IPB

Welcome Guest ( Log In | Register )

4 Pages V  < 1 2 3 4 >  
Reply to this topicStart new topic
> Vulnerability Assessment & Patch Management, Suggestions, funnel ideas
Rating 5 V
DerekChen
post 30.12.2013 11:03
Post #21


Member
**

Group: Members
Posts: 27
Joined: 3.09.2012




I'm Asian Taiwan enterprise engineer, used systems management problems came from below:
Client-win7 X64 KSC10 as WSUS, found KB2872339&KB2882822 to ask questions if the patch can cause STOP 0x6B KB will not be sent to the client.
Only KB size 23K

KB2872339


Attached File(s)
Attached File  wsus_1.jpg ( 57,82K ) Number of downloads: 124
Attached File  wsus_2.jpg ( 41,05K ) Number of downloads: 102
Attached File  wsus_3.jpg ( 14,37K ) Number of downloads: 99
Attached File  wsus_4.png ( 73,91K ) Number of downloads: 96
Attached File  wsus_7.png ( 97,91K ) Number of downloads: 74
 
Go to the top of the page
 
+Quote Post
Ivan Sazhin
post 30.12.2013 11:45
Post #22


Technical Support Engineer
*************

Group: KL Russia
Posts: 5169
Joined: 10.09.2013
From: Moscow




QUOTE(DerekChen @ 30.12.2013 11:03) *
I'm Asian Taiwan enterprise engineer, used systems management problems came from below:
Client-win7 X64 KSC10 as WSUS, found KB2872339&KB2882822 to ask questions if the patch can cause STOP 0x6B KB will not be sent to the client.
Only KB size 23K

KB2872339

Hello!
May I please kindly ask you to create an incident in your CompanyAccount for this issue?
Also please provide us with its number.
Thank you!


--------------------
Go to the top of the page
 
+Quote Post
PaulOMB
post 10.01.2014 10:19
Post #23


Member
**

Group: Members
Posts: 11
Joined: 7.08.2013




QUOTE(Lashchenkov @ 24.12.2013 23:13) *
Currently not, sorry; but we think of a possibility to change this default storage location during the setup process, etc.
Could you please describe the problem with some more details? It would be good if you could provide some task history (the sequence of task progress events for the problem host exported to a text file) showing the problem, or some detailed scenario description with both "actual" and "desired" results, etc.
Thank you in advance!


Well currently I am trying to run some updates for Silverlight. Have got it set to update in the window update sync task. Set to install in the Install windows update task. and I can see that it needs to be installed when I look at the available updates on the target computer. But when I run the Install windows update task it says no action required.
Go to the top of the page
 
+Quote Post
Lashchenkov
post 14.01.2014 14:12
Post #24


Senior developer
*****

Group: KL Russia
Posts: 660
Joined: 3.05.2005
From: Moscow, Russia




QUOTE(PaulOMB @ 10.01.2014 09:19) *
Well currently I am trying to run some updates for Silverlight. Have got it set to update in the window update sync task. Set to install in the Install windows update task. and I can see that it needs to be installed when I look at the available updates on the target computer. But when I run the Install windows update task it says no action required.


Please provide the detailed information on your Install windows update task settings and the detailed list of applicable updates (exported to a text file) for some of the Install windows update task target computers, where this Silverlight update is applicable.
Go to the top of the page
 
+Quote Post
Yasir Shehzad
post 8.06.2014 22:53
Post #25


Advanced Member I
***

Group: Members
Posts: 161
Joined: 4.12.2013




QUOTE(Lashchenkov @ 24.12.2013 19:13) *
Currently not, sorry; but we think of a possibility to change this default storage location during the setup process, etc.
Could you please describe the problem with some more details? It would be good if you could provide some task history (the sequence of task progress events for the problem host exported to a text file) showing the problem, or some detailed scenario description with both "actual" and "desired" results, etc.
Thank you in advance!

Hi,

Can you please tell how can we change the storage location during the setup process?

and can we use SCCM to get the files/update from the Kaspersky Security Center, Which is running as a WSUS Server means is there any way to integrate with SCCM?

Thanks !!

QUOTE(Lashchenkov @ 24.12.2013 19:13) *
Currently not, sorry; but we think of a possibility to change this default storage location during the setup process, etc.
Could you please describe the problem with some more details? It would be good if you could provide some task history (the sequence of task progress events for the problem host exported to a text file) showing the problem, or some detailed scenario description with both "actual" and "desired" results, etc.
Thank you in advance!

Hi,

Can you please tell how can we change the storage location during the setup process?

and can we use SCCM to get the files/update from the Kaspersky Security Center, Which is running as a WSUS Server means is there any way to integrate with SCCM?

Thanks !!
Go to the top of the page
 
+Quote Post
ssbs
post 8.06.2014 23:17
Post #26


Advanced Member II
****

Group: Members
Posts: 294
Joined: 11.10.2013
From: Lagos Nigeria




QUOTE(Alexander Ilin @ 9.10.2013 11:26) *
Dear users of "Kaspersky Lab" enterprise products, you are welcome to take part in improving the Vulnerability Assessment & Patch Management components in Kaspersky Security Center 10.

