Jump to content
max@work

Unprocessed objects

Recommended Posts

Hi guys.

How can I "reset" the condition of "unprocessed objects" I have on some clients on the Administration Kit (we have Business Security latest edition on both clients and server)?

These objects are "false positive" and I'd like to reset the orange icon to have the green one. But how can I do this?

 

Thanks!

Bye, Max

Share this post


Link to post

Hi,

 

In the properties of the logical group (yellow group) where your hosts are located, in the "General" tab there is a button to reset the virus counter.

This option is also available in the properties of each managed hosts.

 

Share this post


Link to post
Hi,

 

In the properties of the logical group (yellow group) where your hosts are located, in the "General" tab there is a button to reset the virus counter.

This option is also available in the properties of each managed hosts.

 

Hi this is not true: I click reset virus counter but the orange icon still remains with STATUS = Warning/Visible and STATUS DESCRIPTION = There are unprocessed objects :unsure:

 

If I go on the single pc and process the object manually the status return to OK/Visible with green icon

 

Bye, Max

PS: probably my KAV knowledge is poor but I cannot think that in a domain environment with an Administration Console I have to go physically on the client to reset this situation or to do others operations....

Share this post


Link to post

Please describe what kind of objects (name of the virus, location of detected files) you had to deal with locally.

Also could you see these objects in the Quarantine/Backup menu of the Administration Console ? In case yes then there is a possibility to treat them remotely

Share this post


Link to post
Please describe what kind of objects (name of the virus, location of detected files) you had to deal with locally.

Also could you see these objects in the Quarantine/Backup menu of the Administration Console ? In case yes then there is a possibility to treat them remotely

 

Ok... on one pc I have this:

 

"detected: riskware not-a-virus:RemoteAdmin.Win32.WinVNC.c file: C:\System Volume Information\_restore{159DC807-1BCF-4DD6-A919-A91FCE2A3C77}\RP172\A0045963.dll"

 

Last week I uninstalled Ultravnc (anyway I set it on KAV to be escluded). Anyway I go on this client and I delete manually this file via KAV interface and now I have the green status on Admin Console. But why I cannot do this action via Administration Console?

 

Thanks

Bye, Max

Share this post


Link to post

To remove an object from the Unprocessed files folder, in the console tree select the Repositories node, and then the Unprocessed files node. Select the necessary object in the results pane and use the Delete command from the context menu.

As a result, the anti-virus application that has placed the object into the repository on the client computer will remove the object from the list in the Unprocessed files folder.

post-2103-1268315110_thumb.png

Share this post


Link to post
To remove an object from the Unprocessed files folder, in the console tree select the Repositories node, and then the Unprocessed files node. Select the necessary object in the results pane and use the Delete command from the context menu.

As a result, the anti-virus application that has placed the object into the repository on the client computer will remove the object from the list in the Unprocessed files folder.

 

 

Ok it's work!

Many thanks!

Bye, Max

Share this post


Link to post

I did delete these Unprocessed objects in the Repository folder, but still, the computer is still sowing in Orange... saying status

There are unprocessed Objects;

Share this post


Link to post

Does this really work, iv done exactly what you advice and the "current action" status is/has been "deleting" since forever, any advice on that

 

Share this post


Link to post

Yes, it does work, but you either have to synchronise the clients or wait for them to connect back to the server for it to take effect. Then it has to connect back again to report that it is complete (I believe).

Share this post


Link to post

I had this happen to me last month, and the only way I could resolve it was by deleting all of the event reports on each of the workstations via the ak so that it didn't report all of the false positives back to the ak.

Share this post


Link to post

I too have 'unprocessed objects' (winvnc4.exe) on most clients, causing the computer icon to appear orange. I have attempted to delete the items from the unprocessed objects folder, but they remain at 'deleting'.

 

Someone above suggested we should synchronise the clients. Well, I have tried "Force Synchronisation" on the clients, but after progressing 2/3rds the way it fails with a message...

 

"Cannot synchronise computer settings with Administration Server now. Operation will be completed when computer becomes available on the network."

 

Any other tips?

 

Thanks

 

 

Share this post


Link to post

None of that works. Once I have a machine go red thanks to an unprocessed object, which never shows up in unprocessed objects at the SC btw, it stays that way.

Share this post


Link to post

I too have a bunch of computers with unprocessed objects. I went to the folder unprocessed files and it was empty. I forced syncronization of each client and refreshed the managed computer group. Still have the bunch of computers with unprocessed objects.

Share this post


Link to post

Anyone with a clear answer for this? I've got a workstation that reports that it has unprocessed objects, yet the objects do not show up in the Unprocessed files tab in SC9.

Share this post


Link to post
Anyone with a clear answer for this? I've got a workstation that reports that it has unprocessed objects, yet the objects do not show up in the Unprocessed files tab in SC9.

 

Same here

Share this post


Link to post
I too have 'unprocessed objects' (winvnc4.exe) on most clients, causing the computer icon to appear orange. I have attempted to delete the items from the unprocessed objects folder, but they remain at 'deleting'.

 

Someone above suggested we should synchronise the clients. Well, I have tried "Force Synchronisation" on the clients, but after progressing 2/3rds the way it fails with a message...

 

"Cannot synchronise computer settings with Administration Server now. Operation will be completed when computer becomes available on the network."

 

Any other tips?

 

Thanks

 

Check your DNS for stale records. That can cause KSC to be unable to locate a client.

 

Ben

Share this post


Link to post
Check your DNS for stale records. That can cause KSC to be unable to locate a client.

 

Ben

 

For me, no objects in repository, no records of unprocessed files in event log. Just "Number of incurable objects 3" on the pretection tab of the affected computer. Pressing reset doesn't help.

