IPB

Welcome Guest ( Log In | Register )

4 Pages V   1 2 3 > »   
Reply to this topicStart new topic
> Vulnerability Assessment & Patch Management, Suggestions, funnel ideas
Rating 5 V
Alexander Ilin
post 9.10.2013 15:26
Post #1


MVP
*************

Group: KL Russia
Posts: 5201
Joined: 24.12.2007
From: Kaspersky Lab Moscow




Dear users of "Kaspersky Lab" enterprise products, you are welcome to take part in improving the Vulnerability Assessment & Patch Management components in Kaspersky Security Center 10.

Being part of the "System Management" section, these components allow you to scan managed computers for vulnerabilities, as well as to push software upgrade.

In this topic we would like to gather your suggestions regarding the data components.
We wonder what kind of programs you upgrade via Kaspersky Security Center 10, and whether you install "patches" for these programs.

Wbr


--------------------
Мужик молится богу: Что я должен сделать в жизни? Что будет после смерти? В чем смысл жизни? Тут раздается голос с небес: Читай F.A.Q.
Go to the top of the page
 
+Quote Post
Michael lawler
post 9.10.2013 19:03
Post #2


Advanced Member II
****

Group: Members
Posts: 278
Joined: 20.06.2013
From: Auburn, IN




Stick to antivirus, MS System Center can handle pushing software....stick to your core business.

This post has been edited by Michael lawler: 9.10.2013 19:04
Go to the top of the page
 
+Quote Post
Mohammad Al-Qura...
post 9.10.2013 22:18
Post #3


Newbie
*

Group: Members
Posts: 2
Joined: 3.03.2012




Wondered why there isn't a virtual patching?!
Go to the top of the page
 
+Quote Post
Timur Smirnov
post 14.10.2013 11:32
Post #4


Product Manager
*

Group: KL Russia
Posts: 5
Joined: 2.10.2013




QUOTE(Mohammad Al-Qurashi @ 9.10.2013 22:18) *
Wondered why there isn't a virtual patching?!


Hello, Mohammad!
How you understand virtual patching? Because Virtual patching is mostly "marketing" ruse.
Generally, so can be called technologies that are used to protect non-patched computers from exploiting. For such goals we have many technologies like application control and HIPS that can be also applied to virtual patching.
Go to the top of the page
 
+Quote Post
anc2010
post 14.10.2013 12:20
Post #5


Member
**

Group: Members
Posts: 13
Joined: 2.12.2010




QUOTE(Michael lawler @ 9.10.2013 16:03) *
Stick to antivirus, MS System Center can handle pushing software....stick to your core business.


I'd like to endorse that statement. Business customers buy Kaspersky products to get a capable Anti Malware protection, not to get a "All-in-One" solution which is incapable of doing its core functionality in a stable manner.
Go to the top of the page
 
+Quote Post
RichieB2B
post 14.10.2013 17:58
Post #6


Member
**

Group: Members
Posts: 20
Joined: 6.06.2013




I like the Vulnerability Assessment option of KES, because it provides an independent check if our software distribution tool missed anything. However, what I don't like is that the end users can view the vulnerabilities in the KES interface. There should be an option to suppress this, so that this information is only viewable using KSC.

Using KES to patch software is a nice thought for very small businesses, but even medium ones will already have tooling for this that is much more flexible.
Go to the top of the page
 
+Quote Post
Timur Smirnov
post 15.10.2013 10:30
Post #7


Product Manager
*

Group: KL Russia
Posts: 5
Joined: 2.10.2013




QUOTE(RichieB2B @ 14.10.2013 17:58) *
I like the Vulnerability Assessment option of KES, because it provides an independent check if our software distribution tool missed anything. However, what I don't like is that the end users can view the vulnerabilities in the KES interface. There should be an option to suppress this, so that this information is only viewable using KSC.

Using KES to patch software is a nice thought for very small businesses, but even medium ones will already have tooling for this that is much more flexible.


Hi, Richie!
we are sure, that company managers don't want their employees to spend work time to update software or check vulnerabilities - IT and security guys should do this. That's why we try to minimize alerts and controls, available to end-users.
Go to the top of the page
 
+Quote Post
RichieB2B
post 15.10.2013 11:15
Post #8


Member
**

Group: Members
Posts: 20
Joined: 6.06.2013




QUOTE(Timur.Smirnov @ 15.10.2013 07:30) *
Hi, Richie!
we are sure, that company managers don't want their employees to spend work time to update software or check vulnerabilities - IT and security guys should do this. That's why we try to minimize alerts and controls, available to end-users.

