Jump to content
Sign in to follow this  
Oleg Bykov

What this patch fixes

Recommended Posts

As the Knowledge Base article can not go online before the patch is release, I'll copy the information here:

 

Kaspersky Security 10 for Windows Server: Critical Fix KB13463

 

Release date: the 22nd of March, 2017

 

 

Critical Fix KB13463 - complex critical update for the Kaspersky Security 10 for Windows Server software modules. The current update includes all previous public fixes, new known issues fixes, and also existing functionality improvements for the following components:

- Anti-Cryptor

- Network storages protection

- Real-time file protection and the Trusted Zone

- Applications Launch Control

- Kaspersky Security Center integration

- Core functionality and general application settings (along with the licensing and updating).

 

 

WHAT'S NEW

 

1.The possibilities for the Trusted Zone settings configuring improved.

Now you can whiten the trusted processes list with a wider range of the criteria: the application is to whiten the processes by the hash sum only, by the path only or both by the hash sum and by the path. It can be set up in registry:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\WSEE\10.0\Environment

TrustedProcessCheckMethod : REG_DWORD

 

Possible values:

1 – only check the full path to the process file

2 – only check the checksum of the process file

3 – check both the full path and the checksum of trusted processes (behaviour by default)

 

To apply the changes one has to restart the Real-time File Protection task (or the whole KAVFS service).

 

2.The possibilities for the protection and the scan scopes settings configuring improved.

Now you can configure processing of the parent container objects when the embedded threat is detected: the application is to delete the entire parent container object, if it is inaccessible for partial editing. It can be set up in registry.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\WSEE\10.0\Environment

DeleteRootContainer : REG_DWORD

 

Possible values:

1 – delete uncurable root container

0 (or no value) – do not delete the container

 

To apply the changes one has to restart the according task (Real-Time File Protection or one of the On-Demand Scanning tasks).

 

3.The possibilities for the Anti-Cryptor task settings configuring broadened: the mask syntax for the task scope exclusions is improved. Please find the detailed how-to-manage instructions in the Knowledge Base (articles id 13463 or 12644).

 

The mask "*.ext" will exclude all files with the EXT extension regardless of the number of dots in the full file path. Please note that with the old algorithm (with the previous public patch installed) the mask *.ext would also exclude files “file.ext2” and “c:\temp.ext\somefile.doc” – with the new algorithm however this mask will only exclude objects with the name ending with «.ext». To imitate the work of the old algorithm this mask could be used: *.ext*.

 

Examples of masks:

 

C:\Temp\* - will exclude all objects if their path is starting with “c:\temp\”

C:\Temp – if there is a folder with this name, then this exclusion will exclude all objects whose path starts with “c:\temp” - if there's no "C:\Temp" folder on disk then this exclusion will only exclude the file «C:\Temp». However if this exclusion had a mask symbol in it, it would work differently: the folder presense on the disk will not be checked. That is, “C:\T?mp” will exclude only files with the names “c:\temp” and “c:\tump” (for example), but will not exclude the contents of the folder “C:\Temp”

C:\Profiles\*\Folder – excludes all objects with the name «Folder» in C:\Profiles and all its subfolders, but will not exclude files in C:\Profiles\bykov\Folder

C:\Profiles\*\Folder\* - similar to the previous example, but also excludes all files and subfolders in C:\Profiles\bykov\Folder

 

4.The general capabilities for the Anti-Cryptor task improved.

An inner detection algorithm improved in order to increase a number of encryption pattern detected, as well as to reduce the false positive task firings.

 

5.The general capabilities of the ICAP Network Storage Protection task improved: the new software versions for the Hitachi Data Systems are now supported.

 

6.The possibilities for the ICAP Network Storage Protection task settings configuring improved: now you can adjust the memory buffer volume that is to be allocated for the objects anti-virus processing. Besides, you are able to change the temporary folder path that is set by default. Can be configured in registry:

 

SOFTWARE\KasperskyLab\WSEE\10.0\Environment\ICAP

MemoryNumberOfPage : REG_DWORD

TemporaryFolder : REG_SZ

 

MemoryNumberOfPage can be any number from 1 to 21 (it is 2 by default) - this number defines how many 64KB memory pages will be used for incoming files scanning. If an incoming file is smaller than this buffer, it will be scanned in memory, without any disk I/O. If the file is larger, it will be first copied to the temporary folder and then scanned on disk.

 

TemporaryFolder allows to change the location of the temporary folder for the ICAP server.

 

To apply the settings the ICAP Protection task should be restarted.

 

7.The outbound network requests algorithm improved: the application does not use WPAD protocol anymore, either including performing updates, connecting to the KSN services, and activating the application via an activation code.

 

 

ISSUES FIXED

 

1.Core functionality.

The error fixed that caused problems with real-time and anti-crypting protection on the overloaded file servers: the resources consumption lessen for cases when the large data volume processing is required.

 

2.Core functionality.

The error fixed that caused compatibility problems when working with the Symantec Enterprise Vault. The error provoked false (as well as strictly prohibited by the user) recalls for the HSM-stored files.

 

3.Core functionality.

The error fixed that caused extra-resources consumption on the file servers with a high level of user activity: the logged-in users cached data processing is optimized.

 

4.The ICAP-client integration.

The error fixed that caused the application dead loop while working with some types of clients connected via ICAP.

 

5.The RPC Network Storage Protection task.

The error fixed that caused the task dead loop while working with the NetApp storages in a 7-Mode.

 

6.The Host Blocker task.

The error fixed that caused untrusted hosts unblocking after a random time period: the factual unblocking time did not synchronize with the setting configured for the untrusted hosts list.

 

7.The Applications Launch Control task.

The error fixed that caused incorrect name devise for a script launched, as well as problems with an application launch processing via the command line.

 

8.Licensing.

The error fixed that caused anti-virus bases updates inability after unsuccessful license state synchronization. The problem occurred after month usage when activating the application via Kaspersky Security Center Proxy by the activation code.

 

9.The Trusted Zone.

The error fixed that caused problems with the long paths (over 255 symbols) processing.

 

10.The Trusted Zone.

The error fixed that caused subfolders missing when adding the exclusions via the masks.

 

11.The Kaspersky Security Center integration and KSN.

The error fixed that caused incorrect address selecting in case of multiple addresses income to KSN Proxy from the Kaspersky Security Center.

 

12.The Kaspersky Security Center integration.

The error fixed that caused incorrect update state attributing to a protected server in the Administration Server console.

 

13.The Base Update task.

Error fixed that caused anti-virus bases update tasks failure.

 

14.The Base Update and the Software Module Update tasks.

The error fixed that caused task failure when the memory optimization failed because the RAM-disk had not been created successfully: if the RAM-disk creation is unavailable, the application starts updating without memory usage optimization.

 

15.Common functionality.

The error fixed that caused wrong tasks scheduling, including the following scenarios: 1) weekly schedule now works properly, 2) the tasks start randomization algorithm improved in order to increase variance.

 

 

© 2017 AO Kaspersky Lab. All Rights Reserved.

 

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.