Jump to content
LHatland

Adding file by certificate corrupts the category [In progress]

Recommended Posts

I'm wondering if you've ever resolved this, because I just came across the exact same issue. Using a default deny setup and since a couple of days all my custom added applications messed up and couldn't be started anymore. Quite fun when 300 people suddenly start calling about application malfunctions.

 

Came across this topic, and realized there was a file added based on a certificate. After removing this, the category seemed to work again.

 

KSC 10.2.434 + patch D

KES 10.2.4.674

 

EDIT: I have a server trace file, if you want it, tell me where I can upload it. Don't wanna post it on a public forum. Don't know if there's anything interesting in it though. It just a trace of me adding a file based on cert to a category.

 

Also created an incident: INC000005852596

Edited by Michel-B

Share this post


Link to post
QUOTE(Michel-B @ 26.02.2016 14:30)
I'm wondering if you've ever resolved this, because I just came across the exact same issue. Using a default deny setup and since a couple of days all my custom added applications messed up and couldn't be started anymore. Quite fun when 300 people suddenly start calling about application malfunctions.

 

Came across this topic, and realized there was a file added based on a certificate. After removing this, the category seemed to work again.

 

KSC 10.2.434 + patch D

KES 10.2.4.674

 

EDIT: I have a server trace file, if you want it, tell me where I can upload it. Don't wanna post it on a public forum. Don't know if there's anything interesting in it though. It just a trace of me adding a file based on cert to a category.

 

Also created an incident: INC000005852596

 

Hello.

 

If you prefer to investigate the case in an incident, please provide the following data there:

 

Traces of KSC server and KSC Console collected during a single reproduction of this scenario:

 

1. Creating an application category that does not contain and certificate-based conditions;

2. Adding a rule that utilizes this category in Startup Control

3. Modifying the category by adding a certificate-based entry

4. Opening Startup Control and seeing that the category is broken

 

Thank you.

Share this post


Link to post

QUOTE(Michel-B @ 26.02.2016 12:30) <{POST_SNAPBACK}>
I'm wondering if you've ever resolved this, because I just came across the exact same issue. Using a default deny setup and since a couple of days all my custom added applications messed up and couldn't be started anymore. Quite fun when 300 people suddenly start calling about application malfunctions.

 

Came across this topic, and realized there was a file added based on a certificate. After removing this, the category seemed to work again.

 

KSC 10.2.434 + patch D

KES 10.2.4.674

 

EDIT: I have a server trace file, if you want it, tell me where I can upload it. Don't wanna post it on a public forum. Don't know if there's anything interesting in it though. It just a trace of me adding a file based on cert to a category.

 

Also created an incident: INC000005852596

 

I must bump this thread, certificate based category has never worked for us too since we installed KSC10 last year.

Same behaviour, if I add a certificate to an existing rule, the rule get "corrupted" in the policy and it displays Category not defined. If I create a new application category and add a certificate to it, the newly created category is not displayed in the drop down list of Application Startup control policy.

I have never bothered until now because we were not using this but now we will use this feature so this is an issue.

Server KSC10.2.434 with patch D, using both KES10 SP1 MR1 and MR2 policies.

 

Look forward for a resolution, it's clearly a broken feature.

Share this post


Link to post
I must bump this thread, certificate based category has never worked for us too since we installed KSC10 last year.

Same behaviour, if I add a certificate to an existing rule, the rule get "corrupted" in the policy and it displays Category not defined. If I create a new application category and add a certificate to it, the newly created category is not displayed in the drop down list of Application Startup control policy.

I have never bothered until now because we were not using this but now we will use this feature so this is an issue.

Server KSC10.2.434 with patch D, using both KES10 SP1 MR1 and MR2 policies.

 

Look forward for a resolution, it's clearly a broken feature.

 

Hi,

 

Did you submit an incident regarding this issue? The stated information would be required for further investigation.

 

Thank You!

Share this post


Link to post

I have submitted the requested info, but seeing as 3 different people with different versions reported this issue in this topic alone, I'm assuming this is very easy to reproduce by the developers.

Share this post


Link to post

QUOTE(Michel-B @ 29.02.2016 09:12) <{POST_SNAPBACK}>
I have submitted the requested info, but seeing as 3 different people with different versions reported this issue in this topic alone, I'm assuming this is very easy to reproduce by the developers.

 

Yes I have now submitted the incident to companysupport with Server and console Traces.

Share this post


Link to post
Yes I have now submitted the incident to companysupport with Server and console Traces.

 

Hello,

please inform the request number.

Thank you.

Share this post


Link to post
Hello,

please inform the request number.

Thank you.

 

Hi,

 

Request ID: INC000005862882

 

Thanks.

Share this post


Link to post
QUOTE(Michel-B @ 29.02.2016 11:12)
I have submitted the requested info, but seeing as 3 different people with different versions reported this issue in this topic alone, I'm assuming this is very easy to reproduce by the developers.

 

Hello.

 

A reply from the specialists has been provided within the request.

Please let us know the result.

 

Thank you.

Share this post


Link to post

His response so far:

 

For now we advice to create a Custom category based on file properties to manage this without using the certificate option.

 

We will start investigating this issue soon in a test-lab, if we need more information we will let you know.

 

So we'll have to wait I guess.

Share this post


Link to post

Ok so this was his reply:

 

After sending the information to our product experts they could confirm this is an known issue.

 

In the future adding the certificate condition will work with new Kaspersky Security 10 for Windows Server (this is not Endpoint).

 

We recommend later this the use KS 10 for Windows servers , in special for terminal servers because this product also has an Anti-Cryptor module in it to protect shares and folder against undetected crypto lockers.

 

Workstation with Endpoint has the System Watcher module that does not work on servers.

 

We hope you are informed as well, please let us know this case can be resolved.

 

And later...

 

We will inform to HQ when and IF this will be implemented for KES.

 

I don't get this, really. This should be supported in KES and it's an important part of the functioning of App Control. I would really like to know if this is supposed to be fixed soon. Not in a next version, because we have no clue when that's gonna be and we need to use it right now.

 

 

Share this post


Link to post

Incident is closed and there's no solution for this bug. It's supposedly fixed in SP2 but that's not expected until the end of the year. So this is not an option for us, we'll have to look for an alternative.

Also, it was claimed to work in the next version for servers, which should be released soon. I don't understand how this could be fixed for servers but not for clients. The whole reason this option is available in the KSC is because of the client version, as no other version ever had the Application Control module.

 

Why can't this be fixed for clients?

Share this post


Link to post

Hi,

 

it was claimed to work in the next version for servers, which should be released soon. I don't understand how this could be fixed for servers but not for clients

This behavior will be fixed at KSWS not for KES for file servers. And, of course, at KES10 Sp2.

 

Thank you!

Share this post


Link to post

Right, that's what I meant. I just don't understand why this can be fixed in KSWS, but not in KES (at least not for another 8 months or so). Application Control as only been available for KES to this point and this certificate option has always been there, it just never worked.

Share this post


Link to post

Hello, next time comes KES10 SP1 MR3. Does this version comes with the new patch maybe?

Share this post


Link to post
Hello, next time comes KES10 SP1 MR3. Does this version comes with the new patch maybe?

 

What kind of patch do you mean ?

Thank you.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.