Jump to content
Alexander Ilin

Suggestions for Kaspersky Security Center 10. [In progress]

Recommended Posts

It would be very helpful if we were able to set the domain for FDE in KSC somehow, though it's easier now that F10 isn't needed, this would remove an area that would still be a potential issue for users.

Share this post


Link to post

I would like to some enhancements on the FDE side:

 

1. Crisper more professional looking pre-boot login UI (higher resolution, better colors?); also allow company branding so we can atleast add our logo and maybe change to our color scheme.

 

2. Able to configure default domain for pre-boot authentication so users only need username and password (seems to be a popular request).

 

3. Simpler way to install encryption module on clients from the console if only the NA and AV clients were installed. Having to completely reinstall the AV client with the encryption module is excessive.

 

4. Easier password change procedure; having a user call in with 5 or more complicated strings of characters and then support having to repeat 5 or more complicated strings of characters is not going to go over well with our service desk or our users (especially if upper level management has to personally do it). I would like to see an option to use the existing password recovery procedure or something more simplified such as allowing us to configure how many strings are provided and given.

Share this post


Link to post

Forgive me if this is resolved in the latest version of the console (I have not read that it is but...)

 

I have complained about this before and mentioned it to our V.A.R. and several Kaspersky techs but the inability :dash1: to remove active directory sites from Unassigned Computers needs to be addressed.

If a AD site is no longer viable it should no longer be in the console. Simply removing the tick to enable scanning is just a lazy way to manage it.

I had received a sql script once to wipe out all the info in the database but alas I can no longer find it.

 

Thanks in advance.

 

 

Share this post


Link to post

I have also an Suggestion.

 

Let me explain short my Problem. we have about 300 Desktops and Laptops.

 

fullscan is done over night with WOL. But some of the Laptop aren´t connected (are outside the Network) and wouldnt´t be scanned.

if i mark the scan skipped scan they would scan in the morning. But that isn´t a good resulotion.

It´would be good to say scan at 11 AM or let the user decide.

Share this post


Link to post

Kaspersky Security Center 10.1.249

 

What i would like to see is what is holding up my computer group tasks, what actual scheduled task is running. I usually get this message,

 

Event type: Task cannot be performed

Result: Cannot start task

Object: Update

Object\Name: Update

Reason: Cannot start two tasks at the same time

 

Why do I have to get a vague error instead of telling me the actual task that's running or notify me when the task is about to be saved/created that (name of the task) has that time slot, I really don't like having to play Colombo to track down errors, just have the error show in the view results, here is another example of a result.

 

Vulnerability and application updates scan task completed (some errors occurred)

 

Or how about the feature for stop the task after x minutes actually works.

 

I have a task I schedule on Saturday 7/25 that is still running as of today 7/31 that was suppose to stop running after 999 minutes.

Edited by DHamilton

Share this post


Link to post

i would be great if you add the following;

 

1- Remote installation/deployment of Kaspersky Network Agent for linux atleast.

2- Fix the efficiency of KSN proxy. noticed decrease in efficiency and delay when more that 3000 endpoint managed to the single KSC (no argument about the hardware resources of KSC)

3- Add the KSV- Light Agent activated information in KSC, since the license report only gives you the information about the activated SVM/SVA. And it should also show to which SVM the light agent is connected rather login to VDI and checking its support information.

4- Remote diagnostic for KSV-Light Agent (enable traces etc).

5- Ability to import IP subnets from a txt or csv from file, for discovery.

Edited by hafeez.rehmaan

Share this post


Link to post

Support new windows releases from day 1 on business products instead of making us wait for months. You have had lots of time to start testing with the windows beta releases, yet you only release support for home users (KIS). We had to wait a long time for windows 8 and 8.1 compatibility as well

Share this post


Link to post

Another suggestion. Since KSC can be used to rudimentary deploy third party apps, improvement in this area would be welcome. For example, being able to see complete output of scripts or installation apps

Share this post


Link to post
1. Add mechanism to slipstream or add patches to remote installation tasks for Kaspersky products from KSC. Instead of having to create and run multiple tasks from KSC.

2. Add server policy name to local KES client (maybe in support or somewhere else). Like to confirm policy changes when moving between groups and out of office.

3. Allow easier chaining of individual tasks for computers in KSC. For example, when one tasks completes and another must run after it completes for certain PCs, without having to edit all the tasks to add the computer names. Copy it from the parent task. I'm suggesting a workflow UI change.

