Jump to content
jedwards

Anti-Hacker network timeouts

Recommended Posts

Using KAV 6.0 and the latest Admin server.

 

Whenever Anti-hacker is enabled, all established network sessions continuously timeout. different ports, different applications. I have added application exclusions, and port exclusions with no better result.

 

I don't have the issue if the firewall is disabled, but the whole idea is to use the firewall.

 

has anyone else been able to resolve this issue?

 

Thanks

Share this post


Link to post

Please check if your local network is entered as local or trusted network in the zones tab in the settings of the anti-hacker.

Share this post


Link to post
Please specify the name and version of Kaspersky product for example Kaspersky Anti-Virus for Windows Workstations 6.0.3.837.

And please attach here the report file of GetSystemInfo utility, upload that file on http://support.kaspersky.fr/getsysteminfo/ and post the link of that report here.

 

The product is KAV 6.0.3.837 - the fetsystemInfo link does not seem to work, and I can't seem to find a download for this...

 

I guess I will contact support.

Share this post


Link to post

My ssh sessions do timeout, too, at least when not connecting to "local network" zone. When I temporarily uninstall Anti-Hacker and install Outpost instead the connections do not timeout, so please don't tell me my network setup is causing the issue ;-).

And my Oracle connections do, too -- sometimes.

WKS 6.0.3.837. It seems there is something "wrong by design".

Edited by aehrlich

Share this post


Link to post

All you have to do is add your different subnets to the zones tab of the anti-hacker-settings as local or trusted zone.

 

I had the same issue w/ Oracle and SSH, and this corrected my problem.

Share this post


Link to post

Oh, Apparently you've done this. Make sure your policy is locked...I believe if it is not locked, it uses the "Local" policy instead of the one on your KAK.

 

You have to setup the subnet for all of your apps that are timing out. Like for our Oracle environment, we have 4 different subnets...don't ask, I didn't set it up...

 

So basically every subnet that you are timing out for should have it's own "Local Network".

Share this post


Link to post

Thanks Raymond, I have already added the apps (secureCRT in my case) to the trusted applications and the subnets are configured as local. I will keep plugging away at this tomorrow and try the "locking" thing.

 

Thanks

Share this post


Link to post

You won't need App Exclusions once you get it working. Ironically enough, I started doing the same stuff you are. In the end all I needed was to put my subnets in, and lock the policy. Although I've not tried it unlocked as I have everything locked down that can be, so it sounds like that is the only difference between you and I at this point.

Share this post


Link to post
All you have to do is add your different subnets to the zones tab of the anti-hacker-settings as local or trusted zone.

 

I had the same issue w/ Oracle and SSH, and this corrected my problem.

Well, maybe it does solve the problem of timeout, but it introduces another one -- security. By no means am I going to add all those machines (often belonging to whomever, not to me) to "local/trusted zone", it is just not an option. The vendor shall just fix the timeout issue, without considering zones.

Share this post


Link to post

This gets stranger. After setting the locks and adding the subnets, it works for certain machines and not for others in the same Group (test Group), with the same policy applied. The only difference is the client machines are on different subnets, and both subnets are in the trusted zone.

 

On one system (vista) I can stay idle for over an hour and no lose the active ssh session, on XP(1) I lose connection after 10 minutes, on another XP(2) I also experience the connection drops. XP(2) is on the same subnet as the Vista machine if it makes any difference.

 

Is it possible this can only work with Vista? That would be a first.

Share this post


Link to post

Removing the NDIS filter did the trick. Why the hell is this installed on XP in the first place? Anyone know of a way to remove the NDIS driver en mass?

 

 

Share this post


Link to post

eh, eh...the reason why? here you have it.

The first idea is to (re)install a KAV package in this way: setup.exe /pNOKLIM5=1....but, hopefully, someone else got a better idea!!!

M

Share this post


Link to post

I know there is a patch you can deploy using Administration Kit to remove the NDIS filter silently on remote hosts, you don't have to reinstall the product entirely.

 

You can try to contact support and ask for this.

Share this post


Link to post

Tybilly, you're right as usual!!!!!!

Here under you may find the procedure (i got it from KL tech support) to remotely uninstall klim5.sys driver (aka NDIS):

 

1) Put the attached file to the following folder on AK server: ''C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\Data\Cleaner\''

2) Restart AK service from services snap-in

3) Open AK console, go to global tasks container: New task-->application: KAK, task type: product deinstallation task. Tick the checkbox ''uninstall the external application'': Select the product you want to uninstall.

4) Start the task

 

Hope it helps

M

klim_uninstall.rar

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.