Being part of the "System Management" section, these components allow you to scan managed computers for vulnerabilities, as well as to push software upgrade.

In this topic we would like to gather your suggestions regarding the data components.
We wonder what kind of programs you upgrade via Kaspersky Security Center 10, and whether you install "patches" for these programs.

Wbr

Adobe falsh,
mozilla,
adobe reader.
Go to the top of the page
 
+Quote Post
Achim
post 31.07.2014 18:10
Post #27


Newbie
*

Group: Members
Posts: 1
Joined: 27.07.2007
From: Hamburg




I also have some things which quite annoy me when it comes to use Kasperskys Patch Management...

1) Is there an option to prevent KAS from downloading Software Updates in any available language? My list of Software Updates contains thousand of patches... (for example any Firefox Patch in any language...)
2) I would like to have a list where i only see Updates which are not installed in our network, that would it make way easier for me to check the current Patch-Status in our network.



Kind regards
Go to the top of the page
 
+Quote Post
aehrlich
post 28.08.2014 21:28
Post #28


Advanced Member II
****

Group: Members
Posts: 314
Joined: 18.03.2007
From: Tallinn, Estonia




While KSC shows Silverlight as criticallly or highly severe vulnerability with fix available (SA49122, SA46046, SA44841, SA48030) for W7/8 machines where Silverlight is not installed there is no point in using KSC's Vulnerabily Assessment functionality -- as I just cannot trust KSC. And the idea to install Silverlight to patch Silverlight's vulnerabilities sounds... e... silly.
Go to the top of the page
 
+Quote Post
siddharthashah
post 17.09.2014 11:25
Post #29


Advanced Member I
***

Group: Members
Posts: 60
Joined: 5.12.2011
From: india




We need to have Cloud Security Centre from OEM as an option as we are losing cases on this Point

This post has been edited by siddharthashah: 17.09.2014 11:28
Go to the top of the page
 
+Quote Post
mano.b.d
post 3.10.2014 14:51
Post #30


Advanced Member I
***

Group: Members
Posts: 131
Joined: 7.03.2013
From: Colombo




Hi

Please check below image. can't we get highlited serial number in below image as a report? If we can add this feature to sp 1 thats very usefull
Attached File(s)
Attached File  Capture_serial_.JPG ( 156,05K ) Number of downloads: 28
 
Go to the top of the page
 
+Quote Post
Lashchenkov
post 4.10.2014 11:54
Post #31


Senior developer
*****

Group: KL Russia
Posts: 660
Joined: 3.05.2005
From: Moscow, Russia




QUOTE(Yasir Shehzad @ 8.06.2014 22:53) *
Can you please tell how can we change the storage location during the setup process?


As I wrote, we just "think of a possibility to change this default storage location during the setup process". This means, there were no such an option in KSC 10. But this option will be implemented in KSC 10 SP1.

QUOTE(Yasir Shehzad @ 8.06.2014 22:53) *
can we use SCCM to get the files/update from the Kaspersky Security Center, Which is running as a WSUS Server means is there any way to integrate with SCCM?


Currently there is no supported way to "use SCCM to get the files/update from the Kaspersky Security Center", since we currently support only the client side of the WSUS server-server protocol.
Go to the top of the page
 
+Quote Post
Lashchenkov
post 4.10.2014 12:02
Post #32


Senior developer
*****

Group: KL Russia
Posts: 660
Joined: 3.05.2005
From: Moscow, Russia




QUOTE(Achim @ 31.07.2014 18:10) *
1) Is there an option to prevent KAS from downloading Software Updates in any available language? My list of Software Updates contains thousand of patches... (for example any Firefox Patch in any language...)

But we DON'T download Software Updates "in any available languages". In this list you just see the whole list of the supported updates, but only those of them which are really required to be installed, are downloaded (when needed).
And now by default we use "Status" filter to show in this list only those updates which are really applied to the managed computers (or you can change this filter to see only those patches which are already assigned to be installed by some patch management tasks, etc.)


QUOTE(Achim @ 31.07.2014 18:10) *
2) I would like to have a list where i only see Updates which are not installed in our network, that would it make way easier for me to check the current Patch-Status in our network.

I'm not sure about your question, but I guess the answer is the same - just use "Status" filter in the software updates list; for a selected update you can see the list of computers where this update is applicable, etc.
Go to the top of the page
 
+Quote Post
Lashchenkov
post 4.10.2014 12:04
Post #33


Senior developer
*****

Group: KL Russia
Posts: 660
Joined: 3.05.2005
From: Moscow, Russia




QUOTE(aehrlich @ 28.08.2014 21:28) *
While KSC shows Silverlight as criticallly or highly severe vulnerability with fix available (SA49122, SA46046, SA44841, SA48030) for W7/8 machines where Silverlight is not installed there is no point in using KSC's Vulnerabily Assessment functionality -- as I just cannot trust KSC. And the idea to install Silverlight to patch Silverlight's vulnerabilities sounds... e... silly.

