Jump to content

twerck

Members
  • Content Count

    22
  • Joined

  • Last visited

About twerck

  • Rank
    Candidate
  1. Hi Ivan, Thanks. That confirms my belief. If I were to go this route, I'll need to create two groups with two rules that move machines between the groups based on subnets the machines are on when they check in. I'd need to have two separate Update tasks, each with a different Update Source priority (KSC vs. KL Update Servers), and associate each with a different group. That's unfortunate - I'm surprised there isn't an easier way to automate this.
  2. Hi Nikolay, So assuming I'm understanding correctly, it seems the only way I can do this within Kaspersky Security Center is by creating two subnet-based rules that move machines between groups, with different update source tasks pointed to each group?
  3. Hi Dmitry, Thanks for the response. I saw that on the linked page but figured I could get around it by creating a second rule. Assuming this is not the correct way to go about having a task assigned to a dynamically changing group of endpoints, what other methods are there to accomplish this task with KSC? I'm not sure how the use of a policy profile will address this, as what needs to change is the priority in which the endpoints will reach out for updates (via KSC or Kaspersky Lab servers) through the Update task.
  4. Hello Konstantin, Yes, thank you! This seems to be exactly what I'm looking for! One question - if I create a rule that basically says "Move all clients with an IP address on this subnet to this group", that is set to run "Permanently", what will happen when one of the clients that are moved into this group no longer has an IP address on this subnet so that it no longer matches the parameters within these? Or will I need to create a separate rule that targets all subnets but the one in the previous rule and manually list out every other subnet as there doesn't seem to be a way to target "all subnets but x"? Thank you!
  5. Hi Ivan, Thanks for the response! My concern with this method is that this site is quite busy with many mobile endpoints frequently joining and leaving its subnets, and so I'd like to find a way to have Kaspersky Security Center automatically scan these subnets to move and remove endpoints from these groups accordingly. Is that possible through this method? Thanks.
  6. Hi Konstantin, All endpoints in my environment are on KES 11.0. Kaspersky Security Center is on 10.5.1781. Thanks!
  7. We're looking to squeeze more bandwidth out of one of our major sites and I've been approached to see about configuring Kaspersky clients at this location to get their updates through the administration server (also located on-site) instead of going out and pulling updates down from the Internet. I believe the simple solution would be to update our "Update" task so that our priority update source for endpoints to pull down updates is "Kaspersky Security Center" - in my environment we currently have "Kaspersky Lab Update Servers" set as the priority, as the majority of our endpoints are located off-site. It seems that I need to separate the endpoints in this major site into their own group so that they can be targeted by the new task that prioritizes KSC as the update source. The problem is that all endpoints are in a single management group and so I'm trying to figure out a way to automatically move out endpoints located at this major site from this main group into their own group so that I can assign this new task to it. I've tested with tagging and it looks like I can "tag" a machine if it's located on a specific subnet but there doesn't seem to be a way to target "tagged" machines with a rule that would move them into their own management group. Is this possible? Is it possible to target a tag with a task?
  8. Hey Dmitry, Thanks for the response! So to confirm, if a machine has a removable device encryption policy assigned to it, and a USB printer is plugged into that machine, and an SD card is plugged into the HP printer that is plugged into the computer, Kaspersky will prompt the computer to encrypt that SD card? Thank you.
  9. Good morning Nikolay, So there have been no instances of non-data storage USB devices getting encrypted? Below is a sample of what Kaspersky has listed as USBSTOR devices. There are many HP Officejet devices as you can see and I just want to make sure that when we push this policy out, nothing other than flash drives, removable hard drives, and SD cards are encrypted. Thanks!
  10. Hey Dmitry, Thanks for that information. These articles are extremely helpful! One final question: is there any risk of Kaspersky encrypting USB devices that aren't data storage devices, like printers, smartwatches, music devices, etc.? Have there been any reported incidents? I ask because I know this is something my superiors will ask. Thank you!
  11. Hey Konstantin, I wasn't aware of this guide! Thank you for sharing it! It's exactly what I was looking for! A few questions: 1. Is this only for KES 11.1? I assume this guide also applies for 11.0 but wanted to confirm. 2. In the removable device encryption section, the guide states that encryption rules apply if the device ID and/or device model are "known". What does "known" mean in this case? If my environment has removable device encryption enforced but with no device-specific rules set up, will Kaspersky look at all devices equally and attempt to encrypt everything it sees from its "list of devices" even if they're things like printers?
  12. Hi Nikolay, I appreciate your response! My apologies - so far Kaspersky hasn't encrypted any devices yet because removable device encryption hasn't yet been enabled in our environment, but I'm concerned that Kaspersky may see these other devices as eligible for encryption if not included in some sort of whitelist policy. I wanted to confirm that I don't need to add things like printers or smartwatches into any sort of exclusionary whitelist. Since these devices register on Windows as USBSTOR devices, will they be flagged as eligible for encryption by Kaspersky or not? And if not, what are the requirements for encryption, as in how does Kaspersky determine what is eligible for encryption and what isn't if not by looking purely at the USBSTOR Device ID? All clients are on KES 11.0.0
  13. My environment is on the verge of implementing file-level removable device encryption to all Kaspersky-managed computers in my environment. I've been testing with this policy off-and-on over the past few months and have noticed that in the Custom Rules section I'm able to query basically every type of USB device that has appeared in my environment ranging from flash drives to desktop printers to SD card readers to smartwatches to music players as devices eligible for exclusion from the list of devices for encryption. This concerns me because when we enforce this policy in our environment I don't want my team getting calls from people who accidentally bricked their printer or other miscellaneous device by encrypting it through Kaspersky. Has anyone had any experience with deploying removable device encryption in their environments and if so, did you encounter this scenario with users accidentally encrypting non-portable storage media?
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.