Alexander Ilin

Vulnerability Assessment & Patch Management

79 posts in this topic

Hello Alexander,

 

Sun java

Mozilla 22.x

 

That's all it is to that.

I manage 15 machines on a part-time basis. I use this feature every month to push Adobe and Java patches and get them out more quickly without having to come in after hours or annoy other uses. I download the patches from the publisher, create a distribution package using KSC and add /s or /q in the options. Then I create a job to push them out overnight. Java needs to be uninstalled (also done with Kaspersky) before the update is installed in order to FULLY remove the old instance.

 

I am having some trouble with misreporting of the client machine status, but the update process works smoothly.

 

I would like a way to complete ignore optional Windows Updates.

Share this post


Link to post
Share on other sites

I use it on around 40 workstations and 10 servers. Overall I like the patching abilities that KSC gives me - but there are things that need improvement. Here are the things I would like to see changed.

 

Give me the ability to store updates and patches in a specified location. Currently the account switch utility lets me move about half the updates to a drive other than C, but the FTServer folder still contains over 100GB of files. I saw the post about using a junction. That's a hack that may work - but you really should let me specify the patch storage location as one folder that contains all those files. Definitely a pain having that FTServer folder on my C drive.

 

My list of available updates contains LOTS of foreign language patches. That may be in part because I may have had KSC download patches before I discovered the place where I can specify the languages to download. But now my list has hundreds of foreign language patches. I've selected them and said to delete them - but they never leave the list. I want the ability to select them, delete them, and they disappear from the list.

 

Need more information in the log for when a patch doesn't install properly. Currently all it says is "Completed with error" and "Updates installed: X out of Y". When multiple patches fail it can be difficult to tell which patches succeeded and which failed, and why they failed, as shown in the attachment image.

 

post-594789-1460915651_thumb.jpg

 

When looking at the list of available patches under "Software updates", the Search function needs work. It should perform a case-insensitive search for the specified text contained anywhere within the Name, Description, Security level according to MSRC, or Severity level columns.

Edited by HammerBob

Share this post


Link to post
Share on other sites

Hi, it whould be great to have a option for clearing the Storage and get rid of old and not needed patches from the C:\ProgramData\KasperskyLab\adminkit Folder

Share this post


Link to post
Share on other sites

Hi,

 

Actually you can clear update repository from the KSC -> Repositories -> Updates -> Right click -> All tasks -> Clear update repository.

 

BR

Share this post


Link to post
Share on other sites
Hi,

 

Actually you can clear update repository from the KSC -> Repositories -> Updates -> Right click -> All tasks -> Clear update repository.

 

BR

This only clears Kasperky definition updates which do not take up much space at all. They are asking for the ability to clear Microsoft Updates as they take up 100's of GB of space.

 

Also, updates that are applicable to machines are not showing as applicable. The entire WSUS portion of KSC seems to be hit or miss whether it is going to apply a Microsoft/Windows update or not. If I enable KSC as WSUS and run a find updates and vulns., then sync/download windows updates, then approve updates, then run the task "Install updates and vulns..."(which is configured to apply approved MS updates), none of my devices actually update, I get "no action required". I have created a task to install specific updates, added said updates to that task and run it and I get "no actions required".

 

If I disable KSC as WSUS and then enable my WSUS server and the GPO specifying the WSUS server, all the sudden I have tons of updates to run on all of my devices.

Share this post


Link to post
Share on other sites

Go to the Application Management section - Software Updates.

Have you approved / denied the updates you want installed? You would do this here.

Do you want to remove update files? highlight one, two or all and right click, select Delete update files.

 

Also the Software Vulnerabilities section you can add rule to a specified task.

Share this post


Link to post
Share on other sites

This is actually a very good topic for my organization.

