Jump to content
Alexander Ilin

Suggestions for Kaspersky Security Center 10. [In progress]

Recommended Posts

Fred-dst, please create a separate topic in order to investigate the issue.

 

bsteingraber, could you please describe your suggestion with more detailes?

 

Thank you!

 

It would be nice if KSC/KES could know/detect if a Windows workstation had Bitlocker Enabled/Disabled along with its specific status and configuration. With this info, you could then run a report showing (for Auditors) Bitlocker is enabled and the drive is encrypted.

Specific data points:

This data is currently accessible via WMI

Share this post


Link to post
It would be nice if KSC/KES could know/detect if a Windows workstation had Bitlocker Enabled/Disabled along with its specific status and configuration. With this info, you could then run a report showing (for Auditors) Bitlocker is enabled and the drive is encrypted.

Specific data points:

This data is currently accessible via WMI

 

Hi,

 

Suggestion 3444 has been submitted.

 

BR

Share this post


Link to post

I have a few suggestions on things I would like seen in KSC (my apologises if some of these are already include and I've simply not seen how to do them, in which case, let me know which ones and I will post questions in the forum about them instead). If I've not explained them suitably or examples would be of use to explain them, let me know and I will expand on them.

 

1

  • When importing an installation package, the ability to specify the folder name to use. For example. NetAgent for Windows and NetAgent for Mac import with folder name NetAgent_version, I would prefer it if it was possible to use a custom name so that I could create for example NetAgent_Win_version, or if I were importing the installation package for KES 10.2.2.10535, it creates KES_10.2.2.10535, if I then import the same package again (say I want one package as default, and another for testing with different components selected), then the next import ends up KES_10.2.2.10535(1), not very descriptive, but being able to specify the folder name to use means it could be given a useful name.

     

  • When creating a standalone package, being able to specify the folder name (and maybe even file name rather than just setup.exe, but folder name is more important) to use. If for example I create a standalone package for the NetAgent to be used on servers, then another for use on computers in Building A, and another for use by computers in Building B, they end up as NetAgent_10.2.434 and NetAgent_10.2.434(1), and NetAgent_10.2.434(2), which is not clear for anyone browsing to KLShare\Packages. To then make it clear I have to rename the folder, which then of causes the standalone package to no longer be listed under the "Show the list of standalone packages" option for the installation package.

     

  • When an update Network Agent is automatically imported into KSC (as part of a KSC upgrade), default name should include "for Windows". The existing Network Agent is created as "Kaspersky Security Center Network Agent (10.2.434)", it would be preferable for it to be "Kaspersky Security Center Network Agent for Windows (10.2.434)" in order to help differentiate from Mac Network Agent (can be renamed manually, but is a manual step that should not be required). One possible alternative might be to add an additional column to the "Installation Packages" area which indicates the OS platform (e.g. Windows, Mac, Linux).

     

  • When exporting from the KSC Console (e.g. selecting objects and choosing Export List to csv), columns with dates/times should export the actual date and time, NOT "14 minutes ago", "One week ago", etc. I find it useful sometimes to export objects and then filter items by date in Excel, but at the moment, that does not work particularly well, if the date/times were all in a standard date/time format, then it would be simple for Excel to export it. Dates/times over a month do export with the full date and time, so the information is there, it just appears that the export does not/cannot use it.

     

  • Implement subnet directed broadcast (SDB) for WoL from KSC servers and the Update Agents/connection gateways. To my knowledge, KSC currently only supports WoL using network broadcast, and unicast (which appears to rely on the ARP cache on a switch/router). Our environment does not allow network broadcast as that would broadcast globally, and the default and recommended ARP cache on Cisco switches is four hours so after a computer has been off for 4 hours WoL no longer works if a unicast packet is sent (the switches drop the MAC and IP address information from the ARP cache). Microsoft SCCM for example supports unicast and subnet directed broadcasts. This was the case back with KSC 10.1.249, which we were running until recently. I had originally logged a call regarding this with our support provider (back in November/December 2014) who then worked with Kaspersky at the time and verified that this was the case, but they had then said that SP1 would implement SDB, but when it did come out (I think it was Jan 2015), the release notes made no mention of that, the only change appeared to be with regards to Update Agents and connection gateways being able to send WoL packets. We have only recently upgraded from 10.1.249 to 10.2.434 (with patch D, 10.2.578), I've not actually done a packet capture this time round to verify that it is still the case, but given that I just tried to wake up some computers and had the same results as I used to get, where some have been off for about 12 hours (did not work) and others only an hour (which worked), I think it is likely SBD has not been implemented.