May I please kindly ask you to create an incident in your CompanyAccount for this issue?
Also please provide us with its number.
Thank you!
Go to the top of the page
 
+Quote Post
Lashchenkov
post 4.10.2014 12:05
Post #34


Senior developer
*****

Group: KL Russia
Posts: 660
Joined: 3.05.2005
From: Moscow, Russia




QUOTE(siddharthashah @ 17.09.2014 11:25) *
We need to have Cloud Security Centre from OEM as an option as we are losing cases on this Point

Could you please provide some more details?
Thank you!
Go to the top of the page
 
+Quote Post
mano.b.d
post 6.10.2014 07:42
Post #35


Advanced Member I
***

Group: Members
Posts: 131
Joined: 7.03.2013
From: Colombo





Hello

In KSC 10 can we collect hardware serial number. (That shows in Computer hardware registry) Is there any method to collect that detail as a report?
unsure.gif rolleyes.gif
Go to the top of the page
 
+Quote Post
Megan L
post 16.11.2014 19:17
Post #36


Newbie
*

Group: Members
Posts: 2
Joined: 7.05.2014




I've been using the Vulnerability and Software Updates function for a few months now and compared with using WSUS previously I've noticed a few things/issues:
A few of these address the same issue - better reporting and a better GUI. Others such as when updates are installed, how errors are reported, and how to manage computers that are "unreachable" also needs improvement in my experience with KSC 10.1.249.

As a single IT person managing updates for a small business (50+ employees) this tool is helpful, but I look forward to some improvements to make it a little easier to work with and see what the current status is. I would also like to see alerts to the users suppressed, I'm sometimes not sure the KES updater is even working properly since users are still asked to update themselves at various times, and the files still appear to be downloading when the installer is run. With WSUS if the user installed windows updates the files would already have been installed so that it could start right away.
Go to the top of the page
 
+Quote Post
yghnetadmin
post 11.12.2014 21:30
Post #37


Member
**

Group: Members
Posts: 21
Joined: 6.10.2007




There are a large number of vulnerabilities tied to older versions of Java, but we are forced to use them because our software vendors don't update their code to be compatible with the latest versions of Java. I have to ignore dozens of vulnerabilities, but have to open them one at a time to select the ignore checkbox. It would be handy to be able to select all of them and just select ignore once.
Go to the top of the page
 
+Quote Post
BrankoStulic
post 17.12.2014 12:22
Post #38


Advanced Member I
***

Group: Members
Posts: 70
Joined: 13.02.2012




I'd like to test this functionality, but I get error message "kaspersky cannot create task systems management functionality is restricted"
when I try to create update task.

We have "Kaspersky Endpoint Security for Business - Select EEMEA Edition. 500-999 Node 2 year Public Sector Renewal License: Kaspersky Security for WS and FS" licence for 510 users

As for functionality, I'd like to see "Show only latest software versions" checkbox, as I work in environment that doesn't use any software restricted by
specific version of Flash, java and such

This post has been edited by BrankoStulic: 17.12.2014 12:24
Go to the top of the page
 
+Quote Post
David Foose
post 22.01.2015 22:37
Post #39


Advanced Member I
***

Group: Members
Posts: 117
Joined: 3.03.2010
From: Pittsburgh, Pa




I'd like to extend out the Vulnerability Scanner to include a few other "compliance" items:

- List of TCP/UDP ports being communicated on or services holding open those ports
- List of Services running
- List of local Users & Groups on the machine
- Ability to scan for windows OS patches without internet or WSUS (this could be done using a OVAL scanner & free updates from MITRE)
- A "report card" on individual machines showing system information, AV update jobs success
Go to the top of the page
 
+Quote Post
lord_discord
post 12.02.2015 18:54
Post #40


Advanced Member I
***

Group: Members
Posts: 57
Joined: 18.06.2008




Hi!

1) In Patch installation Task: Give an Option for "force shutdown running process
Some users tend to constantly ignore the Update dialogs - Sadly this is mostly the untrained high risk user category....
Especially Flash Player is hell to deploy and a big risk!

2) Detection of Needed Updates: Use also Applications Registry to detect needed Patches!
In Applications Registry the Program Versions are shown. Why not make a small check f. e. Flash Player 16.0.0.296 is installed ->To immediately install the patch.
This would save the penetration of the disk, and the performance loss while making the vulnerability scan.

3) User more detailed Events in installation Task Results.
Example 1: I sometime get just a error message like 1 out of 12 Patches installed -
Nothing listed which patch did the failure or even why.
Example 2: Completed - Nothing to do. -> Maybe show some details somewhere when "Last Successful Vuln Scan" was made - This drives me nuts when some scans are aborted.
Example 3: Task Completed: Updates Installed 0 out of 2 ?? -> Thats not a completion in my opinion if nothing is installed

Go to the top of the page
 
+Quote Post

4 Pages V  < 1 2 3 4 >
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 27.04.2017 13:00