Jump to content
Alexander Ilin

Suggestions for Kaspersky Security Center 10. [In progress]

Recommended Posts

It would be nice to be able to use policy profiles for the server versions (WSEE and KS4WS) as well -> especially exclusions (and the combination of exclusions – in main policy and policy profiles - as well -> see my suggestion from post #254).

 

Other topic: It would be nice to group „tasks for special computers“(and to hide some groups/tasks) because this list can get very huge. It would be nice to group/hide tags as well (when someone use tags as much as I do/plan to do, to start tasks/to apply policies and so on, the tag list can get very huge as well).

These tasks could be grouped (this should be just a viewing feature, there should not be any functionality behind it) by first letter of the task name for example (and the administrator can name the tasks accordingly).

 

Share this post


Link to post

In combination with policy profiles, it would be nice to see which policy profile gets applied on which computer (someone can see – details on policy itself – which computer applied which policy but not which policy profile(s))

Share this post


Link to post

Hello,

 

It would be great to see which user is logged on the computer on a domain. We can see the local users but still not a domain user or I'm doing something wrong :)

 

Thanks in advance

 

Best regards

 

 

Share this post


Link to post

Hi

 

I suggest next release of KES gets user interface refresh to match current design used in KSC SP2 :cb_punk:

Current KES user interface is getting dated.

Share this post


Link to post

Is this topic/thread still active (since new version KSC 10 SP2 is out)? Maybe you can put this on the todo list for KSC10 SP3 (or whatever the next version will be)?

 

I have a new suggestion about events: It would be nice to have messages like “computer was turned off” or “computer was started” or “computer was put into hibernate” and so on in the event log.

 

I noticed that when a computer gets turned off, the event log consists of the message “Protection components are disabled” and the description consists of “User: NT-AUTORITÄT\SYSTEM (System user)”. When someone stops KES by sys- tray Icon menu -> close (with or without the password protection), it logs the same messages (except that the User is a valid domain user).

It would be nice to distinguish between “KES was terminated due to computer shutdown” and “user terminated KES” (after that, it should be able to configure a mail notification only for “user terminated KES”).

 

I noticed that when a computer/laptop gets put into hibernate, KSC first thinks that the Protection was turned off (the computer shows up in the so called computer selection, the computer is not pingable, KSC thinks that the agent is still running but the protection is inactive -> I think until the next agent synchronisation cycle) and after a while, KSC recognizes that the computer is not reachable any more (the symbol of the computer changes). It would be nice if KSC would recognize a computer hibernation immediately. I noticed that because I usually check all the computer selections and there are sometimes computers in “protection is off” but after a while, they disappear from that computer selection. I am not sure if all of the mentioned computers are in that computer selection because of hibernation, but they are not pingable (during that time) and most of them are laptops. I was able to reproduce that scenario with my laptop with hibernation.

When the computer gets turned off, KSC immediately recognizes that the computer is not reachable any more.

 

Share this post


Link to post

It would be nice to be able to limit the (CPU) resources of the „Vulnerability Scan“ Task and/or to define that it only starts/stops when the computer is locked/screensaver is active (like on-demand virus scan -> “suspend scheduled scanning when the screensaver is off and the computer is unlocked”).

Share this post


Link to post

It would be nice if the KSC would implement a warning about expiration of the product support life cycle of all the products (KES, KSC itself, KS4WS, WSEE, …). For example, KES10MR1 will be end-of-life at the end of the year and KSC should warn e.g. half a year before that date.

 

I know that this is not dedicated for KSC but it would be also nice if KES warns at the endpoint when the end-of-life date is reached (and e.g. a few weeks before).

 

This warning could be implemented as a computer state like “protection is off” or “databases are out of date”, “license term expires soon”, “license term expired” and so on (I think the two states about license expires soon/expired are a good example).

These states could be used to create computer selections, the “expires soon” condition can be configured (how much days before). Beside that there should be also a general mail notification (for example: “product KES10MR1 will expire on 31st Dec 2016 and KSC found xxx computers”).

 

I just know this from KAV6MP3/4: Back then KAV did not complain about end-of-life state and also KSC and KAV6 did not complain about old database signatures (since there were no new signatures). Maybe this was improved at KES8/10 (we updated early enough).

 

Share this post


Link to post
It would be nice if the KSC would implement a warning about expiration of the product support life cycle of all the products (KES, KSC itself, KS4WS, WSEE, …). For example, KES10MR1 will be end-of-life at the end of the year and KSC should warn e.g. half a year before that date.

 

I know that this is not dedicated for KSC but it would be also nice if KES warns at the endpoint when the end-of-life date is reached (and e.g. a few weeks before).

 

This warning could be implemented as a computer state like “protection is off” or “databases are out of date”, “license term expires soon”, “license term expired” and so on (I think the two states about license expires soon/expired are a good example).

These states could be used to create computer selections, the “expires soon” condition can be configured (how much days before). Beside that there should be also a general mail notification (for example: “product KES10MR1 will expire on 31st Dec 2016 and KSC found xxx computers”).

 

I just know this from KAV6MP3/4: Back then KAV did not complain about end-of-life state and also KSC and KAV6 did not complain about old database signatures (since there were no new signatures). Maybe this was improved at KES8/10 (we updated early enough).

 

Hello,

suggestion 3969

Thank you.

Share this post


Link to post
It would be nice to be able to limit the (CPU) resources of the „Vulnerability Scan“ Task and/or to define that it only starts/stops when the computer is locked/screensaver is active (like on-demand virus scan -> “suspend scheduled scanning when the screensaver is off and the computer is unlocked”).

 

Suggestion 3970

Share this post


Link to post

Hi

 

Have you also seen my other posts/suggestions (posts #254, #255, #259, #260)?

