IPB

Welcome Guest ( Log In | Register )

3 Pages V   1 2 3 >  
Reply to this topicStart new topic
> KES 10 SP2 - Application Startup Control [2187281], Missing
Julius Peterec
post 12.04.2017 11:01
Post #1


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




Dear Sirs,

I would like to configure Application Startup Control in policy for KES 10 SP2. The white list option.
Unfortunately, in the list of Category: I don't see all items created in Application categories.
If I make new Application category with new name I can see it, but already created not, or some of them yes, some not.
What is very interesting, in policy for KES 10 SP1 I can see all items.

Maybe it's some bug after KSC upgrade to the latest MR1.

What should I do?

This post has been edited by Julius Peterec: 12.04.2017 11:08
Go to the top of the page
 
+Quote Post
Dmitry Eremeev
post 12.04.2017 13:04
Post #2


Technical Support Specialist
**************

Group: KL Russia
Posts: 11386
Joined: 30.07.2014
From: Moscow




QUOTE(Julius Peterec @ 12.04.2017 10:01) *
Dear Sirs,

I would like to configure Application Startup Control in policy for KES 10 SP2. The white list option.
Unfortunately, in the list of Category: I don't see all items created in Application categories.
If I make new Application category with new name I can see it, but already created not, or some of them yes, some not.
What is very interesting, in policy for KES 10 SP1 I can see all items.

Maybe it's some bug after KSC upgrade to the latest MR1.

What should I do?


Hello,

is it possible to record video of the following scenario ?
1. you create category
2. you open "application startup control"
3. the category is absent in "application startup control".
Thank you.


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)

На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Подписаться на новости о корпоративных продуктах

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!

Please evaluate support help by using "Rating" option!


Go to the top of the page
 
+Quote Post
Julius Peterec
post 12.04.2017 16:13
Post #3


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Dmitry Eremeev @ 12.04.2017 11:04) *
Hello,

is it possible to record video of the following scenario ?
1. you create category
2. you open "application startup control"
3. the category is absent in "application startup control".
Thank you.


Hello,

Video is not neccessary. Attached pictures are self explanatory.
1. List of Application categories I have defined on KSC server. Trusted Browsers e.g. is the problematic one.
2. KES 10 SP2 policy, where is the list of already added categories and list I can only choose from. Trusted Browsers is missing.
3. KES 10 SP1 MR2 policy, where is the list of already added categories and list I can only choose from. Trusted Browsers is there.
Attached File(s)
Attached File  Application_categories.png ( 17,22K ) Number of downloads: 53
Attached File  SP2_policy.png ( 75,63K ) Number of downloads: 58
Attached File  SP1_policy.png ( 81,98K ) Number of downloads: 47
 
Go to the top of the page
 
+Quote Post
Dmitry Eremeev
post 12.04.2017 18:27
Post #4


Technical Support Specialist
**************

Group: KL Russia
Posts: 11386
Joined: 30.07.2014
From: Moscow




QUOTE(Julius Peterec @ 12.04.2017 15:13) *
Hello,

Video is not neccessary. Attached pictures are self explanatory.
1. List of Application categories I have defined on KSC server. Trusted Browsers e.g. is the problematic one.
2. KES 10 SP2 policy, where is the list of already added categories and list I can only choose from. Trusted Browsers is missing.
3. KES 10 SP1 MR2 policy, where is the list of already added categories and list I can only choose from. Trusted Browsers is there.


Please open properties of the category "Trusted Browsers" and make a screen shot.
Thank you.


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)

На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Подписаться на новости о корпоративных продуктах

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!

Please evaluate support help by using "Rating" option!


Go to the top of the page
 
+Quote Post
Julius Peterec
post 18.04.2017 09:54
Post #5


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Dmitry Eremeev @ 12.04.2017 16:27) *
Please open properties of the category "Trusted Browsers" and make a screen shot.
Thank you.