     

  • Look at implementing Group Policy style "linking" to policies. For example, perhaps under Repositories have a new entry named "Policy Store" in which policies are created, and then link those policies to Groups. This way the same policy could be used by multiple groups, and if a policy needs updating, it can be updated in one location and be applied to all groups that link to it.

     

  • Further enhancement to above, the ability for slave servers to use policies created on the master KSC server "Policy Store".

     

  • Have the ability for the objects for the slave servers to be located in the Master server, instead of the object reporting within itself; For example, say I have servers, KSC-M01 (master), and then two slave server (KSC-S01 and KSC-S02), at present, the objects for KSC-S01 and KSC-S02 exist within themselves. Ideally, these objects should exist in KSC-M01 so that they can be in the same group as other servers and with the same policies/tasks. With the way it works now, I need to create a separate group and policy on both KSC-S01 and KSC-S02 for just to manage KES on those two objects. This would be less of an issue if (as suggested in two other suggestions above) there was a "Policy Store" on the master, and slave servers could be allocated the same policies, but it still means having a separate group for them, so I still think it would be better for them to be on the master server.

     

  • Have the ability for slave servers to use Update Agents that are actually reporting to the Master server. We have some physical servers that serve multiple deployment related roles (distribution points for SCCM and Casper, and also as Update Agents for Kaspersky). At present, Update Agents can only be allocated within the same KSC server, so an agent that reports to the Master, cannot be used as an Update Agent for groups on the Slave administration servers, unless the agent reports to that slave, but in that case it cannot be used on the master or any other slave either. Ideally, an agent should be able to report to the master, and then also be able to be configured as an Update Agent on slave servers. This also keeps the agent reporting to one server (as with the above suggestion).

     

  • In KSC reports (including search result and search export), include additional Parent Group information (full path or maybe one or two additional groups paths), just parent path is not always enough to identify.

     

  • Ability to allow users to delay the start of scan tasks, with admins being able to configure the postpone options and a forced start (e.g. postpone for 1 hour, 2 hours, 4 hours, force after 8 hours). Should be independent of the policy, so this should be on the task.

     

  • Total count of licence usage between master and slave servers for a licence. At present, if you have slave administration servers and use the same licence file as on the master, you have to keep track of the total licences in use separately. Ideally, the licence should be installed on the master, the slaves pick it up (and cache it perhaps in case of connection issues to master), but then report back to the master, and are also aware of the total licences used across all connected servers.

     

  • When deploying KES, have an option on the task to enable restarting the computer (if required) if no user is logged in. At present, the restart just ends up waiting until the forced restart period (if one is configured), even if no-one is logged in.

     

  • When deploying KES, if application has been configured to prompt for user confirmation to allow/postpone the installation, have an option on the task to enable immediate starting of the installation if no user is logged in, otherwise a task just ends up waiting until the forced installation period, which is pointless given no-one is using it.

     

  • When deploying KES, when prompting for restart or for permission to proceed with install, give users indications of when the forced installation will occur. At present, users will only receive an indication of when the installation/restart will be forced when it is one minute away from occurring (i.e. a 60 second count down will show up). Each time the prompt appears, it should show a countdown, maybe even two countdowns, one for Time Until Next Prompt, and another for Time Until Forced Install/Restart.