4. Allow the new icons in the columns (Agent installed, Agent running and Antivirus) to be turned off in KSC 10.2.434 when computers are listed. The big red circled exclamation marks dominate the UI. At least shrink that icon and change to a cooler shade of red or another color.

 

Hi,

 

Suggestion 3318 is submitted for the point 4. For the rest of points please provide more detailed descriptions.

 

Thank You!

Share this post


Link to post
Improvement Suggestion:

 

Can we get an updated version of MySQL supported for the database? The 5.0 branch hasn't been maintained for over three years.

 

Hi,

 

Suggestion 3319 is submitted.

 

Thank You!

 

Some KSC GUI related requests

 

Smarter sorting on computers tab within KSC.

--Sorting by status columns (agent installed, running, etc) doesn't work at all

--Sorting by columns with version numbers is somewhat random

--There is no column to sort or filter out offline/disconnected machines

--Retain column settings between launching of KSC and switching of admin servers. Currently if you customize which columns are shown in which order, it constantly gets re-set

--New filter added in SP1 does not allow for network agent, protection or database version filters (probably the most useful columns of all)

--Rename, consolidate or otherwise make the difference on some fields more apparent (i.e. Info Update, vs Visible vs Connection to Server vs Last update). With so many fields its sometimes difficult to know which is the "real" last update time of a computer.

--With SP1 when a machine is offline/disconnected it reports that Agent is not running, this makes things look worse than they are

 

Hi,

 

Suggestion 3320 was submitted.

 

Thank You!

 

Return the functionality to select and delete all Domain groups simultaneously.

 

In KAK8, if I wanted to delete all the folders in Unassigned computers\Domains, I would select Domains then select all the folders (ctrl-a) in the right pane and select delete. In KSC9/10, when I click Domains, nothing shows up in the right pane. See attachment. Shift-click and ctrl-click do not work to select multiple folders. To delete all the folders, you have to select each one at a time and be prompted if "you really want to delete the group" each time.

 

Hi,

 

Suggestion 3321 is submitted.

 

Thank You!

Share this post


Link to post
It would be very helpful if we were able to set the domain for FDE in KSC somehow, though it's easier now that F10 isn't needed, this would remove an area that would still be a potential issue for users.

 

Hi,

 

Suggestion 3322 is submitted.

 

Thank You!

 

I would like to some enhancements on the FDE side:

 

1. Crisper more professional looking pre-boot login UI (higher resolution, better colors?); also allow company branding so we can atleast add our logo and maybe change to our color scheme.

 

2. Able to configure default domain for pre-boot authentication so users only need username and password (seems to be a popular request).

 

3. Simpler way to install encryption module on clients from the console if only the NA and AV clients were installed. Having to completely reinstall the AV client with the encryption module is excessive.

 

4. Easier password change procedure; having a user call in with 5 or more complicated strings of characters and then support having to repeat 5 or more complicated strings of characters is not going to go over well with our service desk or our users (especially if upper level management has to personally do it). I would like to see an option to use the existing password recovery procedure or something more simplified such as allowing us to configure how many strings are provided and given.

 

Hi,

 

Suggestion 3323 is submitted.

 

Thank You!

Share this post


Link to post
Another suggestion for the KSC 10 SP1:

In the view of the policies in KSC, please add a column with the information, that a policy profile in a policy has been set. This would help to find out in which policy a sub policy/a policy profile has been set.

 

Hi,

 

Suggestion 3324 is submitted.

 

Thank You!

 

Forgive me if this is resolved in the latest version of the console (I have not read that it is but...)

 

I have complained about this before and mentioned it to our V.A.R. and several Kaspersky techs but the inability :dash1: to remove active directory sites from Unassigned Computers needs to be addressed.

If a AD site is no longer viable it should no longer be in the console. Simply removing the tick to enable scanning is just a lazy way to manage it.

I had received a sql script once to wipe out all the info in the database but alas I can no longer find it.

 

Thanks in advance.

 

Hi,

 

Suggestion 3325 is submitted.

 

Thank You!

Share this post


Link to post
I have a KSC Feature Request for the Group Scan Task (for KES 10):

It would be nice to add a new feature to inform the user on screen, that a full scan is going to start.

- If the user does not react for (example) 30 seconds, then the scan job starts automatically.

- When the user is informed on screen, that a scan job is about to start, the user can answer with Yes or No.

If Yes, then the scan job starts (it is ok for the user that the scan job is running now).

