Jump to content
Nekokawaii

Unable to sync device control policy [In progress]

Recommended Posts

I installed kaspersky endpoint security 10.1.249 on my machines, but on several AIO PC, device control policy doesnt work (the other setting ex: update , is working fine)

 

i checked the device control policy, it was on already

i tried to check agent connection to KSC it seems no issue,

i tried to ping to KSC, from client & it's working fine

 

anyone experience with this issue? :aa:

 

FYI: AIO i use is HP Envy

 

regards

koneko

Share this post


Link to post
I installed kaspersky endpoint security 10.1.249 on my machines, but on several AIO PC, device control policy doesnt work (the other setting ex: update , is working fine)

 

i checked the device control policy, it was on already

i tried to check agent connection to KSC it seems no issue,

i tried to ping to KSC, from client & it's working fine

 

anyone experience with this issue? :aa:

 

FYI: AIO i use is HP Envy

 

regards

koneko

 

Hello,

how did you conclude that device control doesn't work ?

Thank you.

Share this post


Link to post
Hello,

how did you conclude that device control doesn't work ?

Thank you.

 

user can setting device control.. but strangely, that happens only in AIO PC. the desktop PC is working fine -_-

Share this post


Link to post
user can setting device control.. but strangely, that happens only in AIO PC. the desktop PC is working fine -_-

 

Do you mean that user is able to change the device control settings in KES interface ?

Thank you.

Share this post


Link to post
Do you mean that user is able to change the device control settings in KES interface ?

Thank you.

yep..

sorry bad english :b_lol1:

Share this post


Link to post
yep..

sorry bad english :b_lol1:

 

please attach the screen shot of KES interface (dev control),

what is KES build ?

For what KES build did you create KES policy ?

Did you try to setup a password for KES interface ?

post klnagcheck report.

Thank you.

 

Share this post


Link to post
please attach the screen shot of KES interface (dev control),

what is KES build ?

For what KES build did you create KES policy ?

Did you try to setup a password for KES interface ?

post klnagcheck report.

Thank you.

 

hi, here the capture policy of device control on client & KSC

 

FYI

 

i use KES 10.1.249 & using KES 10 MR1 policy

 

yes i turn on enable password protection,

 

regards

koneko

post-555267-1431666165_thumb.jpg

post-555267-1431666185_thumb.jpg

net_agent.txt

Share this post


Link to post
hi, here the capture policy of device control on client & KSC

 

FYI

 

i use KES 10.1.249 & using KES 10 MR1 policy

 

yes i turn on enable password protection,

 

regards

koneko

 

 

Hello.

 

The policy seems working according to the screenshot and klnagchk shows ok as well.

Please clarify, did You try to recreate the policy for KES?

 

Thank You.

 

 

Share this post


Link to post
Hello.

 

The policy seems working according to the screenshot and klnagchk shows ok as well.

Please clarify, did You try to recreate the policy for KES?

 

Thank You.

 

i didnt recreate policy.. because the policy didnt sync between KSC & client, i was setup policy manually for several clients. then i tried disable & enable policy, but the device control policy still not sync :dash1:

 

Share this post


Link to post
Hi,

 

Could you please clarify are all your PC using the very same license?

 

Thank you!

 

yep i use same license SELECT for 680 license,, i will try resolve this issue today.. is it possible if there,s driver conflict on several PCs??

 

regards

koneko

Share this post


Link to post
is it possible if there,s driver conflict on several PCs?

It looks like driver is not involved.

In that case there will be another behaviuor like BSOD, or KES crash, or some errors at event logs.

 

It also looks like Evgeny was wrong - klnagchk is not OK.

It says:

"Total number of synchronizations: 0

The number of successful synchronizations: 0"

That means that there is no connection between server and host.

 

Please try to connect to KSC via 14000 TCP - non-SSL connection.

Please inform us about result.

 

Thank you!

Share this post


Link to post
It looks like driver is not involved.

In that case there will be another behaviuor like BSOD, or KES crash, or some errors at event logs.