     

  • When users select to postpone an installation or restart, even if the task has been configured to prompt the user every X minutes, there should be some visible icon (such as in the system tray) which can be used so that a user can manually initiate the required confirmation before the prompt is displayed again. For example, we do not want to annoy our users with having prompts appear too often, so we will usually have the installation and reboot prompts appear every two hours. However, we have had users say that, they postponed because they were in the middle of something, but then when they were ready to perform the installation/reboot, there was no way for them to get the prompt back except to wait, but by the time the prompt did re-appear, they were past a suitable time for them and so did not proceed to agree to the install/reboot (in the case of reboots, even though they could rebooted manually, some have said they thought it had to be done as part of the notification, and it also appears KSC prefers reboots done via its prompt rather than someone going to Start / Restart, which often causes KSC to report that the computer was unexpectedly rebooted).

     

  • When deploying KES, allow forcing installs at a specific time rather than just the option to force after X minutes (e.g. prompt every hour, but then force install at 17:00, unless user has opted to install beforehand either via the prompt).

     

  • When deploying KES, allow forcing reboots at a specific time rather than just the option to force after X minutes (e.g. prompt every hour, but then force restart at 17:00, unless user has opted to restart beforehand either via the prompt or manually restarting computer).

     

  • When deploying KES, if agent is being deployed with it, and task has been configured to prompt user to allow the install, user is prompted first for the agent, and then for KES. Preferably should be just one prompt (with configurable message) rather than multiple prompts (or maybe allow the admin to configure if they want one prompt or multiple). We've had users complain saying they clicked install (for the agent), but then got another installation prompt and they thought it was the same thing and that it was not working as it asked them again (the text is different, but from a user's perspective, not very understandable, they do not know the difference between agent and KES).

     

  • When configuring a task to prompt users for installation, the text for that installation prompt should be configurable.

     

  • Some sort of visible progress for installation tasks. When the agent or KES are being installed, users have no idea whether anything is happening or not, a progress indicator would be useful to keep users informed, even if it is just a system tray icon that they can hover over for progress information. However, any indicator should not have any cancel/close option on it, and should not be forced to display on top of any open applications (i.e. users should be able to minimise or start bar or system tray).

     

  • A basic API for interaction with KSC to allow for some scripting. For example, some things I would like to be able to do is perform a search and output results. I know this can be done via the GUI, but, I would prefer to be able to script that. An example of us a use case for this, our computers are named using the room they are located in, and their unique asset number (e.g. ROOMA-1124, ROOMB-1125, ROOMB-1126, etc.). At times, computers may be disposed off if too old, or get moved to another room and as part of the move they are re-imaged with their new name (leaving behind the old object). This can result in there being objects in KSC that actually do not exist any more, and while they will eventually be cleared from KSC, it does mean they will stay there until the deletion date (currently set to the default 60 days). If it were possible perform some actions against KSC using scripting, if our support team provided a list of computers that they have removed/moved, we could easily script their removal from KSC, rather than having to manually search and then remove each via the GUI (or wait 60 days for them to be deleted). This would also potentially open up the ability to use scripting to search for duplicate objects (i.e. when you end up with ~number objects, look at which one was last reported to, and then remove the older ones, and rename the remaining object to the correct name by removing the ~number and/or FQDN).

 

We do not use the KSC as an application deployment platform (we have SCCM for that), but I imagine that as my references to installing/deploying KES are to do with using the "Install application remotely" task, most of the suggestions I made would/could apply to deploying other applications as well.

 

Sorry if this is too many suggestions for one post, hopefully other people on here will agree with some of them (if they have not already been suggested by others already).

Share this post


Link to post

Can we get the ability to know why the application stopped running or why it would not start back up. (See attachments)

post-563486-1447167114_thumb.png

post-563486-1447167121_thumb.png

post-563486-1447167194_thumb.png

Share this post


Link to post

When you run a task for lots of computers in KSC, if the task fails on some of them it would be nice to have an option to remove from the list of computers the ones that completed succesfully so we can retry the task on the remaining computers.

