Jump to content
OBK

Events after installation

Recommended Posts

Hi,

I installed the default package KES 11 via KSC and then get two Events:

 

1.

Event "Task settings error. Settings not applied" occurred on device XXXX in Windows domain XXXXX on Dienstag, 5. Dezember 2017 12:45:29 (GMT+01:00)

Event type:     Task settings error. Settings not applied

 

2.

Event type:     Protection components are disabled
Application\Name:     Kaspersky Endpoint Security for Windows
User:     OBK.DOM\admin62b (Active user)
Component:     Protection
Result\Description:     Some components are disabled

 

 

I think some components which are configured in the policy are missing in the package. Do I have to enable the missing components in the Installation package and deinstall/install the package again? Or will the missing components be installed automaticly?

 

Kind regards,

OBK

 

Share this post


Link to post

I'm not sure what the source of the error is, but to add components, you don't have to re-install KES. On the Security Center tasks page, create "change application components" task for KES 11. Select which device you want it to apply to in the new task wizard. After creating the task, right click on it and select properties. Select the properties tab on the left, and you should be given a list of components--select which ones you want, then run the task.

Edited by wfeldmann

Share this post


Link to post
8 hours ago, OBK said:

Hi,

I installed the default package KES 11 via KSC and then get two Events:

 

1.

Event "Task settings error. Settings not applied" occurred on device XXXX in Windows domain XXXXX on Dienstag, 5. Dezember 2017 12:45:29 (GMT+01:00)

Event type:     Task settings error. Settings not applied

 

2.

Event type:     Protection components are disabled
Application\Name:     Kaspersky Endpoint Security for Windows
User:     OBK.DOM\admin62b (Active user)
Component:     Protection
Result\Description:     Some components are disabled

 

 

I think some components which are configured in the policy are missing in the package. Do I have to enable the missing components in the Installation package and deinstall/install the package again? Or will the missing components be installed automaticly?

 

Kind regards,

OBK

 

Hello.

Missing components are not installed automatically. You need to either run a "Modify" task on the host (create a "Change application components" task, then go into its properties and select necessary components, then run it), or reinstall from a package where the correct set of components is selected.

Furthermore, the event is specifically related to components that are installed but not running. Please make sure that in the local interface, they are not malfunctioning (which may indicate that the installation is corrupted), and in the policy, all the components are enabled and the setting is implied.

Thank you.

Share this post


Link to post

I think the reason is the component "BadUSB Attack Prevention". The component isn't installed in Standard-Installation but we configured it in the policy.

In our configuration it's not possible to run a task "Change application components". :mellow:

Event:

Event type:     Application content modification error
Description:     Uninstallation password or user name has not been specified or is incorrect.

But it's not possible to configure user name and password in the task "Change application components". :(

Kind regards,

OBK

Share this post


Link to post
В 12/6/2017 в 11:22, OBK сказал:

But it's not possible to configure user name and password in the task "Change application components".

Could you please clarify.

Thank you!

Share this post


Link to post
vor 7 Stunden schrieb Konstantin Antonov:

Could you please clarify.

I created a task "Change application components" und runs it.

The task stops with an error: Uninstallation password or user name has not been specified or is incorrect. But when I want to configure uninstallation password or username in the task I see, that's not possible.

Share this post


Link to post

Hi,

Please specify a password at KES policy and apply it.

After that try to run uninstallation task once again.

Please inform us about result.

Thank you!

Share this post


Link to post
Am ‎08‎.‎12‎.‎2017 um 21:48 schrieb Nikolay Arinchev:

Please specify a password at KES policy and apply it.

The password is specified in the policy. See attached file.

A specify the password once more and started the Installation. The same result.

kes11.zip

Share this post


Link to post
vor einer Stunde schrieb Ivan.Ponomarev:

Do yo uhave the Self-defence functionality activated? 

I think so because it's an converted policy from KES 10 SP2. But I still don't find the section "Self-defense" in the policy of KES 11. So I can't proof it.

Share this post


Link to post
vor 2 Stunden schrieb Ivan.Ponomarev:

Do yo uhave the Self-defence functionality activated? 

Now I find the section. Yes, Self-defense functionality is acitvated.

Share this post


Link to post
vor einer Stunde schrieb Ivan.Ponomarev:

Could you please check if the issue reproduces with deactivated self-defense?

The same error message. See attached file.

install components.klo

Share this post


Link to post
vor 33 Minuten schrieb Vitaly Kravtsov:

Can you please create the policy from scratch for KES11 and the try to reproduce the issue.

With activated or deactivated self-defense?

Share this post


Link to post
vor 2 Stunden schrieb Vitaly Kravtsov:

Can you please create the policy from scratch for KES11 and the try to reproduce the issue.

I created a new policy (default: no password protection). Then I started a tsk "Change application components" with activated Bad-USB-Control. The task completed on the device.

When I take a look at the eventlog of KSC and add a filter on the device, I don't see any event of the Installation. :o (see exported events and the screenshot of the events of the device.)

(the same behaviour as described at

(There Konstantin Antonov asked me: How it interfere your work?)

Then I moved the device to the original group with the original policy and get the mail:

Event "Task settings error. Settings not applied" occurred on device XXXX in Windows domain XXXXX on Dienstag, 19. Dezember 2017 11:24:54 (GMT+01:00)

Event type:     Task settings error. Settings not applied

(see events events-after-moving-to-original-group.txt)

Kind regards,

OBK

 

 

new policy.klp

task1.klt

result.JPG

events-after-installing-components.txt

events-after-moving-to-original-group.txt

Share this post


Link to post

Please wait with your examination. It seems that I have problems with the inheriation of my policys.

Share this post


Link to post

 

vor 4 Stunden schrieb Vitaly Kravtsov:

Can you please create the policy from scratch for KES11 and the try to reproduce the issue.

