Jump to content
LogiTan

Kaspersky Application Control [In progress] [2227618]

Recommended Posts

 

Hello,

We are currently evaluating the "Kaspersky Application Control" module in our IT infrastructure.

Our Kaspersky Server is version 10.4.343 SP2 MR1 and the agent on the workstations is also at this version.

The module works as expected, except that we have noticed that applications are not blocked during the first two minutes, once the user is authenticated on our network.

In fact, applications are blocked on the workstation only when the agent (KLnagchk.exe) is in operation.

We have noticed that this delay corresponds to the time required for the operation.

During this period, the user may run one or more applications, even if they are not on my reference workstation.

However, a message appears informing you that the application has been blocked ...

Once the KLnagchk.exe agent is up and running, the protection module works perfectly.

 

Is that a normal time?

If not, how to correct it?

 

Thanks in advance.

Share this post


Link to post
Hello,

We are currently evaluating the "Kaspersky Application Control" module in our IT infrastructure.

Our Kaspersky Server is version 10.4.343 SP2 MR1 and the agent on the workstations is also at this version.

The module works as expected, except that we have noticed that applications are not blocked during the first two minutes, once the user is authenticated on our network.

In fact, applications are blocked on the workstation only when the agent (KLnagchk.exe) is in operation.

We have noticed that this delay corresponds to the time required for the operation.

During this period, the user may run one or more applications, even if they are not on my reference workstation.

However, a message appears informing you that the application has been blocked ...

Once the KLnagchk.exe agent is up and running, the protection module works perfectly.

 

Is that a normal time?

If not, how to correct it?

 

Thanks in advance.

 

Hello!

 

Please state the KES version.

 

Also please send a screenshot of the policy profiles.

 

Also please check if the issue persists, if the Network Agent is stopped after it started.

 

Thanks!

Share this post


Link to post
Hello!

 

Please state the KES version.

 

Also please send a screenshot of the policy profiles.

 

Also please check if the issue persists, if the Network Agent is stopped after it started.

 

Thanks!

 

Hi Ivan,

 

The KES version is 10.3.0.6294

The requested screenshots follow below. I hope that is what you asked for ...

And we tested if the issues pesists, if the Network Agent is stopped after is started.

Yes it is.

post-630160-1496333057.png

post-630160-1496333076.png

Share this post


Link to post
Hi Ivan,

 

The KES version is 10.3.0.6294

The requested screenshots follow below. I hope that is what you asked for ...

And we tested if the issues pesists, if the Network Agent is stopped after is started.

Yes it is.

 

Could you please export your current policy and send us?

 

Thanks!

Share this post


Link to post
Could you please export your current policy and send us?

 

Thanks!

 

 

Here is the requested file.

I had to compress the file because it was too large for the allowed limit.

Thank you

CssPolicy.zip

Share this post


Link to post
Here is the requested file.

I had to compress the file because it was too large for the allowed limit.

Thank you

Hi,

 

Could you please provide klnagchk from the problem machine.

 

Thank you!

Share this post


Link to post
Hi,

 

Could you please provide klnagchk from the problem machine.

 

Thank you!

 

Hi,

This is the result.

Thanks

post-630160-1496406839.png

Share this post


Link to post

Hi,

 

According to klnagchk output Network agent is not running.

Please notice, that Network agent uses delayed stark and should be started approx. in 5 mins after system is booted.

Please also check that Network agent service has proper startup type.

Share this post


Link to post
Hi,

 

According to klnagchk output Network agent is not running.

Please notice, that Network agent uses delayed stark and should be started approx. in 5 mins after system is booted.

Please also check that Network agent service has proper startup type.

 

 

Hello,

We want to know if it is normal that the user can start the applications during the first 2 minutes after the start of Windows even if they are crossed with "The Application Control", after which the applications are blocked.

Is there an adjustment we could make to remove that timeframe?

Thank you!

Share this post


Link to post
Could you please confirm that "locks" are closed at Application startup control?

 

Thank you!

