Jump to content
HiRN

Seamless Update Agent hammering Firewall [In progress]

Recommended Posts

Recently I updated some hosts to KES SP1 for testing. What I noticed is, all Hosts with SP1 are hammering my firewall systems to get to the internet, but they have applied a policy to use _only_ the KSC.

I applied Patch B but same behaviour. So I take a look into one of the hosts and noticed the Kaspersky Seamless Update service. If I stop the service, the hosts don't try to connect to the internet.

 

So I need a solution, it is not acceptable that hundreds of hosts generating millions of dropped packets, although they are configured to use the KSC as update source! Please do not goof me to open HTTP/HTTPS in the firewalls.

Share this post


Link to post
Hi,

 

Is it true, that local tasks are shown and avalible to start for user?

 

Thank you!

 

Hi,

 

the policy is set to not show the local tasks to the users. I tested now to show the tasks, same behaviour. I also set on a host the startup mode of the default tasks to manual, but still trying to go directly to the internet.

 

KSN is also set to off by the policy.

Share this post


Link to post
Could you please provide us with an export of group update task(for hosts)?

 

Thank you!

 

Mh, I think I have found a trace. One of the contacted IPs lead me to an older Kaspersky Forum post where the KSN was a problem.

 

This made me look further. First I found the checkbox for the Administration Server to work as KSN Proxy not activated, so I activated it.

 

Then I took another look in the policy for the KES. Because I disabled KSN, I didn't care about the options. I activated the Use KSN Proxy checkbox although I do not have activated the KSN setting at all.

No more packets dropped by the firewall at the moment!

 

To summerize, activating the Administration Server to act as KSN Proxy and policy setting on the KES hosts to use a KSN Proxy seems to solve the issue (still I think it's a bug, if KSN isn't activated, the software shouldn't try to use it!).

 

I will watch this for some hours and report back.

 

 

Share this post


Link to post
Mh, I think I have found a trace. One of the contacted IPs lead me to an older Kaspersky Forum post where the KSN was a problem.

 

This made me look further. First I found the checkbox for the Administration Server to work as KSN Proxy not activated, so I activated it.

 

Then I took another look in the policy for the KES. Because I disabled KSN, I didn't care about the options. I activated the Use KSN Proxy checkbox although I do not have activated the KSN setting at all.

No more packets dropped by the firewall at the moment!

 

To summerize, activating the Administration Server to act as KSN Proxy and policy setting on the KES hosts to use a KSN Proxy seems to solve the issue (still I think it's a bug, if KSN isn't activated, the software shouldn't try to use it!).

 

I will watch this for some hours and report back.

 

One more thing. One host is located in a different subnet, it connects through the firewall to the KSC. Since I activated the above mentioned options, this host tries to connect to KSC over TCP/13111 which it didn't do before!

Share this post


Link to post
One more thing. One host is located in a different subnet, it connects through the firewall to the KSC. Since I activated the above mentioned options, this host tries to connect to KSC over TCP/13111 which it didn't do before!

 

Hello.

 

TCP 13111 is a default port for connecting to KSC that acts as KSN proxy.

You can change it in the Administration server settings in the Console.

 

Thank you.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.