myousufhk

Storage Issue

17 posts in this topic

Hi,

I have Kaspersky Security Center 10.3.407. I do patch management of endpoint. The server where Kaspersky Security Center is installed storage is full because of patch management. My question is that how to remove previous patches that are downloaded from Microsoft from Kaspersky Security Center to make storage clear. Is there a task or something that I do to make my server storage empty?

Waiting for response!

Share this post


Link to post
Share on other sites

Hello!

Could you please tell us exactly, what functionality is enabled?

Patch management only, or WSUS too?

Thanks!

Share this post


Link to post
Share on other sites

WSUS is also enabled.

Share this post


Link to post
Share on other sites

Hello!

Could you please tell us, how exactly is the network agent policy set up for WSUS and patch management?

Thanks!

Share this post


Link to post
Share on other sites

I have attached screenshot. Patch Management is all working good, my issue is that the server storage is full due to patch management because it first download patches in server (where Security center installed) and then deploy it to the endpoint. After endpoint successfully patched, what should I do to remove the patches download files that are downloaded in server by Kaspersky Security Center.

N1.png

N2.png

WSUS1.png

WSUS2.png

WSUS3.png

Share this post


Link to post
Share on other sites

Hi,

To safely clear the contents of the specified folders "C:\ProgramData\KasperskyLab\adminkit\1093\.working\wusfiles, C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer" , you should backup the administration server, stop the KSC server service, clear the contents of these folders, recover from the backup, and, before starting the server service, do the following:

In the folder - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center" create file ".dbschema_upgrade" that contains text "1", using the following command that was executed from this folder:

echo 1 > .dbschema_upgrade

Thank you!

Share this post


Link to post
Share on other sites

1- If I do the following as guided by you, why should I restore my backup?

2- If I restore backup, will the patches files also restore?

3- And If patches file do not restore on running backup utility to restore backup, will the Kaspersky Security center again download previously deleted patches when I run patches task?

 

Share this post


Link to post
Share on other sites

 

On 7/12/2017 at 10:04 AM, myousufhk said:

1- If I do the following as guided by you, why should I restore my backup?

2- If I restore backup, will the patches files also restore?

3- And If patches file do not restore on running backup utility to restore backup, will the Kaspersky Security center again download previously deleted patches when I run patches task?

 

Kindly address my above queries...

Share this post


Link to post
Share on other sites
1 hour ago, myousufhk said:

 

Kindly address my above queries...

Sorry for late response.

Please uncheck these items if you don't wish that these updates would be downloaded once more time.

Thank you.

 

Share this post


Link to post
Share on other sites

I think you didn't get me... My question is that when performing windows update patch through Kaspersky, Security center download some files in the server so my server storage increasing time to time. As guided by you to remove the files do the following: (quote attached - please review again the below solution given by your support engineer)

On 7/12/2017 at 9:24 AM, Konstantin Antonov said:

Hi,

To safely clear the contents of the specified folders "C:\ProgramData\KasperskyLab\adminkit\1093\.working\wusfiles, C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer" , you should backup the administration server, stop the KSC server service, clear the contents of these folders, recover from the backup, and, before starting the server service, do the following:

In the folder - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center" create file ".dbschema_upgrade" that contains text "1", using the following command that was executed from this folder:

echo 1 > .dbschema_upgrade

Thank you!

If the above solution works and deleted the files, now my question is that when I again run the task "Perform Windows Update Synchronization", will Kaspersky Security Center again download the same deleted patch files along with the new files that have been successfully pushed to endpoint?

I hope that I can make you understand my point. Waiting for you kind response!

Share this post


Link to post
Share on other sites

Hi,

KSC will download only new updates that are not installed at client PCs.

Thank you!

Share this post


Link to post
Share on other sites

Ok now its clear and just one more question;

I run the task in the following manner:

First I run "Perform Windows Update Synchronization".

Then I run "Find vulnerabilities and required updates".

and in last I run "Install required updates and fix vulnerabilities".

Tell me if I am doing this in wrong manner?

Share this post


Link to post
Share on other sites

Posted (edited)

We have struggled with this issue as well, here is how we have solved it:

1. Remove all "Install required updates and fix Vulnerabilities" except for one task that is set to run on Managed computers, additional tasks can be re-added later

2. In the Group task "Install required updates and fix Vulnerabilities" settings set the rule to general criteria > "Install all updates (Except denied) ; Updates>Install all suitable updates; vulnerabilities>fix all vulnerabilities Also make sure "Install required general system components" and "allow installation of new applications" is selected

3. Go to Advanced>application management>software updates tab and set the following search terms:

Update approval - Leave blank; Not Installed<1; superseded YES  -  Select all these updates and decline them

Update approval - Leave blank; Not Installed>0; superseded NO - Select all these updates and APPROVE them

Update Approval - Undefined - Select all these updates and decline them

4. Next set the following search term and clear out all the rest: Update approval DECLINED

Ctrl+A (Select all)>Right click>delete update files>wait for pop up window

Be aware that it can take up to 5 min between each click for anything to happen,  Until you get the screen that states that updates have been qued for removal then you are not finished.