 

Sorry for all these suggestions now but during daily work I have some ideas (I appreciate that you take all my suggestions and consider them for the next release -> some other manufactures do not even take care of customer suggestions).

 

I have another suggestion: When a task gets started but the computer(s) are not online during that time, the task get started when these computers are up again (there is an option for that). I would like to have an option to delay that task start for a configurable amount of minutes so that the computer can boot up and the user can log in without disruption (the computer consumes a lot of resources during that time).

Share this post


Link to post

It would be nice to be able to import/export the Application Privilege Control Settings/Exclusions (Application control rules/Protected resources) as like the anti-virus exclusions within the KES policy.

Share this post


Link to post
It would be nice to be able to import/export the Application Privilege Control Settings/Exclusions (Application control rules/Protected resources) as like the anti-virus exclusions within the KES policy.

 

Hello,

you can apply saved policy.

Thank you.

Share this post


Link to post

what do you mean by "apply saved policy"? I know that I can export/import the whole policy but that includes all the other settings as well.

When I manage my own application file extensions (for example, in protected resources), these settings get pretty huge and then I need to export/import just these (like it can be done with av exclusions).

 

 

Share this post


Link to post

could you please consider the following thread: https://forum.kaspersky.com/index.php?showtopic=352231

 

One time a user tried to upload a file onto the file server/share (which was a downloader which WSEE detected as not-a-virus:Downloader.NSIS.Agent.xa). Therefore, the file got deleted and the user uploaded it (Ctrl + V) again and again and again (until the threshold of virus outbreak was reached). It would be bad if the mentioned fullscan task would start on all computers according to that (user) behaviour and that’s why I am a little bit concerned about that task.

Maybe you can implement a detection rule so that the counter only counts different viruses (when it always finds the same threat in the same file, this can be ignored or only counted once).

 

Share this post


Link to post
could you please consider the following thread: https://forum.kaspersky.com/index.php?showtopic=352231

 

One time a user tried to upload a file onto the file server/share (which was a downloader which WSEE detected as not-a-virus:Downloader.NSIS.Agent.xa). Therefore, the file got deleted and the user uploaded it (Ctrl + V) again and again and again (until the threshold of virus outbreak was reached). It would be bad if the mentioned fullscan task would start on all computers according to that (user) behaviour and that’s why I am a little bit concerned about that task.

Maybe you can implement a detection rule so that the counter only counts different viruses (when it always finds the same threat in the same file, this can be ignored or only counted once).

 

Hello,

suggestion 4000.

Thank you.

Share this post


Link to post

It would be nice to be able to add a computer to an already running task (without disrupting the task execution on the already applied computers). Currently, when you right click on a computer and choose “run a task” and the selected task is already running, you get an error message (work around: copy the task and do the same). It would be nice to add that computer to the computer list of the original task and proceed with the running task on the original computers.

 

It would be also possible to automate the task copy work around (when a task gets selected under “run a task” menu option, which is currently running, then this task gets automatically copied and executed on the selected computers).

 

Share this post


Link to post

The option „Connect to Computer“ and „shared access to user desktop“ is only available at the tree view/main window (select a computer and right click). It would be nice to have that option when you do a search or within a computer selection as well (right click on “managed computers” and Search).

Share this post


Link to post

Hello,

My suggestion is to enable the ability to change the SQL Database password without the need to uninstall and reinstall KSC. My orginazation requires passwords changed ever 90 days with very few exceptions so I'll be stuck reinstalling every three months it seems unless I can get an exception approved.

 

Thanks,

Share this post


Link to post
Hello,

My suggestion is to enable the ability to change the SQL Database password without the need to uninstall and reinstall KSC. My orginazation requires passwords changed ever 90 days with very few exceptions so I'll be stuck reinstalling every three months it seems unless I can get an exception approved.

 

Thanks,

 

Do you use built-in MSSQL ?

Thank you.

Share this post


Link to post

A customer wants to use device control with user- and admin-notification via Email.

 

post-401446-1468922897_thumb.jpg

 

Kirill Tsapovsky vom Kaspersky Russia mentioned in the english post:

This button sends a mailto: command only when KES is not managed by KSC. Otherwise it will only send an event to KSC.

 

We need email-notification even if it's managed by KSC.

 

As mentioned in https://forum.kaspersky.com/index.php?showt...p;#entry2601627 (English)

and https://forum.kaspersky.com/index.php?showtopic=352678 (German)

Share this post


Link to post

Hello It would be interesting to be able to search through computers with their external IP to found the ones sharing the same WAN IP

As I in this post

Share this post


Link to post

Hi

 

Please update Relocation rules so that it can also move 'cluster' objects from one 'Cluster and server arrays' group to another.

 

At present this is not possible, so for example when applying a special policy to a sub-group to perform additional file path exclusions for Exchange to work nicely, only our none DAG/Cluster computer objects will be relocated with a Relocation rule to the sub-group, cluster objects need to be manually moved to the sub 'Cluster and server arrays' group

 

(https://forum.kaspersky.com/index.php?showtopic=355877)

 

Thanks

Share this post


Link to post
Hi

 

Please update Relocation rules so that it can also move 'cluster' objects from one 'Cluster and server arrays' group to another.

 

At present this is not possible, so for example when applying a special policy to a sub-group to perform additional file path exclusions for Exchange to work nicely, only our none DAG/Cluster computer objects will be relocated with a Relocation rule to the sub-group, cluster objects need to be manually moved to the sub 'Cluster and server arrays' group

 

(https://forum.kaspersky.com/index.php?showtopic=355877)

 

Thanks

 

Hello,

 

please attach screen shots which illustrate your suggestion with arrows where objects should be moved.

Thank you.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.