Here are the requested screenshots from Trusted Browser category.
Attached File(s)
Attached File  Trusted_browser_Conditions.png ( 73,24K ) Number of downloads: 32
Attached File  Trusted_browser_Exclusions.png ( 15,23K ) Number of downloads: 30
Attached File  Trusted_browser_Policies.png ( 15,48K ) Number of downloads: 29
 
Go to the top of the page
 
+Quote Post
Ivan Ponomarev
post 18.04.2017 18:13
Post #6


Technical Support Engineer
********

Group: KL Russia
Posts: 1666
Joined: 8.07.2016
From: Москва




QUOTE(Julius Peterec @ 18.04.2017 08:54) *
Here are the requested screenshots from Trusted Browser category.


Hi!

Could you please tell, do you have the backups of the old versions of KSC?

Thanks!


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 | Трассировки KES8 | Отчет утилиты klnagchk

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 19.04.2017 10:21
Post #7


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Ivan Ponomarev @ 18.04.2017 16:13) *
Hi!

Could you please tell, do you have the backups of the old versions of KSC?

Thanks!

Yes, I have.
Go to the top of the page
 
+Quote Post
Nikolay Arinchev
post 19.04.2017 11:25
Post #8


Technical Support Specialist
**************

Group: KL Russia
Posts: 11983
Joined: 5.10.2009




Hi,

Thank you for that info!

Could you please clarify is this behavior occurs randomly?
Is there any scpecial script to reproduce the issue?
Is it related to Trusted browsers only or other categoreis are affected too?

Thank you!


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)

На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Подписаться на новости о корпоративных продуктах

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 19.04.2017 17:35
Post #9


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Nikolay Arinchev @ 19.04.2017 09:25) *
Hi,

Thank you for that info!

Could you please clarify is this behavior occurs randomly?
Is there any scpecial script to reproduce the issue?
Is it related to Trusted browsers only or other categoreis are affected too?

Thank you!


Hi,

This behaviour is related only to policy for KES 10 SP2 and I have problem with two categories only.
I'm not able to identify any relation or similarity, why it happens.
Go to the top of the page
 
+Quote Post
Nikolay Arinchev
post 19.04.2017 20:19
Post #10


Technical Support Specialist
**************

Group: KL Russia
Posts: 11983
Joined: 5.10.2009




Thank you for that info!

Please collect admin server and console traces while you are creatting one of this categories and rtying to use.

Please use any file sharing resource to upload traces.

Thank you!


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)

На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Подписаться на новости о корпоративных продуктах

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 21.04.2017 14:27
Post #11


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Nikolay Arinchev @ 19.04.2017 18:19) *
Thank you for that info!

Please collect admin server and console traces while you are creatting one of this categories and rtying to use.

Please use any file sharing resource to upload traces.

Thank you!


I hove some progress in this issue.
I made new category Browsers and add Google Chrome with SHA-256 hash. Then I was able use it in Application Startup Control policy.
Also I was able to add additional records with MD5 hashes.
When I made new category and the first recrd was MD5 I was not able to use it in policy.

Admin server traces are here: https://mondi.box.com/s/ku0qeq426zs06hfbc7vqmxzgeh5iuij0
Go to the top of the page
 
+Quote Post
Julius Peterec
post 25.04.2017 09:56
Post #12


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Julius Peterec @ 21.04.2017 12:27) *
I hove some progress in this issue.
I made new category Browsers and add Google Chrome with SHA-256 hash. Then I was able use it in Application Startup Control policy.
Also I was able to add additional records with MD5 hashes.
When I made new category and the first recrd was MD5 I was not able to use it in policy.

Admin server traces are here: https://mondi.box.com/s/ku0qeq426zs06hfbc7vqmxzgeh5iuij0


Problem continues. even I'm able to make new category and use it in policy now, endpoint Security client doesn't obey the rules.
I have defined whitelist rule and e.g. SHA256 hash for chrome.exe is in Conditions.
Nevertheless Chrome browser is blocked.

Something is wrong with Application Startup control and new version of KES 10.
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 25.04.2017 12:59
Post #13


Technical Support Specialist
***************

Group: KL Russia
Posts: 12271
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 25.04.2017 08:56) *
Problem continues. even I'm able to make new category and use it in policy now, endpoint Security client doesn't obey the rules.
I have defined whitelist rule and e.g. SHA256 hash for chrome.exe is in Conditions.
Nevertheless Chrome browser is blocked.