 

It also looks like Evgeny was wrong - klnagchk is not OK.

It says:

"Total number of synchronizations: 0

The number of successful synchronizations: 0"

That means that there is no connection between server and host.

 

Please try to connect to KSC via 14000 TCP - non-SSL connection.

Please inform us about result.

 

Thank you!

I will inform u ASAP :rolleyes: thanks

 

Regards

Koneko

Share this post


Link to post
We will be waiting for your reply!

 

Thank you!

 

well i tried to connect on slave server (where AIO PC was) & uncheck SSL connection but it said `cannot connect to the administration server because access is denied, would you like to specify another administration server address?`

 

any clue :unsure:

 

regards

koneko

Share this post


Link to post
yep..

sorry bad english :b_lol1:

 

Hi,

 

Could you please clarify is the issue about not permitting the end-user changing Device Control settings? Do I understand correctly that you would like to deny accessing KES settings locally or the issue is about a different thing?

 

 

Thank You!

Share this post


Link to post

You need to lock the padlocks in your policy to enforce the changes and stop the users from being able to change the settings.

Share this post


Link to post
Hi,

 

Could you please clarify is the issue about not permitting the end-user changing Device Control settings? Do I understand correctly that you would like to deny accessing KES settings locally or the issue is about a different thing?

Thank You!

 

You need to lock the padlocks in your policy to enforce the changes and stop the users from being able to change the settings.

 

It was IT department request, they want administrator (IT team) can configure device control VIA computer client but with enable password protection (preventing unauthorized user). :unsure:

 

should I generate GSI report for further analysis sir?

 

Regards

Koneko

Edited by koneko

Share this post


Link to post
It was IT department request, they want administrator (IT team) can configure device control VIA computer client but with enable password protection (preventing unauthorized user). :unsure:

 

should I generate GSI report for further analysis sir?

 

Regards

Koneko

 

 

Hello.

 

Could You please formulate precisely in detailes which exact technical task You are facing?

 

 

Thanks.

Share this post


Link to post
Hello.

 

Could You please formulate precisely in detailes which exact technical task You are facing?

Thanks.

 

here the situation:

i didnt set any KES policy in managed computer group

i created 2 subgroups , 1 for Block external media & 1 for allow all

i enabled password protection

 

on block external subgroup

->3 of 14 PCs, device control policy isnt sync with KSC Device Control. & the password protection didnt work too because user can change, enable, disable it without password.

 

FYI, none of KSC administrators manually configure / change device control policy on that PC

 

here the screen capture KSC & client

 

regards

Koneko

post-555267-1432019381_thumb.jpg

post-555267-1432019391_thumb.jpg

Edited by koneko

Share this post


Link to post
here the situation:

i didnt set any KES policy in managed computer group

i created 2 subgroups , 1 for Block external media & 1 for allow all

i enabled password protection

 

on block external subgroup

->3 of 14 PCs, device control policy isnt sync with KSC Device Control. & the password protection didnt work too because user can change, enable, disable it without password.

 

FYI, none of KSC administrators manually configure / change device control policy on that PC

 

here the screen capture KSC & client

 

regards

Koneko

 

 

Hello.

 

It seemes that there is something wrong with network agents on these affected machines.

 

Could You please reinstall network agent on these hosts and check the reproduction?

 

Thank You.

Share this post


Link to post

First I would lock it all and see if that forces the settings down as you would expect.

Then deal with the password protection afterwards.

 

Share this post


Link to post
Hello.

 

This variant makes sense.

 

Thank You

 

Hello.

 

It seemes that there is something wrong with network agents on these affected machines.

 

Could You please reinstall network agent on these hosts and check the reproduction?

 

Thank You.

 

First I would lock it all and see if that forces the settings down as you would expect.

Then deal with the password protection afterwards.

 

ok i will lock it & see if the device control policy works or not,

 

regards

Koneko

Share this post


Link to post
ok i will lock it & see if the device control policy works or not,

 

regards

Koneko

 

Hi,

 

We will wait for further results.

 

Thank You!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.