That is exactly my point. So why is there a Vulnerabilities tab in the KES 8 user interface that cannot be turned off or hidden? If an administrator wants to use the Vulnerability Scan to view them in KSC all users can see the results in this tab of the KES 8 Reports and Storages page. This is not something you want users to see or worry about.
Go to the top of the page
 
+Quote Post
siddharthashah
post 26.10.2013 11:25
Post #9


Advanced Member I
***

Group: Members
Posts: 60
Joined: 5.12.2011
From: india




We should be able to see task manager and running process on client PC
Go to the top of the page
 
+Quote Post
fleon
post 29.10.2013 16:24
Post #10


Advanced Member II
****

Group: Members
Posts: 230
Joined: 26.07.2012




i had to disable the vulnerability component since it was killing the performance of our machines. Kaspersky is very slow by itself, the more components you add the worse it gets.

it's better to use WSUS to update machines, and for third party apps you can try local update publisher for free and create your own updates. (mostly flash and/or java)

Granted, some machines we have are just old dual core machines with 1GB ram, but even with my i3 with 4gb ram, the hard disk spins like crazy when doing a simple database update. (which i do daily)
Go to the top of the page
 
+Quote Post
Mattias Johnson
post 30.10.2013 04:38
Post #11


Newbie
*

Group: Members
Posts: 5
Joined: 30.10.2013




QUOTE(Alexander Ilin @ 9.10.2013 12:26) *
Dear users of "Kaspersky Lab" enterprise products, you are welcome to take part in improving the Vulnerability Assessment & Patch Management components in Kaspersky Security Center 10.

Being part of the "System Management" section, these components allow you to scan managed computers for vulnerabilities, as well as to push software upgrade.

In this topic we would like to gather your suggestions regarding the data components.
We wonder what kind of programs you upgrade via Kaspersky Security Center 10, and whether you install "patches" for these programs.

Wbr



I think this could be a great product, it feels a bit unpolished still maybe? It is one of the main reasons we switched security-solution from another vendor and Microsofts SCCM did not seem a good choice for us.
We have currently just started using it to patch our Windows-desktops both Windows-updates and third-party updates, mainly Oracle Java, Mozillas products, Adobe Flash and more.
We used to run WSUS but it did not work very well for our needs.
I will try to collect the thoughts and issues we have found and post here at a later date.
One question though. Do you have any plans on expanding the patch-management to other platforms such as Mac OS and Linux? It would be really helpful to have all the management under one system.

Best regards Mattias

Go to the top of the page
 
+Quote Post
ssbs
post 30.10.2013 16:24
Post #12


Advanced Member II
****

Group: Members
Posts: 294
Joined: 11.10.2013
From: Lagos Nigeria




QUOTE(Alexander Ilin @ 9.10.2013 11:26) *
Dear users of "Kaspersky Lab" enterprise products, you are welcome to take part in improving the Vulnerability Assessment & Patch Management components in Kaspersky Security Center 10.

Being part of the "System Management" section, these components allow you to scan managed computers for vulnerabilities, as well as to push software upgrade.

In this topic we would like to gather your suggestions regarding the data components.
We wonder what kind of programs you upgrade via Kaspersky Security Center 10, and whether you install "patches" for these programs.

Wbr


Hello Alexander,

Sun java
Mozilla 22.x

That's all it is to that.
Go to the top of the page
 
+Quote Post
rangerlj
post 8.11.2013 10:42
Post #13


Newbie
*

Group: Members
Posts: 7
Joined: 28.06.2013




Hi,I have tested WSUS for long time。I found some issues with WSUS。When I set KSC as WSUS server and client WUA status display successfully。After deploying search vulnerability task,there is only 5 updates available.
Go to the top of the page
 
+Quote Post
Kravtsov Vitaly
post 19.11.2013 11:45
Post #14


Central Support Group Manager
**************

Group: Admin
Posts: 7763
Joined: 11.11.2012
From: Moscow




QUOTE(rangerlj @ 8.11.2013 09:42) *
Hi,I have tested WSUS for long time。I found some issues with WSUS。When I set KSC as WSUS server and client WUA status display successfully。After deploying search vulnerability task,there is only 5 updates available.

Hello!

Can you please kindly describe you issue with more details?
Please porivde us with screenshots illustrating that issues.

Thank You!


--------------------
English: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces | klnagchk log

Русский: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Подписаться на новости о корпоративных продуктах

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Please evaluate support help by using "Rating" option!
Go to the top of the page
 
+Quote Post
rangerlj
post 4.12.2013 18:16
Post #15


Newbie
*

Group: Members
Posts: 7
Joined: 28.06.2013




QUOTE(Kravtsov Vitaly @ 19.11.2013 15:45) *
Hello!

Can you please kindly describe you issue with more details?
Please porivde us with screenshots illustrating that issues.

Thank You!