Something is wrong with Application Startup control and new version of KES 10.


Hello.

Please specify if the policy you are using was initially converted from an earlier version or created from scratch (Application Startup Control rules are set up from scratch in both cases).
What information is present in the blocking rule? Does it match the executable you added to the white list?

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 25.04.2017 13:07
Post #14


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Kirill Tsapovsky @ 25.04.2017 10:59) *
Hello.

Please specify if the policy you are using was initially converted from an earlier version or created from scratch (Application Startup Control rules are set up from scratch in both cases).
What information is present in the blocking rule? Does it match the executable you added to the white list?

Thank you.

Policy was converted from previous version.
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 25.04.2017 13:16
Post #15


Technical Support Specialist
***************

Group: KL Russia
Posts: 12271
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 25.04.2017 12:07) *
Policy was converted from previous version.


Please check if you get the same behavior if you create a new policy. This issue may be restricted to converted policies.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 26.04.2017 16:49
Post #16


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Kirill Tsapovsky @ 25.04.2017 11:16) *
Please check if you get the same behavior if you create a new policy. This issue may be restricted to converted policies.

Thank you.

I have created new policy and Startup Control works as expected.
Looks it is problem with policy conversion.
Go to the top of the page
 
+Quote Post
Ivan Ponomarev
post 26.04.2017 16:56
Post #17


Technical Support Engineer
********

Group: KL Russia
Posts: 1666
Joined: 8.07.2016
From: Москва




QUOTE(Julius Peterec @ 26.04.2017 15:49) *
I have created new policy and Startup Control works as expected.
Looks it is problem with policy conversion.


Hello!

May we consider this topic as resolved?

Thanks!


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 | Трассировки KES8 | Отчет утилиты klnagchk

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Go to the top of the page
 
+Quote Post
Julius Peterec
post 26.04.2017 17:00
Post #18


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Ivan Ponomarev @ 26.04.2017 14:56) *
Hello!

May we consider this topic as resolved?

Thanks!

From my point of view you should investigate what really happen during policy conversion and make a hotfix.
For big companies with a lot of different politics could be very difficult create new policies from the scratch and manually compare with the old ones.

Close this topic, but please inform your developers.
Go to the top of the page
 
+Quote Post
Julius Peterec
post 27.04.2017 10:56
Post #19


Advanced Member I
***

Group: Members
Posts: 96
Joined: 6.11.2014




QUOTE(Julius Peterec @ 26.04.2017 15:00) *
From my point of view you should investigate what really happen during policy conversion and make a hotfix.
For big companies with a lot of different politics could be very difficult create new policies from the scratch and manually compare with the old ones.

Close this topic, but please inform your developers.

Sorry guys,

But it happend again.
I made a new category with SHA256 hashes only to that newly created policy.
Unfortunately KES on my PC doesn't obey rules.
What is interesting, it prohibites start also of Kaspersky Security Center console as Uncategorized even I have allowed KL categories.

From my point of view Startup Control functionality in KES 10 SP2 is useless.
Go to the top of the page
 
+Quote Post
Kirill Tsapovsky
post 27.04.2017 12:18
Post #20


Technical Support Specialist
***************

Group: KL Russia
Posts: 12271
Joined: 3.12.2013
From: Moscow




QUOTE(Julius Peterec @ 27.04.2017 09:56) *
Sorry guys,

But it happend again.
I made a new category with SHA256 hashes only to that newly created policy.
Unfortunately KES on my PC doesn't obey rules.
What is interesting, it prohibites start also of Kaspersky Security Center console as Uncategorized even I have allowed KL categories.

From my point of view Startup Control functionality in KES 10 SP2 is useless.


Hello.

To investigate, please provide an example of such behavior (the latter scenario, with a newly created policy and SHA256-only category for a particular application that has been added but is still being blocked). Please provide the policy, export of the prohibition events, name/version of the application and KES traces as it is being prohibited.

Thank you.


--------------------
In English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post

3 Pages V   1 2 3 >
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 23.06.2017 21:25