Jump to content
Alexander Ilin

Suggestions for Kaspersky Security Center 10. [In progress]

Recommended Posts

To perform constructive systems management functions you need to be able to target applications and devices - whilst you can create a Device Selection targetting Application Registry and then run a Task, like batch file uninstall, this does not always work if applications are not visible.

Feature Request - The ability in Device Selection to target executable files by file name, application name and applicatiton version , so that Tasks can then be run against the relevant machines.

image.png.b60772edd694d475329cae384430a1c7.png

Share this post


Link to post

Not sure how well this fits in this thread, but I've had to write a powershell script that handles some of the day-to-day troubleshooting of KES devices when methods provided in the GUI don't work.

Using powershell remoting or psexec, my script seems to do the job when KSC10 can't.

I'm putting the source code on GitHub eventually, will not be providing Kaspersky's executables though.

Can Kaspersky author a tool similar to this with some extended capability?

image.png.bf1f3f412c7c18e3b2e4f4d67dd93f05.png

Share this post


Link to post

KSC needs better reports integration with Kaspersky for File Server. Following reports should be available:

File Integrity Monitor - report on all files created, modified and which user/process did it etc

Log Monitor - detailed reports on different event types like brute force attack detection, anomaly detection etc. It should show all the detailed information (which user, which process, what was done to the system etc).

Currently there's no way to get any of this information except manually going through the logs and opening every single event to look at its details.

Share this post


Link to post

Another thing I would like to see Security Center is the  overview of system activity when a system was compromised. Eg exact visualization of what happened on the system: what was downloaded, what processes were started, what they accessed and so on. Like in the management console of SentinelOne and Cisco AMP for example.

A video of SentinelOne's management:

 

Share this post


Link to post
On 10/24/2018 at 1:27 AM, ForYouAreCrunchy said:

Not sure how well this fits in this thread, but I've had to write a powershell script that handles some of the day-to-day troubleshooting of KES devices when methods provided in the GUI don't work.

Using powershell remoting or psexec, my script seems to do the job when KSC10 can't.

I'm putting the source code on GitHub eventually, will not be providing Kaspersky's executables though.

Can Kaspersky author a tool similar to this with some extended capability?

image.png.bf1f3f412c7c18e3b2e4f4d67dd93f05.png

Hi,

I think I need this kind of tool because sometime KSC can't reach the client.
Would be nice if you can share the Github Link.

Thanks,

Share this post


Link to post

I would like to distinguish between "forbidden" and "allowed" for messages like “Host Intrusion Prevention was triggered”. I would like to get a mail when it is forbidden, not when it is allowed.

Generally, it would be nice that every message, which indicates that something is blocked/forbidden, would be sent to KSC so that the admin sees right away on KSC (Events on a special computer), that KES blocked something (but not all the "allowed" messages).

 

image.thumb.png.dbbdffdafacee9c28cdd1e8c18b39a4f.png

 

Ereignistyp:     Eine Regel der Programm-Überwachung wurde ausgelöst.

Programm\Name:     5.6.6; 20180731-1455 [ea03fd0ff2]

Programm\Pfad:     c:\xxx\xxx\

Programm\Prozess-ID:     10120

Benutzer:     xxx\xxx (Aktiver Benutzer)

Komponente:     Programm-Überwachung

Ergebnis\Beschreibung:     Erlaubt

Ergebnis\Typ:     Zugriff auf Sicherheitseinstellungen

Ergebnis\Name:     Zugriff auf die Webcam

Ergebnis\Bedrohungsstufe:     Niedrig

Ergebnis\Genauigkeit:     Genau

Aktion:     Zugriff auf die Webcam

Objekt\Typ:     Webcam

Grund:     Zugriff auf die Webcam

Share this post


Link to post

Ever since the new version of KSC 10's Admin Console 3.0, it is pretty annoying that I have to run the "Run Selection" under Device selections every time i go back to the same selection just to see all devices.  It used to keep the last Run active so this wouldn't be such a repetitive task.  Ridiculously annoying when flipping back and forth to get a task completed.

Kaspersky Mgmt Console.PNG

Kaspersky Security Center.PNG

Share this post


Link to post

The ability to export from AD Sites and Services all of my Subnets, and then Import those into Kaspersky IP Polling.

Entering them manually is fine if you've got a handful of subnets/sites.... but when you don't this is painful!  Then you get to do it again if you wan to do Network Location Addresses based on subnet (because once is never enough?)

Share this post


Link to post
On 11/7/2018 at 7:53 PM, Permadi said:

Hi,

I think I need this kind of tool because sometime KSC can't reach the client.
Would be nice if you can share the Github Link.

Thanks,

I actually use this tool in production at my organization right now. Give me a few days to cleanse it of any identifying information and I will provide a link here.

Share this post


Link to post

Feature request: When you create a remote install task you have to chose "Select devices to which the task will be assigned".

You have four choices which cannot be changed afterwards. It would be very handy these can be changed afterwards. Eg. from Specify device addresses manually to administration group.

Share this post


Link to post

Feature request: When you create a remote install task you have to chose "Select devices to which the task will be assigned".

You have four choices which cannot be changed afterwards. It would be very handy these can be changed afterwards. Eg. from Specify device addresses manually to administration group.

Share this post


Link to post
On ‎3‎/‎14‎/‎2019 at 5:18 PM, ForYouAreCrunchy said:

I actually use this tool in production at my organization right now. Give me a few days to cleanse it of any identifying information and I will provide a link here.

ForYouAreCrunchy,

Did you ever get around to publishing your very smart utility?  Would like to receive a copy.

Cheers

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.