Will it fail again?

The task starts running until "Running 100 %". see attached file "task-dont-finish.jpg". I don't see that the task is finished. The tasks ends with the sisplay "see finish.jpg".

Events: see events1.jpg and events-ksc.txt (but in events-ksc.txt, several Events are missing, because KSC shows only events with description.

Kind regards,

OBK

 

task-dont-finish.JPG

finish.JPG

events1.JPG

events-ksc.txt

Share this post


Link to post
On 19.12.2017 at 1:30 PM, OBK said:

I created a new policy (default: no password protection). Then I started a tsk "Change application components" with activated Bad-USB-Control. The task completed on the device.

When I take a look at the eventlog of KSC and add a filter on the device, I don't see any event of the Installation. :o (see exported events and the screenshot of the events of the device.)

(the same behaviour as described at

(There Konstantin Antonov asked me: How it interfere your work?)

Then I moved the device to the original group with the original policy and get the mail:

Event "Task settings error. Settings not applied" occurred on device XXXX in Windows domain XXXXX on Dienstag, 19. Dezember 2017 11:24:54 (GMT+01:00)

Event type:     Task settings error. Settings not applied

(see events events-after-moving-to-original-group.txt)

Kind regards,

OBK

new policy.klp

task1.klt

 

events-after-installing-components.txt

events-after-moving-to-original-group.txt

Hello.

I could not find the "Task settings not applied" event in the specified txt file.

Please provide full export of this event.

Thank you.

Share this post


Link to post
vor einer Stunde schrieb Kirill Tsapovsky:

I could not find the "Task settings not applied" event in the specified txt file.

Neither do I. For this reason, I wrote at the same day: When I take a look at the eventlog of KSC and add a filter on the device, I don't see any event of the Installation.  (see exported events and the screenshot of the events of the device.). (the same behaviour as described at ...

But you should see the Event in the screenshot.

Share this post


Link to post
3 minutes ago, OBK said:

Neither do I. For this reason, I wrote at the same day: When I take a look at the eventlog of KSC and add a filter on the device, I don't see any event of the Installation.  (see exported events and the screenshot of the events of the device.). (the same behaviour as described at ...

But you should see the Event in the screenshot.

Please let me know which screenshots you are referring to. Unfortunately, I appear to be unable to find the text "Task settings error. Settings not applied" on any of the screenshots in this topic.
You mention that you have received a notification email. Maybe you could paste event details from it instead?

"Task settings error" appears to be a critical Application Startup Control event. It might not appear in the event selection if "Save in local log" is unchecked for it in the Notifications section of the KES policy ("Notify by email" might still be checked though).

Thank you.

Share this post


Link to post
vor 35 Minuten schrieb Kirill Tsapovsky:

"Task settings error" appears to be a critical Application Startup Control event.

I want to try do describe, what I did.

- I took a computer with KES 10 SP2 installed on. The Installation included BadUSB Attack Prevention, File Level Encryption, Full Disk Encryption, but not Endpoint Sensor.

- I installed KES 11 beta as an update locally with standard parameters.

- Then I installed the agent and got the two mail. I attached them as screenshot.

- The events aren't logged in KSC.

For me the workaround will be:

- I'll create the Installation package

- I'll modify the package and add BadUSB Attack Prevention, File Level Encryption, Full Disk Encryption and Endpoint Sensor.

- I'll make the rollout with this package.

- I'll notice in my mind, that

* It's necessary to install all components which are configured in the policy.

* Tasks to install missing components doesn't work, but for me this is not important, because all components are already installed.

If you still need informations, please ask. But I really invested much time in this ticket without any result.

Kind regards,

OBK

 

 

mail1.JPG

mail2.JPG

Share this post


Link to post
18 hours ago, OBK said:

I want to try do describe, what I did.

- I took a computer with KES 10 SP2 installed on. The Installation included BadUSB Attack Prevention, File Level Encryption, Full Disk Encryption, but not Endpoint Sensor.

- I installed KES 11 beta as an update locally with standard parameters.

- Then I installed the agent and got the two mail. I attached them as screenshot.

- The events aren't logged in KSC.

For me the workaround will be:

- I'll create the Installation package

- I'll modify the package and add BadUSB Attack Prevention, File Level Encryption, Full Disk Encryption and Endpoint Sensor.

- I'll make the rollout with this package.

- I'll notice in my mind, that

* It's necessary to install all components which are configured in the policy.

* Tasks to install missing components doesn't work, but for me this is not important, because all components are already installed.

If you still need informations, please ask. But I really invested much time in this ticket without any result.

Kind regards,

OBK

Everything except the "Functional failure" event is expected behavior:

1. Non-installed components is a warning because it is assumed that the administrator expects components that they configured to be installed and working on hosts. It can still be dismissed or disabled though.

2. If the installation is password-protected, the configured password should be specified in the "Change application components" task settings. See "Properties->Additional".

 

And the "Functional failure: Task settings error" is specifically an Application Startup Control event. Furthermore, you mention that it occurs when moving hosts between groups, i.e. switching policies (from the host perspective). This leads to assume that the error has nothing to do with the set of components. Please clarify the scenario. Does the error occur when you move the host between groups whose policies only enable Application Startup Control? If so, please collect both policies and KES traces during such a scenario.

Thank you.

Share this post


Link to post
Am ‎10‎.‎01‎.‎2018 um 09:31 schrieb Kirill Tsapovsky:

2. If the installation is password-protected, the configured password should be specified in the "Change application components" task settings. See "Properties->Additional".

The description "Additional" is only something for insiders. Please rename "Additional" to "Use uninstall password" in the final release! I kindly ask you to do it!

Edited by OBK

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.