Jump to content
kolobashkin

New IDS bases for WKS 6.0.4.1424

Recommended Posts

Hello,

 

We are about to release new set of IDS bases for Kaspersky Anti-Virus for Windows Workstations version 6.0.4.1424.

 

If you wish you may take part testing process.

 

Be noticed not to update all the computers from the being tested update source. You d rather set the update source locally on the particular computers then modify Administration Kit update task settings.

 

The update should be tested with all supported OSs:

Microsoft Windows XP 32 (Service Pack 2 or higher)

Microsoft Windows XP 64 (Service Pack 1 or higher)

Microsoft Windows Vista 32/64 all service packs

Microsoft Windows 7 32/64 (including Service Pack 1)

 

If you have ability, it is better to perform cases on physical computers (not VMWare or Virtual PC)

And it is useful to find in computers with different network adapters configuration (Intel, Reatek, Attansic; WiFi, VPN and etc) and perform tests on them.

 

Update sources:

 

http://dnl-test.kaspersky-labs.com/test/tim2/

http://dnl-test.kaspersky-labs.com/test/ids/

 

 

 

The file versions have to be the following:

 

CKAH.SET (version 2.0.0.767) (C:\ProgramData\Kaspersky Lab\AVP60MP4\Bases)

 

 

Short test-plan:

 

1. Set Update mode to Manual.

2. Set Update source to http://dnl-test.kaspersky-labs.com/test/tim2 and start update.

3. Check Network connection status, restart workstation and check that network connection properties remained the same as they were before update.

4. Check that local network is available : access to shared folders , internal sources and etc. is the same as it was before update.

5. Check that Internet connection is available and upload\download speed was not affected significantly :

- files can be uploaded and downloaded from http://rapidshare.com/ or other file hosting service

- IM clients work normally

- web-sites are accessible

- Stream audio and video can be played normally (youtube.com, vimeo.com, blip.fm and etc.)

- if you have an ability to use bit-torrent client – check that it works normally , including case with large number of connections

- if you have an ability to check some online games (WOW, Eve Online , Linage , Battlefield, Counter Strike & other games that require local\internet connections) – check that game clients has the

- same functionality as it was before

6. Check that downloading of http://www.eicar.org/download/eicar.com using IE is detected by WKS 6.0.4.1424.

7. Check that network attacks are detected and blocked by product: On machine with WKS 6.0.4.1424 run XSpider, choose TCP, “server" and press "Listen" port 10000. On the remote machine run tool kltps.exe: for protocol TCP set tool's settings kltps: -4 -t <host> 10000 and press enter. WKS should be detect attack and host should be blocked (can be checked in Firewall \ Anti-Hacker reports)

8. Check that filtering rules works properly: e.g. set up filtering rule for IE - add DENY ALL NETWORK activity rule for application. Check that all internal and external resources are unavailable. Then delete this rule and check that external \internal web-resources are reachable via IE. Also try to combine different sets of filtration rules to check that they were applied properly.

9. Set Update source to http://dnl-test.kaspersky-labs.com/test/ids and start update

10. Repeat steps 5 – 8

 

If you encounter an issue please try to reproduce it updating from public servers (without the new update) to check whether the source of the issue is related to the tested update or not.

 

Please post the results here.

 

Thank you for cooperation.

Share this post


Link to post
New IDS-bases have been released.

 

Does this update require a restart of the client computer?

 

We have component updates disabled for our global update task for MP4, so in theory, NO computers connected to our corporate enterprise network should receive this update, if it's a component update.

 

We have component updates enabled for our Mobile policy, so computers outside our corporate enterprise network will receive component updates for MP4.

 

I've noticed this morning that nearly all of our workstations on our corporate enterprise network are showing "Restart required to apply update".

 

Please advise..

Edited by matt.byrne

Share this post


Link to post
Yes, in order to update network driver components restart is required.

 

Okay.

 

But we have component updates disabled for our updater task for all computers connected to our corporate enterprise network. Why are they all requesting a restart now? Is anyone else having this issue?

 

As per the documentation from KL Labs, the mobile policy only applies to computers not connected to the same network as the administration server.

 

Your support would be appreciated.

 

Thanks

Matt

Share this post


Link to post
But we have component updates disabled for our updater task for all computers connected to our corporate enterprise network.

 

IDS bases are the part of Application bases not Application modules. KB 2538 .

 

Share this post


Link to post
IDS bases are the part of Application bases not Application modules. KB 2538 .

 

Thank you for your assistance. I'm now in contact with KL Labs support to stop the download of the IDS Bases for our administration server, as we do not use Anti-Hacker, Firewall and IDS, have it installed for our workstations that are requiring a restart for this, and have the Anti-Hacker disabled by Policy.

Share this post


Link to post
Thank you for your assistance. I'm now in contact with KL Labs support to stop the download of the IDS Bases for our administration server, as we do not use Anti-Hacker, Firewall and IDS, have it installed for our workstations that are requiring a restart for this, and have the Anti-Hacker disabled by Policy.

 

 

The update task for workstations should in theory, not push out updates for components (Anti-Hacker), If the workstation does not have this installed.. Our workstations don't have the Anti-Spam component installed, and our workstations have the anti-spam outlook plug-in installed into Outlook because the administration server pushes all updates to workstations no matter what components of MP4 are installed.. Am I doing something wrong because I don't think this is ideal.

 

Our updater task for the administration server is configured to download all updates and force them to be downloaded to the administration server for all components and modules. I believe the administration server should download these updates to it's repository, but we should be able to configure which updates are pushed out to workstations for the Global Updater task for MP4.

Edited by matt.byrne

Share this post


Link to post

KB 4646.

Try to disable the following options in the Update list:

 

# Firewall databases – descriptions of typical network attacks.

 

# Firewall databases – descriptions of typical network attacks for Kaspersky Anti-Virus 6.0 for Windows Workstations installed on 32-bit OS.

 

# Firewall databases – descriptions of typical network attacks for Kaspersky Anti-Virus 6.0 for Windows Workstations installed 64 32-bit OS.

Share this post


Link to post
The update task for workstations should in theory, not push out updates for components (Anti-Hacker), If the workstation does not have this installed.. Our workstations don't have the Anti-Spam component installed, and our workstations have the anti-spam outlook plug-in installed into Outlook because the administration server pushes all updates to workstations no matter what components of MP4 are installed.. Am I doing something wrong because I don't think this is ideal.

 

Our updater task for the administration server is configured to download all updates and force them to be downloaded to the administration server for all components and modules. I believe the administration server should download these updates to it's repository, but we should be able to configure which updates are pushed out to workstations for the Global Updater task for MP4.

 

I experienced the same situation with PCs needing an update late yesterday. I had my updates set to Automatically detect updates, but I install KAV 6 MP4 with AV, Anti-spy, and the web component. These updates should not have been downloaded for us as well.

 

Thanks to the information that your post has generated, I have changed my updates to select only the applicable updates for our environment.

 

Thanks for posting your question. Maybe now my updates will be smaller as well.

Share this post


Link to post
KB 4646.

Try to disable the following options in the Update list:

 

# Firewall databases – descriptions of typical network attacks.

 

# Firewall databases – descriptions of typical network attacks for Kaspersky Anti-Virus 6.0 for Windows Workstations installed on 32-bit OS.

 

# Firewall databases – descriptions of typical network attacks for Kaspersky Anti-Virus 6.0 for Windows Workstations installed 64 32-bit OS.

 

Thank you. We've disabled the Firewall databases options in our update task for the administration server and disabled "autodetect update list".

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.