Jump to content
OBK

Application crashs when exe changed to "weakly limited"

Recommended Posts

Hi,

in the policy I configured under "program Control": For applications, where it wasn't possible to detect a security group, automatically move to "weakly limited".  Yesterday and today one file was changed to "weakly limited" and in the same moment the application crashs. Is this a normal behaviour?

Kind regards,

OBK

(I use the german plugin and transleted the german text to english.)

Share this post


Link to post
vor 14 Minuten schrieb Ivan.Ponomarev:

Please state the software versions and please describe the scenario in details. 

The name of the software is DAVID. I can't see any version. To have a look to the exe files please refer to https://www.magentacloud.de/share/8skod1kjjk.

As you can see in the screenshot (please refer to attached file), the last days many exe files are moved to group "weakly limited". But yesterday, when file DSRD.exe was moved, and today when DSRP.exe was moved, the application crashed. The details of the two events are:

First event: 

Ereignisname                    Das Programm wurde in die beschränkte Gruppe verschoben.

                                              (The application was moved to the "weakly limited" group.)

Priorität:                             Infomeldung

Programm:                        Kaspersky Endpoint Security für Windows (11.0.0)

Versionsnummer:                          11.0.0.6499

Aufgabenname:  (Task)                            Programm-Überwachung (program control)

Gerät:                  XXXXXXX

Gruppe: (group)                              XXXXX

Uhrzeit:                               12.07.2018 10:11:25

Name des virtuellen Servers:                   

Beschreibung:                  Ereignistyp:     Das Programm wurde in die beschränkte Gruppe verschoben.

(Description:                    Event type: The application was moved to the "weakly limited" group.)

Programm\Name:     DSRD.exe

Programm\Pfad: (path)    \\data62\progs62\David\System\Tasks\

Programm\Prozess-ID:     10024

Benutzer (User):     XXXXXXXXXXXXXX (Aktiver Benutzer)

Komponente:     Programm-Überwachung

Ergebnis\Bedrohungsstufe:     Niedrig (low)

Ergebnis\Genauigkeit (result\accuarcy):     Genau (exactly)

Aktion (action):     Programm wurde verschoben in Gruppe

                                 (the application was moved to Group)

Objekt:     Schwach beschränkt

(object      "weakly limited")

Objekt\Typ:     Programmgruppe

Objekt\Name (object\name):     Schwach beschränkt

                                "weakly limited"

Grund (reason):     Es konnte keine Sicherheitsgruppe ermittelt werden.

                                   (it wasn't possible to detect a security group)

 

Second event:

Ereignisname                    Das Programm wurde in die beschränkte Gruppe verschoben.

Priorität:                             Infomeldung

Programm:                        Kaspersky Endpoint Security für Windows (11.0.0)

Versionsnummer:                          11.0.0.6499

Aufgabenname:                              Programm-Überwachung

Gerät:                  XXXXXXXXXXXXXXXX

Gruppe:                              XXXXXXXXXXXXXXXXXXXXX

Uhrzeit:                               13.07.2018 08:51:23

Name des virtuellen Servers:                   

Beschreibung:                  Ereignistyp:     Das Programm wurde in die beschränkte Gruppe verschoben.

Programm\Name:     DSRP.EXE

Programm\Pfad:     \\data62\progs62\David\System\Tasks\

Programm\Prozess-ID:     7972

Benutzer:     XXXXXXXXXXXXXXXXX (Aktiver Benutzer)

Komponente:     Programm-Überwachung

Ergebnis\Bedrohungsstufe:     Niedrig

Ergebnis\Genauigkeit:     Genau

Aktion:     Programm wurde verschoben in Gruppe

Objekt:     Schwach beschränkt

Objekt\Typ:     Programmgruppe

Objekt\Name:     Schwach beschränkt

Grund:     Es konnte keine Sicherheitsgruppe ermittelt werden.

 

On the hosts is KSC 11 with PF5000 und PF5060 installed.

Kind regards,

OBK

 

screenshot.JPG

Share this post


Link to post

Hello!

I meant the Kaspersky software versions. 

Do you mean the weekly limited group is a restricted group in the application  priviledge control? 

Thanks!

Share this post


Link to post
Am ‎13‎.‎07‎.‎2018 um 15:25 schrieb Ivan.Ponomarev:

Hello!

I meant the Kaspersky software versions. 

KES 11.0.0.6499 with PF5060.

 

Am ‎13‎.‎07‎.‎2018 um 15:25 schrieb Ivan.Ponomarev:

Do you mean the weekly limited group

What do you mean with weekly limited group?

 

Share this post


Link to post
В 13.07.2018 в 15:32, OBK сказал:

group "weakly limited"

Hello!

Please describe exactly the settings and properties of this group. 

Thanks!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.