Jump to content

MikeL

Members
  • Content Count

    175
  • Joined

  • Last visited

Everything posted by MikeL

  1. Detection of adware, spyware, etc. Severity: Warning Application: Kaspersky Anti-Virus 6.0 for Windows Workstations Version number: 6.0.3.837 Task name: File Anti-Virus Time: Wednesday, May 28, 2008 1:49:10 PM Description: File C:\Program Files\RealVNC\VNC4\WinVNC4.exe: detected riskware 'not-a-virus:RemoteAdmin.Win32.WinVNC.4'. One of them also detected wm_hooks.dll, vncviewer.exe, and vncconfig.exe with the same description as above. I had 2 workstations that detected about 475 and 505 events of this listed above from a scan ran yesterday. None of the other 41 workstations have detected this, so I'm guessing they had different definitions? I have the Admin Kit set to email me about issues like this, so I'm getting loads of emails. About 100 emails have been sent so far, which seemed to have stopped now, probably because I set a limit on emails. Is this a false positive and why did only 2 of the 43 systems detect it? Thanks
  2. Oh, forgot to include versions: Workstation Version 6.0.3.837 Server Version 6.0.3.837 Admin Kit Version 6.0.1591
  3. I'm having an issue where the network agent doesn't properly connect to the admin console to check in. Because of this, admin console reports the host is out of control, or it shows none of the services are started. If I stop the network agent service, start it back up, it connects properly. There must be something that can be done to prevent this from happening. So far, it's happened on roughly 5 different workstations, and 1 server in the last 2-3 months. Thanks, Mike
  4. It will still ask for a password. Unlocking the lock pad only allows that feature to be modified without the need of the Admin Console. The users will still be restricted the same as before.
  5. I think you have to unlock the lock pad next to the General section of the Protection policy for this to work.
  6. Not sure if this will help; Just throwing this out there as something to try... disable XP's Simple File Sharing. I know this can cause headaches with other networking tasks, so could possibly help in this case.
  7. Oops, I meant the lock next to Application Activity Analyzer feature in my last post. Removing the lock option next to this suppresses the prompts, however this prevents this part of the policy from being enforced on the workstations. According to the policy configuration and as stated before, the only thing that should prompt is the Popup Blocker; everything else is set to block/terminate/allow. Certainly there must be a way to prevent these other prompts and have the selected action work in the background.
  8. I find it strange that it's prompting, even though prompt isn't enabled. If I remove the lock option on Proactive Defense, it suppresses the prompts as well. Lock the Proactive Defense policy feature back down, and prompts appear again. Sounds like the program isn't doing what it's suppose to.
  9. Is there anyway to prevent ALL interface popups with the exception of website popup windows allowing the user to show the blocked popups. Users are getting Proactive Defense popups asking them to allow or deny, IE. installation of suspicious drivers. I'd like it to log things like this, but I don't want the user to be prompted for these types of things, however I want them to be able to allow website popup windows. Unchecking "Enable Interface Interaction" gets rid of these prompts, but doesn't allow web popups to be allowed. It only tells them a webpopup was blocked. I've tried adding the executable to the Trusted Zone, but this still didn't prevent the user prompts. Proactive Defense options are all set to block or terminate... not prompt. Any ideas on how to resolve this? Thanks, Mike
  10. This problem is happening for me as well. The difference is, all of the machines I installed KAV on were fresh installs with the latest version that is out ATM (6.0.837). So far, I've had this happen to 3 workstations within the last 1-2 months. If I check the workstation, it shows everything is running, but AdminKit reports it not. Reboot the systems, and it reports correctly. Any ideas? Thanks, Mike
  11. Added to suggestions. If anyone can think of a way to accomplish this in the current release, I'd appreciate some ideas. Maybe something along the lines of running an executable that will gather this info from the remote PC and report it to a log file of some sort. I was trying to create something with Systernals pslist, but the admin kit didn't like the .cmd file i was executing it from too much. Thanks, Mike
  12. Thanks, but i know how to find out what process has the PID. I was just curious if there's anyway to make KL Admin Kit report the actual process name rather only listing the PID. Reason being is sometimes a process with open then close immediately after, not allowing you to see what caused the event.
  13. Is there anyway to make the logs and email display the actual process name of the PID that is trying to access the restricted PID? For instance: Process (PID 3176) tried to access Kaspersky Anti-Virus process (PID 3760), but the action has been blocked by the Self-Defense component. No action on your part is necessary. Is it possible to make it list the actual .EXE filename which initiated the access attempt? Thanks, Mike
  14. After posting that last post, I may have found the solution to my problem. Opening up the policy, Events tab, clicking Properties of the item, and deselecting "On Administration Server for (days)". I'll monitor it and see if this is the fix for my issue.
  15. I just noticed that "Update Completion" and "Enabling/Disabling protection components" aren't checked for logging, yet they all show in the events log too. It's possible there are more, but that's all I've noticed so far. Any idea's on where I can look to stop these logging events? Thanks, Mike
  16. That option is unchecked. "On Administration Server" and "Notify of errors only" are the only items checked. Any other ideas? Thanks again, Mike
  17. Thanks for the quick reply! I checked on one of the workstations that has the issue, and everything in Settings is locked down (greyed out). Is there an option related to the scan task itself that should be disabled so that password protected archive errors aren't stored in the logs? Network Agent - 6.0.1572 Thanks, Mike
  18. Thanks for the reply. I've double checked everything, and all the policy options seem to be locked down. Any other ideas? Versions: Admin Kit - 6.0.1572 Workstation - 6.0.3.837 Thanks, Mike
  19. The LOG option for "Password-protected archive detected" is unselected in the Notification Settings for the workstation policy, yet the workstation Event log is filled with "Password-protected archive detected" notifications. How can I remove this type of logging? Thanks, Mike
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.