Computer status yellow, no mater what I do. How to reset status to green without going to the workstation itself (would't know what to do there either).

 

Share this post


Link to post

Can you delete this client from the Security Center. Force synchronisation and then tyou can find his client under Unmanaged Computer.

Move back into the right group and look if unprocessed objects is listened.

Share this post


Link to post

A few days ago i got the same problem and i can bring back the green stats.

But I don't know how to resolve the problem, because too many things that i had done when i tried to solve it.

 

You can try like Helmut said and if that still doesn't work, maybe these steps can help you:

- go to that workstation and open the reports and storages window -> unprocessed objects -> delete all the object (if exist, because in my case there is unprocessed objects but it didn't showed in KSC repositories :( )

- check the change from KSC (force sync).

 

 

:beer:

 

sorry for my bad english

Edited by mpan

Share this post


Link to post

Same problem here.

 

The unprocessed objects folder in the server is empty, but the workstations are yellow with the message "There are unprocessed objects".

 

Full scan, force synchronisation or reset virus count dont solve it.

 

any help?

Share this post


Link to post
Same problem here.

 

The unprocessed objects folder in the server is empty, but the workstations are yellow with the message "There are unprocessed objects".

 

Full scan, force synchronisation or reset virus count dont solve it.

 

any help?

 

Have you try to delete the computer and add it again from KSC like Helmut said?

If the problem still insist then try to check the unprocessed object from the client directly.

Share this post


Link to post
Have you try to delete the computer and add it again from KSC like Helmut said?

If the problem still insist then try to check the unprocessed object from the client directly.

 

Yes, i have tried and the problem persists.

If I remove the unprocessed object from the client directly, the problem is solved, but I believe there is a way to do this directly from KSC.

 

:(

Share this post


Link to post
Yes, i have tried and the problem persists.

If I remove the unprocessed object from the client directly, the problem is solved, but I believe there is a way to do this directly from KSC.

 

:(

 

removing "unprocessed objects" from clients does not help me either.

 

What I have tried so far:

 

1. removing "unprocessed objects" from clients

2. reseting virus counter

3. force sync + refresh following 1 i 2

4. removing workstations from managed group and readding them

4. trying to run full scan after 1. i 2. produces "error completing task". There is no full task listed on the workstation

5. waiting 24 hours for workstations to update.

 

None of the above works and I have still "unprocessed objects" with yellow icon.

Share this post


Link to post

Hi Folks,

 

I too was having Issues with Unprocessed Objects, specifically WinVNC. (never been an Issue in previous Administration Kit) :-/

 

I have Created several Groups beneath Managed Computers to Control specific Desktops and Servers, for Example:

 

Group - Physical XP Desktops

 

To Fix the Issue for WinVNC Unprocessed Objects:

 

Delete the Default Protection Policy, Create New Protection Policy

 

Protection Policy - Physical XP Desktops

 

General Protection Settings > Exclusions and trusted zone > Settings > Exclusion rules Tab

 

Known Working Example(s):

 

Add / Modify Object: %ProgramFiles%\ULTRAVNC\VNCVIEWER.EXE

 

Rule Description: Object will not be scanned if the following conditions are met:

 

Object: %ProgramFiles%\ULTRAVNC\VNCVIEWER.EXE

Threat type: Invader (loader)

Protection components: specified:

File Anti-Virus,

Scan,

System Watcher

 

Add Modify Object: %ProgramFiles%\ULTRAVNC\WINVNC.EXE

 

Rule Description: Object will not be scanned if the following conditions are met:

 

Object: %ProgramFiles%\ULTRAVNC\WINVNC.EXE

Threat type: Invader (loader)

Protection components: specified:

File Anti-Virus,

Scan,

System Watcher

 

Add Object: %ProgramFiles%\UltraVNC\WinVNC.exe

 

Rule Description: Object will not be scanned if the following conditions are met:

 

Object: %ProgramFiles%\UltraVNC\WinVNC.exe

Threat type: not-a-virus:RemoteAdmin.Win32.WinVNC.gc

Protection components: specified:

File Anti-Virus,

Scan

 

 

I also needed to Add Exclusion Rules for WinVNC Local Distribution Point, otherwise KES8 would Scan and complain about Unprocessed Objects / Disinfection Impossible, etc, etc... *Sigh*

 

Add Object: %SystemRoot%\<Application Distribution Path>\UltraVNC_v1082.msi

 

Rule Description: Object will not be scanned if the following conditions are met:

 

Object: %SystemRoot%\<Application Distribution Path>\UltraVNC_v1082.msi

Threat type: not-a-virus:RemoteAdmin.Win32.WinVNC.gc

Protection components: specified:

File Anti-Virus,

Scan

 

Add Object: %SystemRoot%\<Application Distribution Path>\UltraVNC_v1082.msi//Data1.cab//_42

 

Rule Description: Object will not be scanned if the following conditions are met:

 

Object: %SystemRoot%\<Application Distribution Path>\UltraVNC_v1082.msi//Data1.cab//_42

Threat type: not-a-virus:RemoteAdmin.Win32.WinVNC.gc

Protection components: specified:

File Anti-Virus,

Scan

 

 

Finally...

 

Clear the Warnings Event Log

 

You should not need to Move Computers to Unassigned Computers

 

Reboot Kaspersky Security Center 9 - You may still Receive Warnings in the Event Log "Potential Threat Detected" after Performing the above & KSC9 Reboot

 

Clear the Warnings Event Log, again

 

Wait an hour, Check the Warnings Event Log, again - Issues with Unprocessed Objects, specifically WinVNC should not appear.

 

Cheers,

 

virtual.roofy

 

 

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.