Jump to content

Recommended Posts

Dear Support,

There is a folder located in path "C:\ProgramData\Kaspersky Lab\KES\QB". Few devices in network suddenly starts to increase the size of QB folder to 11+ GB for which we have to disable SELF-Defence option and then we have to delete it. Can you please tell the reason why is this happening and how we can stop KES doing this ? Thanks

 

KSC Version: 10.5

KES: 11

Network Agent: 10.5

Share this post


Link to post

Hello!

What is the KES version on these devices? Are all of them KES 11? 

Have you installed KES 11 anew or upgraded from KES 10? 

Thanks!

Share this post


Link to post
19 minutes ago, Ivan.Ponomarev said:

Hello!

What is the KES version on these devices? Are all of them KES 11? 

Have you installed KES 11 anew or upgraded from KES 10? 

Thanks!

Out of total 1700 devices 1500 are KES 11 and yes they were upgraded from KES 10. 

Share this post


Link to post

Hello!

Do you have maybe any malware on the machines? 

Would you please provide a full GSI report with eventlogs from one of the affected machines? 

Thanks!

Share this post


Link to post
4 minutes ago, Ivan.Ponomarev said:

Hello!

Do you have maybe any malware on the machines? 

Would you please provide a full GSI report with eventlogs from one of the affected machines? 

Thanks!

I will provide you with the GSI report. But what could be the reason of this ? Is it because of viruses or other thing ? Thanks

Share this post


Link to post

Hello!

Threason may be a number of malware found on a machine. 

We can tell you more exactly when we will have the report. 

Thanks!

Share this post


Link to post
On 1/17/2019 at 2:37 PM, Ivan.Ponomarev said:

Hello!

Threason may be a number of malware found on a machine. 

We can tell you more exactly when we will have the report. 

Thanks!

Dear Support,

I have cleared all 3 repositories (Quarantine, Backup, Unprocessed), also deleted all files of QB folder by disabling Self-defence option but still its growing at very huge disk space size upto 15gb. I also executed Advanced Disinfection and KVRT tool but still nothing is improving, kindly guide on this regard. Prompt response would be highly appreciated. Thank you 

 

Kindly find the GSI report by following link:

https://www.dropbox.com/s/1tzh410bo1k18o3/GSI6_IT-006_anwar.thaker_01_29_2019_14_43_04.zip?dl=0

Share this post


Link to post

Hello!

According to the logs there are many malicious files in the .pst located in E:\email backup B\gmail,hotmail*

Thanks!

Share this post


Link to post
22 minutes ago, Ivan.Ponomarev said:

Hello!

According to the logs there are many malicious files in the .pst located in E:\email backup B\gmail,hotmail*

Thanks!

Bravo ! But i have continuously running Advanced Disinfection and also KVRT tool but still it is unable to remove, what should be the next action ? Thanks 

Share this post


Link to post

Hello!

It looks like that the Outlook backup has something suspicious in it, so I would recommend to delete it completely, run the sacb task and create a new backup and check it. 

Or you can check the backup first, if it has something suspicious, delete it and check the new backup. 

It may be something in your mail. 

Thanks!

Share this post


Link to post
47 minutes ago, Ivan.Ponomarev said:

Hello!

It looks like that the Outlook backup has something suspicious in it, so I would recommend to delete it completely, run the sacb task and create a new backup and check it. 

Or you can check the backup first, if it has something suspicious, delete it and check the new backup. 

It may be something in your mail. 

Thanks!

Thanks for the response and suggestion, but why is KES 11 unable to remove and kill this virus in .pst instead of just displaying "14 active threats" at KES 11 dashboard. Thanks

Share this post


Link to post
10 часов назад, HD сказал:

Thanks for the response and suggestion, but why is KES 11 unable to remove and kill this virus in .pst instead of just displaying "14 active threats" at KES 11 dashboard. Thanks

This pst is may be modified some way during the backup. It is better to do the steps described by Ivan.

Thank you!

Share this post


Link to post
6 hours ago, Dmitry Parshutin said:

This pst is may be modified some way during the backup. It is better to do the steps described by Ivan.

Thank you!

QB folder is consuming so much disk space above 15+gb, kindly guide how to reduce it. I have cleaned KSC repositories (Unprocessed, Backup, Quarantine). Thanks

Share this post


Link to post
В 29.01.2019 в 19:19, Ivan.Ponomarev сказал:

Hello!

According to the logs there are many malicious files in the .pst located in E:\email backup B\gmail,hotmail*

Thanks!

Did you check these folders? You should remove affected files manually.

Thank you!

Share this post


Link to post
On 1/30/2019 at 9:42 PM, Konstantin Antonov said:

Did you check these folders? You should remove affected files manually.

Thank you!

I understood your point. But why KES is unable to remove these infected .pst files or any other files ? Even though i have executed KVRT tool on it but still the KES 11 interface showing "Active threats". Kindly guide. Thanks

Share this post


Link to post
5 часов назад, HD сказал:

I understood your point. But why KES is unable to remove these infected .pst files or any other files ? Even though i have executed KVRT tool on it but still the KES 11 interface showing "Active threats". Kindly guide. Thanks

Hello!

Pst files used like containers and can contain data that should not be deleted. So, usually only infected data deletes from the pst. But this pst`s can be modified somehow during backup and cannot be accessed to delete this malware.

Tank you!

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.