web antivirus component in policy and test again.
  2. Hi probably the system that suffer from remote problems is not in the group that KES 10.2.4 policy is applied. Remember that KES by default disable remote desktop network activity. when you do not allow it in the policy and the system is not in the correct group , KES will disable RDP . in the related group and in policy tab you can see that the KES 10.2.4 is applied on the related system or not
  3. Hi When you change the server address in network agnet package it does not affect the network agent that already installed on systems. for change the connection parametr on network agent do the following steps: -1 Run a cmd -2 navigate to network agent installation folder on drive c -3 type : klmover -address server ip address like: klmover -address 192.168.1.8 this will change the connection parametr on network agent that already installed on that system if you have multiple systems that suffer from this issue you can create a batch file with the commands that we talked about it and add it on your KSC and deploy it on related systems
  4. Hi if you suffer from slow computers in scan task you can go in task propertis and checked the scan only new and changed file . with this config you will have better performance if you have suffer from slow computers on all time please check the required RAM and CPU resource for KES 10.3.0
  5. Hi clear the update repository and start the download updates to the repository on kaspersky security center. if you use firewall in your network between the server and kaspersky update server check the related policy on it . if you restricted the HTTP traffic for kasper server create a policy for it to have a full access on HTTP traffic.
  6. Thanks for your reply but why we can not see this behavior on all computers. we saw thia behavior on 3 systems only.
  7. Hi everyone We have a problem With KES (10.2.5) . our SOC team saw a suspicious activity on Kaspersky AVP.exe process the AVP.exe process was sending a HTTP traffic to a unknown IP address , after we checked that IP we realized that it is the ALIBABA IP address!!!! We captured and analyzed the packet in Microsoft network monitor and we saw a ¥¥ charecters in HTTP request and below HTTP payload in response of that IP: Html Payload: cache administrator is <A HREF="mailto:webmaster">webmaster</A>. We start a full scan task on that system but it doesn't found anything. Please check this issue ASAP
  8. Hi thank you very much the problem is solved!!!!!!!!!!!! can i ask what was the problem??? what is this file?
  9. In my preveios post i uploades the GSI logs to my gogole drive you can see it in the below link https://drive.google.com/folderview?id=0Byp...Y3VFVUxRa3diOTQ Thanks
  10. Thanks for your reply i uplodaed the KSC server , console , uldate trace logs and getsysteminfo log on my google drive account you can accsess to it with the below link: https://drive.google.com/folderview?id=0Byp...Y3VFVUxRa3diOTQ
  11. Hi everyone This is my first post in this forum. I have a serious problem in download update to the repository task on my server. after we upgrade our master and slave KSC to the version 10.4.343 the slave server cannot receive downloads from the master. the network connection between this servers is right and we can see the salve structure on the master server very well every thing looks right , the master server receive the updates from the internet correctly and can communicate with slave server. but when we start the download updates to the repository it does not start at all and after a seconds we see a waiting timeout error. we changed the update source from master administration server to the Kaspersky lab update servers but the problem still remain it is not show us any logs but the waiting time out error. we checked the windows event viewer and saw the below error: Failed to run service "Updater". #2800 EkaSMStartFailed: '1103/1.0.0.0/UP2DATE/UP2DATE_COMP_WELLKNOWN: // #1185 Object CheckResultFailedException - 0x86440015 (Unknown result code). At o:\CS AdminKit\development2\include\protection_components/service_manager.h(135) is not initialized it is seem that the task is stuck and can not run we checked the below solutions but the issue is still remain: -clear the updates in the update repository and start the task again - delete the download updates to the repository and recreate it -we login with another user that it is a kladmin member and start the task - The user account that we login to the KSC is a Full permission on up2date.exe file and folders of KSC you can see the trace logs in the attachment files. In the trace files we can see the below error: Error occurred during parsing file 'C:\ProgramData\KasperskyLab\adminkit\bases\vlns3_engine.esm': Result=0x86440015 (Service Manager's configuration contains an error(s), or it is not an xml-file) Additional information: -The operating systems of this servers is windows server 2012 -The version of the KSC on this servers is the same (The version is 10.4.343) Please check this issue ASAP we have a critical issue in our network _up2date_1103_eka.log
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.