5. Removal of the old updates can take anywhere between 10 min to 2 hours depending on how many updates are being removed, you should see at least some space removal ASAP

6. Run the "Find vulnerabilities and required updates" task on the company

7. After task run is complete go back to Advanced>application management>software updates tab and approve any additional updates found

Update approval - Declined; Not Installed>0; superseded NO - Select all these updates and APPROVE them

8. Run the "Install required updates and fix Vulnerabilities" Group task

 

I have also had to run the database maintenance task or reboot the server if I do not see space gains after a hour or two.

 

Edited by TomS42

Share this post


Link to post
Share on other sites
1 hour ago, TomS42 said:

We have struggled with this issue as well, here is how we have solved it:

1. Remove all "Install required updates and fix Vulnerabilities" except for one task that is set to run on Managed computers, additional tasks can be re-added later

2. In the Group task "Install required updates and fix Vulnerabilities" settings set the rule to general criteria > "Install all updates (Except denied) ; Updates>Install all suitable updates; vulnerabilities>fix all vulnerabilities Also make sure "Install required general system components" and "allow installation of new applications" is selected

3. Go to Advanced>application management>software updates tab and set the following search terms:

Update approval - Leave blank; Not Installed<1; superseded YES  -  Select all these updates and decline them

Update approval - Leave blank; Not Installed>0; superseded NO - Select all these updates and APPROVE them

Update Approval - Undefined - Select all these updates and decline them

4. Next set the following search term and clear out all the rest: Update approval DECLINED

Ctrl+A (Select all)>Right click>delete update files>wait for pop up window

Be aware that it can take up to 5 min between each click for anything to happen,  Until you get the screen that states that updates have been qued for removal then you are not finished.

5. Removal of the old updates can take anywhere between 10 min to 2 hours depending on how many updates are being removed, you should see at least some space removal ASAP

6. Run the "Find vulnerabilities and required updates" task on the company

7. After task run is complete go back to Advanced>application management>software updates tab and approve any additional updates found

Update approval - Declined; Not Installed>0; superseded NO - Select all these updates and APPROVE them

8. Run the "Install required updates and fix Vulnerabilities" Group task

 

I have also had to run the database maintenance task or reboot the server if I do not see space gains after a hour or two.

 

Thank you for information.

 

Share this post


Link to post
Share on other sites
10 hours ago, TomS42 said:

We have struggled with this issue as well, here is how we have solved it:

1. Remove all "Install required updates and fix Vulnerabilities" except for one task that is set to run on Managed computers, additional tasks can be re-added later

2. In the Group task "Install required updates and fix Vulnerabilities" settings set the rule to general criteria > "Install all updates (Except denied) ; Updates>Install all suitable updates; vulnerabilities>fix all vulnerabilities Also make sure "Install required general system components" and "allow installation of new applications" is selected

3. Go to Advanced>application management>software updates tab and set the following search terms:

Update approval - Leave blank; Not Installed<1; superseded YES  -  Select all these updates and decline them

Update approval - Leave blank; Not Installed>0; superseded NO - Select all these updates and APPROVE them

Update Approval - Undefined - Select all these updates and decline them

4. Next set the following search term and clear out all the rest: Update approval DECLINED

Ctrl+A (Select all)>Right click>delete update files>wait for pop up window

Be aware that it can take up to 5 min between each click for anything to happen,  Until you get the screen that states that updates have been qued for removal then you are not finished.

5. Removal of the old updates can take anywhere between 10 min to 2 hours depending on how many updates are being removed, you should see at least some space removal ASAP

6. Run the "Find vulnerabilities and required updates" task on the company

7. After task run is complete go back to Advanced>application management>software updates tab and approve any additional updates found

Update approval - Declined; Not Installed>0; superseded NO - Select all these updates and APPROVE them

8. Run the "Install required updates and fix Vulnerabilities" Group task

 

I have also had to run the database maintenance task or reboot the server if I do not see space gains after a hour or two.

 

Thank you for the information. I'll test this solution and let you know.

Share this post


Link to post
Share on other sites

Hello!

Wer will wait for your answer then. 

Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now