 

Currently there is no way to do this, and the "view results" window doesn't even let you select rows of computers, copy and paste, or anything that would help retrying the task on only a subset of the computers in the list.

Share this post


Link to post
When you run a task for lots of computers in KSC, if the task fails on some of them it would be nice to have an option to remove from the list of computers the ones that completed succesfully so we can retry the task on the remaining computers.

 

Currently there is no way to do this, and the "view results" window doesn't even let you select rows of computers, copy and paste, or anything that would help retrying the task on only a subset of the computers in the list.

 

Hi,

 

We submit suggestion 3468.

 

Br

 

When you run a task for lots of computers in KSC, if the task fails on some of them it would be nice to have an option to remove from the list of computers the ones that completed succesfully so we can retry the task on the remaining computers.

 

Currently there is no way to do this, and the "view results" window doesn't even let you select rows of computers, copy and paste, or anything that would help retrying the task on only a subset of the computers in the list.

 

Hi,

 

We submit suggestion 3468.

 

Br

Share this post


Link to post

Hi,

 

I would like to give specific rights to specific users on specific folders i created on managed computers. It would be great to be able to specify rights at each folder level instead of for the whole console.

 

Regards,

 

Arnaud,

Share this post


Link to post
Hi,

 

I would like to give specific rights to specific users on specific folders i created on managed computers. It would be great to be able to specify rights at each folder level instead of for the whole console.

 

Regards,

 

Arnaud,

 

Please explain with more detail and with screen shots.

Thank you.

Share this post


Link to post

Hello,

 

Let's take the attached tree of folders.

 

Actually, i can give access to the console to (for example) 2 users :

- For one i give the full admin rights (the user can do anything anywhere on the console)

- For the second, i give limited rights (the user have limited rights anywhere on the console)

 

I would like to have the possibility to give to one user :

- Admin rights for specific folders (for example the "Autre" folder here)

- Limited rights for other folders (for example "Extérieurs" folder here)

 

Regards,

 

Arnaud,

post-469405-1447665600_thumb.jpg

Share this post


Link to post
Hi,

 

At "Security" tab at group properties you can grant some specific permissions to any user.

 

Thank you!

 

Thank you for the answer.

Share this post


Link to post

Good afternoon.

 

Suggestion from a customer !!

 

The first suggestion would be to fix the error in the devices control where you can find a particular device through your ID through the search option "devices by ID", in "Trusted Devices".

The second would be to modify the "Web Protection" in Kaspersky Endpoint Security policy for mobile devices, in a way to indicate which method works to which OS. for example, from what I've tested the lock by categories does not work on Android devices, but works on iOS devices. The reverse occurs "Only websites listed are allowed", which also tested works in Android, but not in the iOS.

 

Best regards

Share this post


Link to post

Augusto Freitas, Could you pleas specify what version of KSC and KES do you use?

As for 1st suggestion what product we are talkig about - KSC or KES?

Share this post


Link to post

Please take care that a Task with virusscan on a computerselektion list will update the Computer to scan when Task is running. Manual it works an, automaticlly the Job will only scan the same Computers as before

Share this post


Link to post

For reports and notifications, it would be useful it when we uncheck "Installed" under "Software updates report" that all the installed updates would disappear from the report.

 

The reason I suggest this is because we at the company I work for would like to be able to see the software update and vulnerabilities in a daily report that we still need to implement. We have more than 200 with just the small office of people we run that have been Installed in our report, and only 57 Applicable. It would be much better to just see the what we needed to see, as we don't need to see what's bee successfully installed. Especially not in a daily report, particularly not as the number of installed continues to grow.

Share this post


Link to post
For reports and notifications, it would be useful it when we uncheck "Installed" under "Software updates report" that all the installed updates would disappear from the report.

 

The reason I suggest this is because we at the company I work for would like to be able to see the software update and vulnerabilities in a daily report that we still need to implement. We have more than 200 with just the small office of people we run that have been Installed in our report, and only 57 Applicable. It would be much better to just see the what we needed to see, as we don't need to see what's bee successfully installed. Especially not in a daily report, particularly not as the number of installed continues to grow.