If No, then the user is asked, at which time the scan job should start again (postpone for 2 hours, or ask for a certain time, maybe 3 p.m. or ..... )

 

Also it would be a nice thing to add a function/feature to the group scan task, that a scan will start on system shutdown of the clients.

The scan is running until it is finished, and then the computer will continue to shutdown/restart.

Also here it would be nice to have a user interaction -> during shutdown, ask the user if the scan can run now, or if the computer should shut down normally without scan.

 

Hi,

 

Suggestion 3326 is submitted.

 

Thank You!

 

Kaspersky Security Center 10.1.249

 

What i would like to see is what is holding up my computer group tasks, what actual scheduled task is running. I usually get this message,

 

Event type: Task cannot be performed

Result: Cannot start task

Object: Update

Object\Name: Update

Reason: Cannot start two tasks at the same time

 

Why do I have to get a vague error instead of telling me the actual task that's running or notify me when the task is about to be saved/created that (name of the task) has that time slot, I really don't like having to play Colombo to track down errors, just have the error show in the view results, here is another example of a result.

 

Vulnerability and application updates scan task completed (some errors occurred)

 

Or how about the feature for stop the task after x minutes actually works.

 

I have a task I schedule on Saturday 7/25 that is still running as of today 7/31 that was suppose to stop running after 999 minutes.

 

Hi,

 

Suggestion 3327 is submitted.

 

Thank You!

 

 

Kaspersky Security Center 10.1.249

 

What i would like to see is what is holding up my computer group tasks, what actual scheduled task is running. I usually get this message,

 

Event type: Task cannot be performed

Result: Cannot start task

Object: Update

Object\Name: Update

Reason: Cannot start two tasks at the same time

 

Why do I have to get a vague error instead of telling me the actual task that's running or notify me when the task is about to be saved/created that (name of the task) has that time slot, I really don't like having to play Colombo to track down errors, just have the error show in the view results, here is another example of a result.

 

Vulnerability and application updates scan task completed (some errors occurred)

 

Or how about the feature for stop the task after x minutes actually works.

 

I have a task I schedule on Saturday 7/25 that is still running as of today 7/31 that was suppose to stop running after 999 minutes.

 

Hi,

 

Suggestion 3328 is submitted.

 

Thank You!

Share this post


Link to post
Another suggestion. Since KSC can be used to rudimentary deploy third party apps, improvement in this area would be welcome. For example, being able to see complete output of scripts or installation apps

 

Hi,

 

Suggestion 3329 is submitted.

 

Thank You!

Share this post


Link to post
When rolling out Encryption to 100+ PCs it would be very helpful if you could control the default domain in the pre-boot authentication screen through KSC. Therefore when the user gets to the pre-boot authentication screen they only have to worry about getting their username and password correct. Many of my users wont know what a domain is never mind being able to enter it correctly!!

 

I am currently having to access every PC manually before distributing them and press F10 and enter the domain. This way the next time a user logs onto the PC the domain should remember what was selected before. Unfortunately a curious user may decide to press F10 for themselves, so maybe the hint 'To change domain press F10' could be removed if the above was not possible?

 

Thanks.

Oh and I'm not sure whose idea it was to roll out a product that doesn't even include QWERTY (UK) as an option! Did they not plan to sell it to the UK?

 

Hi,

 

Suggestion 3330 is submitted.

 

Thank You!

 

The ability to setup Notifications based on Group rather than on Task. Currently if I want an email to go out as soon as a virus is found it is set at the Policy level, Under Advanced Settings/Interface/Notifications. That's all well and good if you are a small installation. However, if you are dealing with multiple locations it would be nice to be able to set different Notifications for different groups. I know I can setup a million different Policies and then configure each of them, but does that make any sense? If a policy change is needed then you have to do it in a million different places. It would be better if we could set some basic settings on the Group that a client is in - Who to notify in case of a virus would be one of those items.

 

Hi,

 

Suggestion 3331 is submitted.

 

Thank You!

Share this post


Link to post

At the moment KES 10 clients operating under a KSC 10 policy can't manually run updates. Users who, for practical reasons, keep missing scheduled updates across the network can therefore end up quite out of date. Their only option is to ensure their machines (usually laptops) are on the network at one of the scheduled update times, which may not always be possible without them causing a great deal of grief for network admins.

