Jump to content
technikarc

Application categories section

Recommended Posts

In my Administration Server Properties is a section Application categories. Inside Application category propagation mode has two options: Full data transmission (for Network Agents Service Pack 2 and earlier) and Transmission of modified data only (for Network Agents Service Pack 2 and later). My current versions of NA is in my signature, currently it's the latest. How can I know is my NA Service Pack 2 or not? Because problem is when I choose Transmission of modified data only (for Network Agents Service Pack 2 and later) on some Workstations list of whitelisted directories became empty in Application Startup Control (ASC) and started to prevent launch almost any executables.

Share this post


Link to post

Hello. 

Could you please provide GSI report from one of those workstations ?

Share this post


Link to post

Have you performed inventorization task on a said host after enabling Transmission of modified data only ? 

Does host properties in KSC have executable files listed ?

Could you share your KES and Network Agent policy ? 

Share this post


Link to post

No, after enabling Transmission of modified data only  I didn't performed inventorization task.

Question 1: will problem be solved if I run Inventorization task after enabling Transmission of modified data only?

Yes, I see executable files listed  in KSC Advanced > Application management > Applications registry section. They are appearing briefly. Last ones are from yesterday. Although Inventorization task is set to run manually and has not been run recently.

Question 2: if Inventorization task is set to run manually, why applications are still appearing in Applications registry section?

Policies are attached.

Kaspersky Endpoint Security for new KES (Managed devices).klp

Kaspersky Security Center 10 Network Agent.klp

Share this post


Link to post

Hello. 

Inventorization task will go through specified folders and collect information about executables. This will create database entries necessary for application startup control functionality. 

Are you using policy converted from previous KES version or it was build from scratch ?

Applications registry, contains information about all applications discovered on workstations and reported to KSC, information about application could be present even if it that program is no longer used in your network. Entries in Application registry has a limited lifetime, if programs were deleted from all hosts. 

Цитата

Does host properties in KSC have executable files listed ?

properties.PNG

Share this post


Link to post

It was converted policy after updating KEA from v10 to v11 and KSC to latest version. Can't remember the original version of KSC.

It is about half an year I last launched inventorization Task and ASC worked perfectly. As I create whitelisted directories in ASC I don't see purpose of this task. The thing is those workstations didn't saw these whitelisted directories (in picture they are though):

Screenshot_1.png.4a15bd157ba1b9ba4a28e544bf3adcd8.png

I had to reinstall KEA because couldn't even login into Windows account. I'm guessing it was because I chose Transmission of modified data only (for Network Agents Service Pack 2 and later) lately. Now I came back to Full data transmission (for Network Agents Service Pack 2 and earlier). Could it be a problem?

 

Share this post


Link to post
44 minutes ago, technikarc said:

It was converted policy after updating KEA from v10 to v11 and KSC to latest version. Can't remember the original version of KSC.

It is about half an year I last launched inventorization Task and ASC worked perfectly. As I create whitelisted directories in ASC I don't see purpose of this task. The thing is those workstations didn't saw these whitelisted directories (in picture they are though):

Screenshot_1.png.4a15bd157ba1b9ba4a28e544bf3adcd8.png

I had to reinstall KEA because couldn't even login into Windows account. I'm guessing it was because I chose Transmission of modified data only (for Network Agents Service Pack 2 and later) lately. Now I came back to Full data transmission (for Network Agents Service Pack 2 and earlier). Could it be a problem?

 

Hello.

There should be no errors with populating Application Control categories if you use "Transmission of modified data" mode, and the policy is applied properly. Once the policy is applied to hosts, all rules should be working. Is this an ongoing error? Is it possible to reproduce?

Thank you.

Share this post


Link to post

Well the main question was is my products version is related to the Application category propagation mode setting and could cause this behavior. If it's not, I will try to set Transmission of modified data only (for Network Agents Service Pack 2 and later) on Monday again. Hope it will not paralyze my firm one more time :)

Share this post


Link to post

Hello. 


I would suggest configuring policy from a ground up specifically for KES 11 and testing ASC either in Notification mode or on a testing PC.

Share this post


Link to post

I have KEA v11.0.0.6499 and KEA v10.2.6.3733 (for Windows XP only). And I can create Policies for:

 

Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Realease 2 for Windows

Kaspersky Endpoint Security 10 Service Pack 2 for Windows

Kaspersky Endpoint Security for Windows (11.0.0)

 

How can I know wich digital version represent alphabetical version?

Share this post


Link to post

Hello!

Every KES version needs a specific administration plug-in that is installed on the administration server. 

If you have installed it and if the machines are added to KSC you can create the policies for every version of KES. 

Also we recommend to upgreade your KES to the newest versions.

Thanks!

Share this post


Link to post
24 minutes ago, Ivan.Ponomarev said:

If you have installed it and if the machines are added to KSC you can create the policies for every version of KES.  

OK. My question was which policy template to use for my KEA v10.2.6.3733? Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Realease 2 for Windows or Kaspersky Endpoint Security 10 Service Pack 2 for Windows ? I can't update those Workstations to the latest KEA version now - they are running Windows XP.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.