 

Hello,

you can follow "application management", "Software updates" and you see new updates.

Thank you.

Share this post


Link to post

It would be very useful for me having a way (using KSC) to remotely remove kaspersky installed programs.

I'm used to run kavremover when I have some issue on old machines that have been historically installed and upgrade with Kaspersky programs.

kavremover functionality is good but I need it implemented within KSC.

it is also important for me that this function is able to remove selectively the programs. For example select all antivirus versions it might be able to remove and keep network agent.

thanks for you attention on this.

Share this post


Link to post

Hi,

 

Kavremover is designed that way in order to prevent unauthorized deletion of critical software(NAgent or KES) which could cause security breach.

If it`s necessary to delete some specific KES versions or similar, one can use Remote uninstallation tasks for selected computers.

 

Thank yoU!

Share this post


Link to post

I think WSUS & Software Updates component would need some work.

 

E.g. currently if you select all the language packs for OS to download you cannot remove them from list in software updates, even if you deselect them from downloading in windows update synchronization task. The only option is to reinstall KSC and before first sync with windows update, deselect language packages. I think overall WSUS should be more flexible.

 

Also supporting build-in keyboard in FDE for Lenovo ThinkPad L440~L450 would be awesome.

Edited by ilukeberry

Share this post


Link to post

Hi,

 

I'm using KSC 10.3.295, NA 10.3.295, KES 10.2.4.649 and KSM 10.5.112.7263.

 

First suggestion would be to fix the error in Device Control, in Trusted Devices more specifically. When I try to find a device to add as a Trusted Device using the ID within the informations that was generated by device block event the research does not bring anything. The only way I can find the device is using its name or searching by host name.

 

Second suggestion would be add the possibility to add websites by using wildcards (*) in Web Protection of Kaspersky Security for Mobile when the option selected is "Only listed websites are allowed". Currently the only way I can do that is specifying each web site, but it would take a huge work in case, for example to allow every web site within kaspersky domain.

 

Third suggestion is to fix the Russian option, in the English version, in the tab Update Agents in the Properties of Administration Server as shown in the picture.

 

Thank you.

Edited by luanlucas

Share this post


Link to post
Hi,

 

I'm using KSC 10.3.295, NA 10.3.295, KES 10.2.4.649 and KSM 10.5.112.7263.

 

First suggestion would be to fix the error in Device Control, in Trusted Devices more specifically. When I try to find a device to add as a Trusted Device using the ID within the informations that was generated by device block event the research does not bring anything. The only way I can find the device is using its name or searching by host name.

 

Second suggestion would be add the possibility to add websites by using wildcards (*) in Web Protection of Kaspersky Security for Mobile when the option selected is "Only listed websites are allowed". Currently the only way I can do that is specifying each web site, but it would take a huge work in case, for example to allow every web site within kaspersky domain.

 

Third suggestion is to fix the Russian option, in the English version, in the tab Update Agents in the Properties of Administration Server as shown in the picture.

 

Thank you.

 

Hello,

did you inform about these errors in beta-testing branch ?

Thank you.

Share this post


Link to post
Hello,

did you inform about these errors in beta-testing branch ?

Thank you.

 

Hi,

 

No, I did not. Sorry if I've posted in the wrong place.

 

Regards,

Luan

Share this post


Link to post
Could you please clarify if you try to deselect language are there any errers?

Or changes are just not saved?

 

Thank you!

 

There aren't any errors they just don't go away in "Software Updates". I've had to reinstall KSC and deselect languages before first windows update sync to get rid of them.

 

Regrads

 

Share this post


Link to post
There aren't any errors they just don't go away in "Software Updates". I've had to reinstall KSC and deselect languages before first windows update sync to get rid of them.

 

Regrads

 

Hi,

 

Could you please attach illustrating screenshots?

 

Thank You!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.