 

I'm aware that I can go into a policy under Advanced >> Application Settings and tick "Allow local tasks to be displayed and managed". However this also gives the user full access and control over the tasks settings - which is WAY too much. I would like more granular control so that I can allow a user to RUN certain local tasks manually, but NOT alter any of the settings.

 

This will allow these "awkward" users to keep their machines up to date manually even when they, for practical business reasons, keep missing the scheduled updates.

 

 

Share this post


Link to post
At the moment KES 10 clients operating under a KSC 10 policy can't manually run updates. Users who, for practical reasons, keep missing scheduled updates across the network can therefore end up quite out of date. Their only option is to ensure their machines (usually laptops) are on the network at one of the scheduled update times, which may not always be possible without them causing a great deal of grief for network admins.

 

I'm aware that I can go into a policy under Advanced >> Application Settings and tick "Allow local tasks to be displayed and managed". However this also gives the user full access and control over the tasks settings - which is WAY too much. I would like more granular control so that I can allow a user to RUN certain local tasks manually, but NOT alter any of the settings.

 

This will allow these "awkward" users to keep their machines up to date manually even when they, for practical business reasons, keep missing the scheduled updates.

 

 

Update settings for mobile mode section, you can adjust the settings that are applied when running the update task if no connection is established between the computer on which the application is installed and Kaspersky Security Center. other way you can create a out of office policy (triggers only if clients is disconnected from the KSC or 3 synch with server fails) for laptops and allow the local task to be displayed then local update task (inbuilt) will run automatically, in my opinion it does not harm the system security. Once the client is back in the office the "Active" policy will automatically applied which then hides the local tasks.

 

i hope it helps you!

Edited by hafeez.rehmaan

Share this post


Link to post
Update settings for mobile mode section, you can adjust the settings that are applied when running the update task if no connection is established between the computer on which the application is installed and Kaspersky Security Center. other way you can create a out of office policy (triggers only if clients is disconnected from the KSC or 3 synch with server fails) for laptops and allow the local task to be displayed then local update task (inbuilt) will run automatically, in my opinion it does not harm the system security. Once the client is back in the office the "Active" policy will automatically applied which then hides the local tasks.

 

i hope it helps you!

 

Thanks Hafeez! That is a very interesting suggestion, I'll give it a go. Having said that I've noticed some interesting behaviour with the default "Install Updates" task - but this thread is not the place to discuss it. I'll raise a new topic in the main forum for that.

 

Cheers!

George

Share this post


Link to post
Also, the ability to reboot an encrypted machine to pass-thru POA screen. For remote support.

 

+1 for this request. This would be great!

Share this post


Link to post

I see this as a bug, but may be a feature request as well.

 

In the Client computers view, specifically in the Parent "Managed Computers" group there is a graph on the upper right corner that lists the computer statuses, and it includes all computers in the children groups. However, the display below will only display computers in the given group, it does not include the children in the filter display. Therefore, the only way I can determine what the critical computers are is by running a report, or by searching through each of the child groups to find the problems.

 

Ideally, the parent group filters and computer displays should include all the children in subgroups

post-566755-1440686625_thumb.jpg

Share this post


Link to post

Requesting Application Startup Control to be made available on Windows Server editions. We're using Application Startup Control on all workstations and have setup all whole load of policies, but can't use this on our terminal servers. I don't see why this shouldn't be possible since, if properly configured, there's no real difference in impact between a Windows client or Server.

 

Especially for terminal servers this would be great so you don't end up with 2 completely different systems and rule set (KES Application Startup Control vs Windows AppLocker).

Share this post


Link to post

please give me the ability to remove domains from the Unassigned devices/Active directory tree. I have domains that we retired and cannot remove them from the console...so irritating. I was given a sql script to wipe them all out at one point but cannot locate it anymore.

Share this post


Link to post

In KSC, it would be nice if in all the "computer" views (i.e. Managed computers \ Computers), the user could somehow freeze some columns so he can scroll only the rest. In the rightclick menu, where the user can add/remove columns, there could also be an item named "freeze" which would freeze all columns to the left of the currently selected.

Share this post


Link to post
In KSC, it would be nice if in all the "computer" views (i.e. Managed computers \ Computers), the user could somehow freeze some columns so he can scroll only the rest. In the rightclick menu, where the user can add/remove columns, there could also be an item named "freeze" which would freeze all columns to the left of the currently selected.

 

Hello,

the idea isn't clear,

would you mind to attach pictures that illustrate your suggestion ?

Thank you.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.