Jump to content

MikeL

Members
  • Content Count

    175
  • Joined

  • Last visited

Posts posted by MikeL


  1. 9 hours ago, technikarc said:

    Correction:

    the path's must be in C:\Windows\*; C:\Program Files\* or C:\Program Files (x86)\* formats. Otherwise they do not work for subfolders.

    This kind of network protection solution (when ASC is running in whitelist mode) can be effective on recently discussed ransomware because user can't run any other executable or script. Correct me if I'm wrong.

    Just wanted to say thank you for pointing out the * in the path for excluding subfolders.  Even KL didn't know this when I created a ticket regarding subfolders exclusions not working.


  2. 18 hours ago, Nikolay Arinchev said:

    Hi,

    Please collect KES traces while this issue reoccurs,

    Since traces are too large to be attached to the forum, please use any file sharing resource and provide us with a link.

    Thank you!

    Hi Nikolay,

    I created a Support Request via the Company Account and have attached the trace logs in the case.

    Request ID: INC000008137630


  3. Path conditions don't seem to work at all in KES10SP2 (10.3.0.6294) since day one of release. I was hoping it would be fixed by now, but it still hasn't. For example, if I have a category created with the following path set as an condition to allow, it still blocks all file startup in the folder:

    C:\Executables\

    Is this a known issue? Is there a patch to fix this, or some other known work around?

    Thanks


  4. I've got KSC 10 SP2 MR1 and KES 10 SP2. All existing categories that exist with MD5 hashes don't work on KES10SP2 Application Startup Control. Is there an easy way to convert these existing categories to new categories with SHA-256 hashes so that Application Startup Control can work without having the create new categories from scratch?

     

    Thanks


  5. As I understood You found this plugin in registry, and deleted this. And then installed again.

    Is it correct?

     

    Originally I attempted to just delete the registry entry for the plugin, then reinstall it, but this didn't work. Afterwards, I attempted to uninstall KSC Console, then reinstall, which didn't work either. So after this, I tried to do a hack job at copying the plugin folder and the plugin registry settings from the KSC server to the KSC Console computer, but this didn't resolve the issue. Then I took the uninstall string for that plugin from the imported registry settings "msiexec.exe /x{CDFB0ED9-B553-4212-82DB-F244E8F39487} /qb", uninstalled the plugin, then reinstalled it. This seemed to have resolved the problem.


  6. I just got the issue resolved. I took the Plugin registry settings from the KSC server, imported them into the KSC Console client, used the uninstall string for the problematic plugin, uninstalling it. Then reinstalled the plugin successfully.

     

    There were a few little "try this, try that" attempts at trying various things between, but in the end, that's basically what happened.


  7. Hello.

     

    Please clarify what kind of installation you did (upgrade or clean), what distribution you used, and whether you have an entry for KES SP1 in

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\28\Plugins]

     

    This was an upgrade. I see a plugin for "Kaspersky Endpoint Security 10 Service Pack 1 for Windows Console Plug-in". Should I delete it, then reinstall the installation again?


  8. Please check in the properties of the KSC if this plugin is already installed.

     

    It will be installed during installation of the KSC.

     

    The only plugins installed are:

     

    "Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition 8.0.1.923"

    "Kaspersky Endpoint Security 10 for Windows 10.1.0.867"

    "Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows 10.2.1.23"

    "Kaspersky Endpoint Security 10 Service Pack 1 for Mobile 10.5.111.454"

    "Kaspersky Endpoint Security 8 for Windows 8.1.0.1042"

    "Kaspersky Security Center Administration Server 10.2.434"

    "Kaspersky Security Center Network Agent 10.2.434"

    "Management of iOS-based mobile devices 10.1.254.0"

    "Managing mobile devices via Exchange server 10.1.249.0"

     


  9. We are currently using KES 10 MR1 and wanting to use the Hardware Registry report but, the data is returning incorrectly. Are there any patches or hot fixs for this issue.

    In computer selections if you specify a certain hardware type the query returns all instead of the specific hardware. Example (Dell Latitude 5540) will return ALL Dell Latitudes

    Thx

     

    Try putting your query in quotes. That seems to help for me in some cases.


  10. Hello!

     

    This issue is currently solved by PF_349.

    To get this patch please kindly submit the request for TS and tell us the number of this request.

     

    This patch can be applied to KES10 MR1 only.

     

    Thank you!

     

    Hi, can I get the patch? I contacted support about a somewhat similar issue, and was given a PF_338 which didn't resolve myissue. I'd like to try this patch.

     

    INC000003001195

     

    Thanks


  11. Security Center version 10.1.249

    Netagent Version 10.1.249

    Operating System Windows 8.1

     

    show all the PC (Windows XP,Vista,Windows 7,Windows 8)s in the network when we create a filter rule for Windows 8.1 PCs in the Computer selection list.

     

    Screen Captures are attached.

     

    This seems to be fixed for me with Patch A. I had the issue with 10.1.249, but resolved it after applying Patch A and recreating the filter rule.


  12. I get the below informational event logged every 5 seconds, even after adding an exclusion. It's filling up the logs with the same reported event. Any help would be appreciated.

     

     

    Event name Information about detected object

    Severity: Info

    Application: Kaspersky Endpoint Security 10 Maintenance Release 1 for Windows

    Version number: 10.2.1.23

    Task name: File Anti-Virus

    Time: Thursday, February 06, 2014 10:34:59 AM

    Virtual Server name:

    Description: Event type: Information about detected object

    Application\Name: Windows Explorer

    Application\Path: c:\windows\

    Application\Process ID: 3764

    Component: File Anti-Virus

    Result\Description: Detected

    Result\Type: Legal software that can be used by criminals to damage your computer or personal data

    Result\Name: not-a-virus:RemoteAdmin.Win32.WinVNC.agl

    Result\Threat level: Low

    Result\Precision: Exactly

    Object: C:\Program Files\ultravnc\winvnc.exe

    Object\Type: File

    Object\Path: C:\Program Files\ultravnc\

    Object\Name: winvnc.exe

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.