Jump to content
Kavuser10

Updating Endpoint Protection v11 administration plugin resets policy?

Recommended Posts

On Friday I saw in KSC that an update was available to Kaspersky for Endpoint v11 administration plugin. Obviously I went ahead and let the KSC download a new version and installed it.

As I went to check an exclusion in KAV 11 policy today I discovered to my horror that all the settings were at their defaults. All exclusions, custom HIPS, firewall, App Control, notification rules and so on, gone. So I checked the policy history and indeed there was a new revision from the  time  of updating the administration plugin. For several days our machines were running with a wrong and weaker policy. Fortunately I could do a rollback to earlier policy state and everything is back to normal.

So my question is: is that a bug or an expected behavior? If this is expected behavior then there should be a big warning before updating administration plugin. Or did I just missed the warning?

Share this post


Link to post
1 час назад, Kavuser10 сказал:

On Friday I saw in KSC that an update was available to Kaspersky for Endpoint v11 administration plugin. Obviously I went ahead and let the KSC download a new version and installed it.

As I went to check an exclusion in KAV 11 policy today I discovered to my horror that all the settings were at their defaults. All exclusions, custom HIPS, firewall, App Control, notification rules and so on, gone. So I checked the policy history and indeed there was a new revision from the  time  of updating the administration plugin. For several days our machines were running with a wrong and weaker policy. Fortunately I could do a rollback to earlier policy state and everything is back to normal.

So my question is: is that a bug or an expected behavior? If this is expected behavior then there should be a big warning before updating administration plugin. Or did I just missed the warning?

Hello!

Can you please provide us with the full GSI from KSC server and export of changed and old policies.

Thank you!

Share this post


Link to post
2 часа назад, Kavuser10 сказал:

GSI report from KSC server and policy files from KSC console sent in a PM.

Thank you for GSI. Also please attach exported polices (in *klp format)

If you want to send file to pm, please send it to @KLCentralSupport

Thank you!

Share this post


Link to post
18 минут назад, Kavuser10 сказал:

Policy file also in klp format sent to KLCentralSupport

Hello!

As we can see this policy is old, with needed rules. Can you attach this way the corrupted policy?

Thank you!

Share this post


Link to post

Hello,

Not sure what you mean by "this policy is old". This is the Endpoint Protection v11 policy that was created when we upgraded to v11 when it was released. All the modifications have been done to this policy.

 

mmc_2018-12-11_19-16-47.png

Share this post


Link to post
6 hours ago, Nikolay Arinchev said:

Hi,

Could you please clarify what version of plugin was installed previously and what version was installed as update?

Thank you!

Hello,

From the plugin info it seems that the current version is the version that was initially released with Kav 11. Not sure if this is right.

mmc_2018-12-12_12-59-33.png

Share this post


Link to post

I would also like to clarify that I'm managing KSC from a workstation with only management console installed. I have updated plugins on this management station not on the server itself. If this makes any difference.

Share this post


Link to post
Posted (edited)

OK, I think this happened again with upgrade to V11.1 - some of the policy settings were wiped out after updating administration plugin for KES 11.1. Most notable of them being the protected resources under HIPS.

As there have been some other minor issues I'm creating a completely new policy to also help to troubleshoot the Meraki agent issue I have posted in another thread.

 

This bring me to question:

If I follow the instructions posted here https://support.kaspersky.com/14742#block5 is it still possible to add all the protected file types in a single list as shown below or do I have to make separate rule for every file extension? Instructions for v11 is not clear about that.

EDIT: also noticed that I'm missing a "." dot in front of an extension.

 

 

mmc_2019-03-27_12-46-46.png

Edited by Kavuser10
added a better image

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.