Dear Kravsov,I installed KSC on Windows 2003/2008 R2。After Windows synchronized successfully, I installed network agent on Win7(without any windows updates) and changed WUA status(set KSC as WSUS Server in network agent policy).When client task(search ccritical updates) was finished.Win7 only displayed about 5or 6 updates available。
Go to the top of the page
 
+Quote Post
BramV
post 11.12.2013 12:59
Post #16


Member
**

Group: Members
Posts: 35
Joined: 11.01.2012




The Vulnerability Assessment would be handy if it would just nicely report to KSC without notifying the end user about possible vulnerabilities. But since this seems not possible at the moment, we disabled the function.
We also don't actually use patch management as we use SCCM for all OS and software installation/updating. But maybe in very small companies this can be useful. So for us these kind of extra functions are a nice-to-have but a reliable AV product is much much more important.
Go to the top of the page
 
+Quote Post
kesrs
post 13.12.2013 19:22
Post #17


Member
**

Group: Members
Posts: 35
Joined: 13.12.2013




I really like the idea of vulnerability scanning and patch deployment. We're a small business with only 60 users. KES 10 provides a way for us to do this without jumping into more enterprise-level solutions.

A couple features, I'd like to see:

1. Make a way to exclude a specific instances of vulnerability. In other words, provide a way ignore a specific file that is a in specific path on specific computer(s). For example, some applications, such as Crystal Reports, install Java into their own sub-folders. In this case, an old version of Java isn't a serious problem because it is only used by Crystal reports.

2. Improve the uninstall process for unwanted/used/vulnerable applications. There is a way to create a uninstall task, but it requires that the uninstall command string to be entered in manually. It would be really handy if KES automatically generated this string. It would be really nice to be able launch an uninstall task from the Applications Registry screen and the Vulnerabilities screen.

This post has been edited by kesrs: 13.12.2013 19:22
Go to the top of the page
 
+Quote Post
PaulOMB
post 18.12.2013 12:41
Post #18


Member
**

Group: Members
Posts: 11
Joined: 7.08.2013




Hi,

please correct me if I am wrong but the following points would be good:

1. Currently when using Kaspersky as WSUS server it fills up my c drive and am unable to relocate the store as the files are stored in C:\ProgramData\KasperskyLab\adminkit\1093\.working. Can this be changed?

2. When deploying to clients the patches don't always seem to deploy or restart machines as per the task. Possibly task is corrupt but how often do I need to recreate it?

If these 2 point were addressed it would certainly make it more usable for us.

Cheers
Go to the top of the page
 
+Quote Post
Lashchenkov
post 24.12.2013 19:05
Post #19


Senior developer
*****

Group: KL Russia
Posts: 660
Joined: 3.05.2005
From: Moscow, Russia




QUOTE(kesrs @ 13.12.2013 18:22) *
1. Make a way to exclude a specific instances of vulnerability. In other words, provide a way ignore a specific file that is a in specific path on specific computer(s). For example, some applications, such as Crystal Reports, install Java into their own sub-folders. In this case, an old version of Java isn't a serious problem because it is only used by Crystal reports.


Ok, thank you for this post, since we have initially suppoused to support such option, but just decided to avoid it (to make vulnerability assessment and patch management functionality simpler and more clear) until we understand it is really useful for customers.
Now we'll definitely enable this option with the next release.
(For now you just can ignore a certain vulnerability in a certain product version, using "Ignore vulnerability" option on the "General" page of the selected vulnerability preperties.)

QUOTE(kesrs @ 13.12.2013 18:22) *
2. Improve the uninstall process for unwanted/used/vulnerable applications. There is a way to create a uninstall task, but it requires that the uninstall command string to be entered in manually. It would be really handy if KES automatically generated this string. It would be really nice to be able launch an uninstall task from the Applications Registry screen and the Vulnerabilities screen.


Actually we do support such feature for the most popular third-party products like JRE, Adobe Reader, Adobe Flash Player, etc. (and I hope the amount of the supported software will be growing constantly - this uninstallation database can be enlarged with regular updates, so no product upgrade is required for this).
Go to the top of the page
 
+Quote Post
Lashchenkov
post 24.12.2013 19:13
Post #20


Senior developer
*****

Group: KL Russia
Posts: 660
Joined: 3.05.2005
From: Moscow, Russia




QUOTE(PaulOMB @ 18.12.2013 11:41) *
1. Currently when using Kaspersky as WSUS server it fills up my c drive and am unable to relocate the store as the files are stored in C:\ProgramData\KasperskyLab\adminkit\1093\.working. Can this be changed?


Currently not, sorry; but we think of a possibility to change this default storage location during the setup process, etc.

QUOTE(PaulOMB @ 18.12.2013 11:41) *
2. When deploying to clients the patches don't always seem to deploy or restart machines as per the task.


Could you please describe the problem with some more details? It would be good if you could provide some task history (the sequence of task progress events for the problem host exported to a text file) showing the problem, or some detailed scenario description with both "actual" and "desired" results, etc.
Thank you in advance!
Go to the top of the page
 
+Quote Post

4 Pages V   1 2 3 > » 
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 28.06.2017 21:31