 

1 - Our internal patching is geared entirely towards Microsoft Updates. We are currently very, very behind on third party software. KSC is the only viewpoint I have (security team) into how bad our patching actually is, and provides a good cross-check for the SCCM results for MS Patches

 

2 - Please, change the Vulnerabilities report. I would like to see CVE, KB, or other vendor-specific details in the report, as well as having the ability to click on a KLA vulnerability link and see actual information on the vulnerability. Currently if I click a "KLA" link it just opens the exact same report in my default web browser. This complaint extends to malware detections as well, if I click on a detection name I don't want another report, I want information on the malware. In the documentation it refers to the Virus Encyclopedia but I have yet to find it. (See KSC 10.3.407, English, editing a KES v10SP1MR2 policy, General Protection, Exclusions, Add, Object name. It is very possible I'm an idiot on the Virus Encyclopedia and missing something, but the Help instructions don't provide a link or describe what part of the object name is important)

 

3 - A report without an entry for every single machine would be appreciated. I have created a custom report that basically has no Details section, but for our day to day reporting I just need the raw numbers on how many machines have which CVEs (a CVSS base score would also be very useful). It is hard to understand exactly what is being shown without taking the results as raw input and doing a lot of unnecessary research and manipulation.

 

4 - For software that is widely distributed and tends to have a large amount of version spread on a substantially sized network (with poor patch management and software installation policies), such as Adobe Reader or Flash, please give us the data views to say to our bosses 'on our #### systems, ### have critical Adobe Flash vulnerabilities, with an average of ## critical, ## high, and ### low per affected system across all versions of the software.' Currently I have to dig through way too much external information to say how many issues are from Flash (or Acrobat, or whatever) as each vulnerability is a separate line item, and each version of the software is a separate set of line items, and each system affected is yet another line item. There are literally over 17000 lines in the detail report (yes, we suck at patching). I have no way to determine which ones are overlapping. This is a nightmare for me.

 

5 - On the software inventory, link back the vulnerability data as described in #4.

 

6 - I don't foresee us pushing patches with KSC due to internal politics, but I would if they'd let me. Other's descriptions of how medium and large shops already have something in place for this... That's great for them, but in my experience not all of them do. Having this capability (even if it isn't a full blown feature) could be very useful for the odds and ends that the MS/SCCM guys don't want to touch.

 

Thanks for everything so far, I have my gripes about some fairly minor things but overall I am continuously pleased with the KSC/KES v10 for business. We use a lot of the features and having it on one console makes it easy for a small security team to (attempt to) manage a lot of responsibilities (e.g. malware protection and USB device control) that would normally end up being spread to other groups within IT.

 

As a last note, and I submitted this under the previous request for ideas.. Please, let us turn off the complaint buttons on policy popups. Seriously.

Edited by Richard Long

Share this post


Link to post
Share on other sites
This only clears Kasperky definition updates which do not take up much space at all. They are asking for the ability to clear Microsoft Updates as they take up 100's of GB of space.

 

Also, updates that are applicable to machines are not showing as applicable. The entire WSUS portion of KSC seems to be hit or miss whether it is going to apply a Microsoft/Windows update or not. If I enable KSC as WSUS and run a find updates and vulns., then sync/download windows updates, then approve updates, then run the task "Install updates and vulns..."(which is configured to apply approved MS updates), none of my devices actually update, I get "no action required". I have created a task to install specific updates, added said updates to that task and run it and I get "no actions required".

 

If I disable KSC as WSUS and then enable my WSUS server and the GPO specifying the WSUS server, all the sudden I have tons of updates to run on all of my devices.

 

My suggestions would be to allow better control for the administrator about how space is used and reclaimed.

Forcing us to have massive C: drives is not ideal. Even though we can expand C: drives in a virtual environment, the amount of space needed is not nice when we try to have C: drives run from SSD disks.

Please allow us to perform maintenance tasks like cleanup of the patch management data. Right now it is impossible to plan for long term disk usage.

One suggestion would be to assign a maximum amount of storage for patch management. When reaching this limit, KSC should auto-delete older files. If they are needed again, they should be re-downloaded.

There are plenty of posts in this forum about this issue and it would be much appreciated if Kaspersky could improve on the patch management features.

