IPB

Welcome Guest ( Log In | Register )

4 Pages V  < 1 2 3 4 >  
Reply to this topicStart new topic
> Vulnerability Assessment & Patch Management, Suggestions, funnel ideas
Rating 5 V
lubyou
post 19.02.2015 17:28
Post #41


Member
**

Group: Members
Posts: 43
Joined: 19.02.2015




Correct me if I am wrong, but currently it is not possible to have vulnerabilities fixed automatically without creating a task each time a new , is it?

Do you expose an API to to interact with found vulnerabilities?
Go to the top of the page
 
+Quote Post
Rob Milman
post 25.02.2015 23:28
Post #42


Newbie
*

Group: Members
Posts: 5
Joined: 25.02.2015




How do I refresh the Vulnerabilities Report? Right now it's reporting on over 1000 computers, yet we have less than 400. I've refreshed it, cleared my event logs, changed the setting to show only critical vulnerabilities. Yet I get the exact same report every time. This has given us very little confidence in the vulnerability reporting capabilities of Kaspersky.

Running: KSC 10.1.249 with KES 10.2.23 and KSCNA 10.1.249

Thanks,

Rob
Go to the top of the page
 
+Quote Post
kittyanne
post 12.03.2015 12:36
Post #43


Newbie
*

Group: Members
Posts: 1
Joined: 12.03.2015




1. Currently when using Kaspersky as WSUS server it fills up my c drive and am unable to relocate the store as the files are stored in C:\ProgramData\KasperskyLab\adminkit\1093\.working. Can this be changed?
Go to the top of the page
 
+Quote Post
Bart Simpson
post 12.03.2015 18:31
Post #44


Product Manager
***

Group: KL Russia
Posts: 116
Joined: 18.08.2005




QUOTE(kittyanne @ 12.03.2015 11:36) *
1. Currently when using Kaspersky as WSUS server it fills up my c drive and am unable to relocate the store as the files are stored in C:\ProgramData\KasperskyLab\adminkit\1093\.working. Can this be changed?


KSC 10 SP1 has new feature to change this folder. Just run klsrvswch.exe from KSC folder. smile.gif
Attached File  Picture1.png ( 54,56K ) Number of downloads: 100
Go to the top of the page
 
+Quote Post
Yerma
post 26.03.2015 13:49
Post #45


Newbie
*

Group: Members
Posts: 2
Joined: 26.03.2015




The Vulnerability Assessment would be handy if it would just nicely report to KSC without notifying the end user about possible vulnerabilities.
Go to the top of the page
 
+Quote Post
tvm
post 28.04.2015 11:31
Post #46


Member
**

Group: Members
Posts: 15
Joined: 13.08.2013




QUOTE(Bart Simpson @ 12.03.2015 16:31) *
KSC 10 SP1 has new feature to change this folder. Just run klsrvswch.exe from KSC folder. smile.gif
Attached File  Picture1.png ( 54,56K ) Number of downloads: 100


I used this feature to realocate the wusfiles to another drive but it seems that all downloaded Windows updates are duplicated to "C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer"
So it seems that the same amount of WUS* files now persist on the c: and e: drive of the server with over 200 GB of used space. Everyday I am expandig the virtual disks of the server because it is freezing due to a full hard drive.
And I get patches just for Windows 7/8.1 and Server 2008 R2/2012 and some SQL Servers/Exchange.

This is definitely a big roblem and I am thinking of disabling the whole WSUS part of KSC. Is there anything I can do?
Go to the top of the page
 
+Quote Post
FlorianH
post 23.06.2015 15:02
Post #47


Advanced Member I
***

Group: Members
Posts: 145
Joined: 4.05.2012




QUOTE(tvm @ 28.04.2015 11:31) *
I used this feature to realocate the wusfiles to another drive but it seems that all downloaded Windows updates are duplicated to "C:\ProgramData\KasperskyLab\adminkit\1093\.working\FTServer"
So it seems that the same amount of WUS* files now persist on the c: and e: drive of the server with over 200 GB of used space. Everyday I am expandig the virtual disks of the server because it is freezing due to a full hard drive.
And I get patches just for Windows 7/8.1 and Server 2008 R2/2012 and some SQL Servers/Exchange.

This is definitely a big roblem and I am thinking of disabling the whole WSUS part of KSC. Is there anything I can do?


You can use junctions to relocate the whole folder do a different location.
Go to the top of the page
 
+Quote Post
george.h
post 14.07.2015 17:36
Post #48


Advanced Member II
****

Group: Members
Posts: 223
Joined: 16.09.2011




I've a suggestion for Patch Management....

Scrap your current naming convention of "Patch A", "Patch B", "Patch C" etc. and adopt something more sensible along the lines of Microsoft's KBxxxxxxx. At least when they issue an update you can be sure which one is being referred to as, as far as I'm aware, the KB identifier is unique.

This Patch X is frankly absurd. In upgrading from KSC9/KES8 to KSC10/KES10 I came across TWO "Patch C"'s for KSC 10 and they were NOT the same!!!! That is just stupid.

George

This post has been edited by george.h: 14.07.2015 17:37
Go to the top of the page
 
+Quote Post
lepphce1
post 20.01.2016 18:40
Post #49


Member
**

Group: Members
Posts: 21
Joined: 19.01.2015




Please allow the ability to download Microsoft/Windows patches to KSC cache prior to installing. Maybe give us the option to immediately download patches from Microsoft when an update is approved.