 

Yes it is!

Share this post


Link to post

Please confirm, that there are no policy profiles and there is no out-of-office policy.

Please provide us with KES traces collected in the following way:

-start KES traces

-reboot the system

-make sure that restricted resources are avalible

-wait for policy to be enforced

-make sure, that resources are restriced according to the policy

-stop traces

 

Please use any file sharing resource to upload your data and provide us with a link.

Share this post


Link to post
Please confirm, that there are no policy profiles and there is no out-of-office policy.

Please provide us with KES traces collected in the following way:

-start KES traces

-reboot the system

-make sure that restricted resources are avalible

-wait for policy to be enforced

-make sure, that resources are restriced according to the policy

-stop traces

 

Please use any file sharing resource to upload your data and provide us with a link.

 

Hello,

 

The log is too big to be attach, my zip file is 3000K

 

Please note that we are going to be off for the weekend and back on Monday.

 

Thank you for your help.

Edited by LogiTan

Share this post


Link to post
Hello,

 

The log is too big to be attach, my zip file is 3000K

 

Please note that we are going to be off for the weekend and back on Monday.

 

Thank you for your help.

 

Hello!

 

Is there a possibility to upload the files onto a filesharing site?

 

Thanks!

Share this post


Link to post
Hello!

 

Is there a possibility to upload the files onto a filesharing site?

 

Thanks!

 

Can you give me an e-mail address to which I could send it?

Share this post


Link to post
Can you give me an e-mail address to which I could send it?

 

I have sent you FTP information via PM.

 

Thanks!

Share this post


Link to post

I hate to jump into a conversation, but am I reading correctly that KSC/KES users cannot expect the Application Control module to block any applications until 5 minutes after the workstation has started/restarted?

 

 

Share this post


Link to post
Hello Ivan, I downloaded the file to the ftp site you indicated.

Thank you

 

Hello!

 

Thank you for the information.

 

We created an Issue 2227618 for your problem.

 

We will inform you about any new answers from the developers.

 

Thanks!

Share this post


Link to post
Hello!

 

Thank you for the information.

 

We created an Issue 2227618 for your problem.

 

We will inform you about any new answers from the developers.

 

Thanks!

 

 

 

Thanks for your support Ivan. We await further developments regarding this issue.

Share this post


Link to post
Hello Ivan, I downloaded the file to the ftp site you indicated.

Thank you

 

Hello!

 

We would like to have a bit more information:

 

1. Please correct me if I am wrong: after the Windows logon the network agent start for about 2 minutes and in this period the policy is not applied to the machine.

2. Please collect the process monitor log and new traces of the network agent and kes from the logon and till the policy is applied.

3. Please upload the policy itself once again.

 

Thanks!

Share this post


Link to post
Hello!

 

We would like to have a bit more information:

 

1. Please correct me if I am wrong: after the Windows logon the network agent start for about 2 minutes and in this period the policy is not applied to the machine.

2. Please collect the process monitor log and new traces of the network agent and kes from the logon and till the policy is applied.

3. Please upload the policy itself once again.

 

Thanks!

 

Hello Ivan,

 

1. Yes, the agent start 2 minutes after the logon and the policy is not applied during this period.

2. I made the log file but I no longer have access to your FTP server to send you the file ....

 

I still have the link with the user code and the password that you sent me. Can you reactivate them please.

Let me know when this is done.

Thank you.

Share this post


Link to post
Hello Ivan,

 

1. Yes, the agent start 2 minutes after the logon and the policy is not applied during this period.

2. I made the log file but I no longer have access to your FTP server to send you the file ....

 

I still have the link with the user code and the password that you sent me. Can you reactivate them please.

Let me know when this is done.

Thank you.

Hi,

 

The new password has provided via PM.

 

Thank you!

Share this post


Link to post
Hi,

 

The new password has provided via PM.

 

Thank you!

 

I used the user code and password that you sent me, but it does not work. I get the following error message:

"550/index.html:No such file or directory"

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.