 

On our network we have to run a new tasks each time we want to install a patch, even though we have a scheduled task in KSC that is supposed to install all missing updates that are approved.

This would also be much appreciated if this could be fixed.

 

Thank you.

Share this post


Link to post
Share on other sites

Would be great to see the list of applied patches and fixes for each machine in the task result window. Not only number of installed patches.

Share this post


Link to post
Share on other sites
Hi,

 

please correct me if I am wrong but the following points would be good:

 

1. Currently when using Kaspersky as WSUS server it fills up my c drive and am unable to relocate the store as the files are stored in C:\ProgramData\KasperskyLab\adminkit\1093\.working. Can this be changed?

 

2. When deploying to clients the patches don't always seem to deploy or restart machines as per the task. Possibly task is corrupt but how often do I need to recreate it?

 

If these 2 point were addressed it would certainly make it more usable for us.

 

Cheers

 

 

If I agree with PaulOMB, for us it is important that the path C: \ ProgramData \ KasperskyLab \ adminkit \ 1093, can be migrated to another drive. At this point you can migrate the folder containing the database of the updates of windows. But even the capacity of the C: / unit is overflowed with the tasks of repairing vilnerabilities.

 

Managing WSUS and third-party updates is very important and useful for correcting problems on our computers. :cb_punk:

Share this post


Link to post
Share on other sites
Would be great to see the list of applied patches and fixes for each machine in the task result window. Not only number of installed patches.

 

Hello,

 

please give us an example of the task you mention.

Your idea is not pretty clear if you deploy a definite patch and get result of successful and failed installations for this patch.

Thank you.

Share this post


Link to post
Share on other sites
If I agree with PaulOMB, for us it is important that the path C: \ ProgramData \ KasperskyLab \ adminkit \ 1093, can be migrated to another drive. At this point you can migrate the folder containing the database of the updates of windows. But even the capacity of the C: / unit is overflowed with the tasks of repairing vilnerabilities.

 

Managing WSUS and third-party updates is very important and useful for correcting problems on our computers. :cb_punk:

 

Hello,

 

there is special utility which can do it - http://support.kaspersky.com/9293

Thank you.

 

Share this post


Link to post
Share on other sites

Hello,

 

I have a problem with this function.

 

I created A task to install required updates and fix vulnerabilities.

 

I used the following connection profiles:

 

1. A laptop which is in a same subnet with KSC 10

2. A laptop which has VPN connection but different subnet. (kaspersky gateway connection established)

3. A laptop which has an internet connection. (kaspersky gateway connection established)

 

Deploy newest network agent and kaspersky endpoint security works in all scenarios 1,2,3

Deploy 3rd party required updates works only in nr. 1. The updates not finished stuck in Running 1% state in Nr. 2 and 3 scenarios.

 

What can be the problem in the second and third scenarios?

 

Share this post


Link to post
Share on other sites

Posted (edited)

Hello,

 

there is special utility which can do it - http://support.kaspersky.com/9293

Thank you.

You could indicate the procedure to use that tool.

I ran the tool, and apparently changed the location but when I run the synchronization task with Windows Update, the disk C is still filling.

Maybe something extra should be done.

 

Edited by claudia451

Share this post


Link to post
Share on other sites

Posted (edited)

You could indicate the procedure to use that tool.

I ran the tool, and apparently changed the location but when I run the synchronization task with Windows Update, the disk C is still filling.

Maybe something extra should be done.

 

I too have this problem, we changed the location fo the WSUS store and we can see the new location growing, but it seems that KSC uses c:\programdata\kasperskylab\adminkit folder in the WSUS download process, perhaps as a staging area.

 

If you look at the disk useage with process monitor, you can see the same update being written to adminkit folder and WSUS location.

 

The ability to define the temp/working/adminkit folder(s) at install (or post install) is essential in order to control disk growth on the OS drive.

Edited by uk-heliman

Share this post


Link to post
Share on other sites

hello,

We are using Vulnerability Assessment & Patch Management components.

We have some problem with it.

