Jump to content

FLTech

Members
  • Content Count

    63
  • Joined

  • Last visited

About FLTech

  • Rank
    Candidate

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Haha sry, I was in the wrong forum today. ha This is Kaspersky :-) You will find that Kaspersky A/V built in categories database are very basic and lacking. More something a home user might use. Same with their ability to spot phishing sites. I don't believe you need the decrypt in Palo Alto to block what you need. That is mostly for looking inside the datastream for users leaking credit cards, social security numbers, or other sensitive data. We are doing very well with Palo Alto blocking proxy URL categories. The rare ones you find that are not URL categorized correctly, you submit to Palo Alto and they fix usually within 24 hrs. But there is also a whole group of Proxy applications that can be filtered with Palo Alto. Those are not URL based. They could be proxy apps running on a computer and PA can find those as well by blocking the various proxy apps in PA (not the URL categories). Good luck.
  2. Palo Alto devices can be configured to use one of the two different databases below for URL categories. If you use the 'Palo Alto database' for your filtering you can check website here: https://urlfiltering.paloaltonetworks.com If you use the 'Brightcloud database' for your filtering you can check websites here: https://www.brightcloud.com/tools/url-ip-lookup.php The Palo Alto database is more accurate than the Brightcloud, so that is what we use.
  3. Yes, as I said we have been running it this way over a year.
  4. All they should need to do is exclude the detected 'Object name' General Protection Settings, Scan Exclusions and Trusted Zones, Scan exclusions, Add, Object Name. not-a-virus:RemoteAdmin.Win32.WinVNC.mx Protection components: Any
  5. The correct answer is this: Use the same DNS address for both internal and external connections to Kaspersky security center. For instance, your inside computers see av.yourdomain.com as a private IP. You create an external DNS entry for your public domain to resolve the same DNS name av.yourdomain.com . It will resolve to your firewall IP. You port the 13000 through your firewall to the Kaspersky administration server. We have it running like this for over a year. The only risk would be if a hacker was somehow able to hack the Kaspersky open port and gain access to the Kaspersky server. I don't know how much of a risk that is in reality. By using the DNS in this way, computers can move from inside the network to outside with no need to change any settings.
  6. Sounds like you aren't installing your required microsoft patches? https://support.kaspersky.com/13698
  7. Depends on what you are trying to prevent. Kaspersky can block access to usb drives, CDs, wifi, ect. It's called 'Device Control' in your policy. Encryption does more but that gets much more difficult to manage. Your corp firewall may also have DLP features.
  8. FYI: The 'System Watcher' option is supposed to be the part of Kaspersky that protects against Ransomware. Make sure it is always enabled in your policies. Keep all other settings default as much as possible. But be aware that you have to keep your computers updated with Windows updates as well. If you don't keep computers updated with Windows updates you greatly increase chances your computers can get infected.
  9. Have you tried removing defender from Windows rolls and features?
  10. Need to be able to set computer status to Critical (or) warning if this error is found in the dat update task: Not all components were updated
  11. Applications Registry: 'Applications Registry' is items Kaspersky sees in your workstations control panel, add/remove programs. Microsoft does not put the SCCM client in the users add/remove programs so Kaspersky will never see it there. Microsoft doesn't want users removing the SCCM client so they don't put it in the add/remove program list. This is not a Kaspersky issue. Executable files: Kaspersky scans your workstations for exe files on the C: drive. It may or may not show manufacturer details that it can see about the exe file. That is a separate list. It is not add/remove programs. It is the exe files found on your hard drive.
  12. When you see the duplicates you delete the one that connected days ago. That is the bad one. You will also notice the good one has the agent running (green). Don't manually add the computer in KSC, agent will add computer name to KSC database if the agent installer is configure to connect to KSC.
  13. We use the business product. If there are new phishing emails Kaspersky business does not know about them and does not block the phishing website links in them. But to be fair, no A/V product from any vendor blocks new phishing email web links. Dual factor email login is the only way to keep dumb email users safe.
  14. Auto tag rules. Try application registry option. https://support.kaspersky.com/13690#block1
  15. You should use device moving rules instead. Under Advanced, Network Poll, Actions, Set up rules of device moving to administration groups. The rules you create will find computers per your requirements and put them in the groups you define. The Kaspersky agent needs to first be on a computer before Kaspersky knows much about a computer however. Sorting by Kaspersky version does not appear to be available, but maybe you can create tags to do the sorting.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.