Jump to content
Sign in to follow this  
Andrey Korochkin

[FAQ] Testing of vlns3_engine.dll

Recommended Posts

Supported products:

• Kaspersky Security Center 10+

 

Before testing:

• Enable Network agent traces. Details are here

• Create a snapshot (in case you test in virtual machine)

 

Pay attention to:

• Dumps *vapm*.dmp (folder ~dumps in install dir)

• Memory usage by vapm.exe. Peak values must be less than 100 Mb

 

Update check:

1. There are new vlns3_engine.dll and vlns3_convert.dll in 'bases' folder. Check version and MD5 of these files.

2. There are strings in $vapm-eka-1103.log :

INF Module 'C:\Windows\TEMP\kladminkit\[GUID]\esm.cache\vlns3_engine.dll.[MD5]' (version X.X.X.X) is loaded at address ...

...

INF vlneng Engine version: X.X.X.X

3. Check by Process Explorer version of vlns3_engine.dll loaded into vapm.exe process

 

Test plan:

1. Install various old software on client machines. List of supported software is available here

2. Create 'Find vulnerabilities and critical updates' task for client machine. Leave only 'Usa data from Kaspersky Lab', remove %SystemRoot% path or add only custom pathes if installation directories differs from standard

3. Start the task. Wait for finish. Check results after 10 minutes from task completed.

4. Check properties for found vulnerabilities. Check 'vulnerability instances' - computers and (or) vulnerability paths are specified correctly. Check that other vulnerabilities properties are correct.

5. Close vulnerability by path installation. Such vulnerabilities can be found with filter "Fix is available" . From KSC 10.1 in some cases you will need enable 'Allow installation of new application versions during updates' option in task settings after the task was created. By default this option is disabled.

6. Go to 'Software updates' list. Install update for some applications if there are ones in the list after performing step5. Check that updates are installed on client machine.

7. Create and perform 'Uninstall application remotely' task. Use 'Remove specified update for application' part. This option is available from KSC 10.1. It's required to specify exact version and localization (if applicable) for program you want to uninstall through this task.

8. Go to 'Applications registry' list. For some applications there is 'Automatic updating' option in general properties. Try to select between 'Allowed' and 'Blocked' and check that option is changed for software.

 

In case you have an issue:

Please collect and send to us trace files $klvapm-1103.log, $klvapm-eka-1103.log, $klnagent-1103.log, screenshots, export of Security Task results etc.

It will be great if you retest with old vlns3 engine by updating from rollback\public update source.

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.