First of all, we are using KSC 10.4.343 and KES 10 SP2  with advanced License.

We just selected Critical update,security update and updates in update categorized for Win 7 in Install requiered update task.

We have 2 problems:

1- for a client kaspersky task result said 17 of 17 are installed successfully But when we check windows update properties of client, it said 12 of 17 update are  installed successfully and 5 of 17 updated are failed.

2- install required update task faced an error that it was: 

"  Completed with error     Error 1208/0x0 ('The file exists.') occurred while copying file 'C:\ProgramData\KasperskyLab\adminkit\1103\$FTClTmp\WUSE3D27D1BBE023B9C33E8ED4B97B378FD269D437B' to 'C:\ProgramData\KasperskyLab\adminkit\1103\wusfiles\E3\E3D27D1BBE023B9C33E8ED4B97B378FD269D437B.~tip-temp~'"

But the main problem was that  the task occupied about 40 Gig on "programdata  folder"  on client and  some client more than 80 Gig.

task result and configuration are attached.

 

 

Configuration.txt

resualt.txt

update failed.jpg

Win update folder.jpg

Share this post


Link to post
Share on other sites
On 7/22/2017 at 11:16 AM, amir.fara said:

hello,

We are using Vulnerability Assessment & Patch Management components.

We have some problem with it.

First of all, we are using KSC 10.4.343 and KES 10 SP2  with advanced License.

We just selected Critical update,security update and updates in update categorized for Win 7 in Install requiered update task.

We have 2 problems:

1- for a client kaspersky task result said 17 of 17 are installed successfully But when we check windows update properties of client, it said 12 of 17 update are  installed successfully and 5 of 17 updated are failed.

2- install required update task faced an error that it was: 

"  Completed with error     Error 1208/0x0 ('The file exists.') occurred while copying file 'C:\ProgramData\KasperskyLab\adminkit\1103\$FTClTmp\WUSE3D27D1BBE023B9C33E8ED4B97B378FD269D437B' to 'C:\ProgramData\KasperskyLab\adminkit\1103\wusfiles\E3\E3D27D1BBE023B9C33E8ED4B97B378FD269D437B.~tip-temp~'"

But the main problem was that  the task occupied about 40 Gig on "programdata  folder"  on client and  some client more than 80 Gig.

task result and configuration are attached.

 

 

Configuration.txt

resualt.txt

update failed.jpg

Win update folder.jpg

Is there anybody? 

 

Share this post


Link to post
Share on other sites
1 час назад, amir.fara сказал:

Is there anybody?



 

Hello. Please attach WindowsUpdate.log from problem host(Win 7). What size of disk on host with KSC Server? Thank you!

 

Share this post


Link to post
Share on other sites
26 minutes ago, a.kabanov said:

Hello. Please attach WindowsUpdate.log from problem host(Win 7). What size of disk on host with KSC Server? Thank you!

 

Hi,

At first, I should say after reinstalling agent and removing  update folder in client, the client became update but kaspersky occupied more than 50 gig in kaspersky update folder and this is the main problem.

The  windows update log  was  attached.

Thanks

WinUpdClient.evtx

Share this post


Link to post
Share on other sites
37 минут назад, amir.fara сказал:

Hi,

At first, I should say after reinstalling agent and removing  update folder in client, the client became update but kaspersky occupied more than 50 gig in kaspersky update folder and this is the main problem.

The  windows update log  was  attached.

Thanks

WinUpdClient.evtx

Please attach  %windir%\Windowsupdate.log from Windows 7. 50 gig on client or KSC server?

Share this post


Link to post
Share on other sites
57 minutes ago, a.kabanov said:

Please attach  %windir%\Windowsupdate.log from Windows 7. 50 gig on client or KSC server?

Unfortunately, the client is not accessible now.

More than 50 gig in client.

Share this post


Link to post
Share on other sites
18 hours ago, amir.fara said:

Unfortunately, the client is not accessible now.

More than 50 gig in client.

Hi,

The windows log was attached.

Thanks,

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now