Currently, my only option is just to hit Start on the "Install application updates and fix vulnerabilities" and wait an unspecified amount of time for patches to download from the Internet. This makes timing on server patch management unpredictable (will I have to wait 15 minutes or 3 hours for the KSC/WSUS cache to complete...?).

Thanks

This post has been edited by lepphce1: 20.01.2016 18:41
Go to the top of the page
 
+Quote Post
FMcGovern
post 10.03.2016 01:25
Post #50


Advanced Member II
****

Group: Members
Posts: 243
Joined: 6.06.2013




Nevermind this post.

This post has been edited by FMcGovern: 10.03.2016 01:27
Go to the top of the page
 
+Quote Post
WapelloTechie
post 6.04.2016 20:08
Post #51


Newbie
*

Group: Members
Posts: 3
Joined: 29.04.2014




QUOTE(ssbs @ 30.10.2013 07:24) *
Hello Alexander,

Sun java
Mozilla 22.x

That's all it is to that.

I manage 15 machines on a part-time basis. I use this feature every month to push Adobe and Java patches and get them out more quickly without having to come in after hours or annoy other uses. I download the patches from the publisher, create a distribution package using KSC and add /s or /q in the options. Then I create a job to push them out overnight. Java needs to be uninstalled (also done with Kaspersky) before the update is installed in order to FULLY remove the old instance.

I am having some trouble with misreporting of the client machine status, but the update process works smoothly.

I would like a way to complete ignore optional Windows Updates.
Go to the top of the page
 
+Quote Post
HammerBob
post 17.04.2016 21:55
Post #52


Newbie
*

Group: Members
Posts: 8
Joined: 10.04.2016




I use it on around 40 workstations and 10 servers. Overall I like the patching abilities that KSC gives me - but there are things that need improvement. Here are the things I would like to see changed.

Give me the ability to store updates and patches in a specified location. Currently the account switch utility lets me move about half the updates to a drive other than C, but the FTServer folder still contains over 100GB of files. I saw the post about using a junction. That's a hack that may work - but you really should let me specify the patch storage location as one folder that contains all those files. Definitely a pain having that FTServer folder on my C drive.

My list of available updates contains LOTS of foreign language patches. That may be in part because I may have had KSC download patches before I discovered the place where I can specify the languages to download. But now my list has hundreds of foreign language patches. I've selected them and said to delete them - but they never leave the list. I want the ability to select them, delete them, and they disappear from the list.

Need more information in the log for when a patch doesn't install properly. Currently all it says is "Completed with error" and "Updates installed: X out of Y". When multiple patches fail it can be difficult to tell which patches succeeded and which failed, and why they failed, as shown in the attachment image.

Attached File  KSC_Patch_Error.jpg ( 63,32K ) Number of downloads: 28


When looking at the list of available patches under "Software updates", the Search function needs work. It should perform a case-insensitive search for the specified text contained anywhere within the Name, Description, Security level according to MSRC, or Severity level columns.

This post has been edited by HammerBob: 17.04.2016 21:57
Go to the top of the page
 
+Quote Post
Bernhard Kanduth
post 8.07.2016 15:39
Post #53


Newbie
*

Group: Members
Posts: 2
Joined: 27.02.2008




Hi, it whould be great to have a option for clearing the Storage and get rid of old and not needed patches from the C:\ProgramData\KasperskyLab\adminkit Folder
Go to the top of the page
 
+Quote Post
Artem Ershov
post 8.07.2016 20:28
Post #54


Technical Support Engineer
**************

Group: KL Russia
Posts: 6599
Joined: 15.06.2015




Hi,

Actually you can clear update repository from the KSC -> Repositories -> Updates -> Right click -> All tasks -> Clear update repository.

BR


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!


Подписаться на новости о корпоративных продуктах
Go to the top of the page
 
+Quote Post
doug-stamp
post 2.08.2016 20:27
Post #55


Newbie
*

Group: Members
Posts: 2
Joined: 19.04.2016




QUOTE(Artem Ershov @ 8.07.2016 11:28) *
Hi,

Actually you can clear update repository from the KSC -> Repositories -> Updates -> Right click -> All tasks -> Clear update repository.

BR

This only clears Kasperky definition updates which do not take up much space at all. They are asking for the ability to clear Microsoft Updates as they take up 100's of GB of space.

Also, updates that are applicable to machines are not showing as applicable. The entire WSUS portion of KSC seems to be hit or miss whether it is going to apply a Microsoft/Windows update or not. If I enable KSC as WSUS and run a find updates and vulns., then sync/download windows updates, then approve updates, then run the task "Install updates and vulns..."(which is configured to apply approved MS updates), none of my devices actually update, I get "no action required". I have created a task to install specific updates, added said updates to that task and run it and I get "no actions required".

If I disable KSC as WSUS and then enable my WSUS server and the GPO specifying the WSUS server, all the sudden I have tons of updates to run on all of my devices.
Go to the top of the page
 
+Quote Post
p.chi
post 2.08.2016 21:52
Post #56


Member
**

Group: Members
Posts: 18
Joined: 12.08.2015




Go to the Application Management section - Software Updates.
Have you approved / denied the updates you want installed? You would do this here.
Do you want to remove update files? highlight one, two or all and right click, select Delete update files.

Also the Software Vulnerabilities section you can add rule to a specified task.
Go to the top of the page
 
+Quote Post
Richard Long
post 3.10.2016 20:27
Post #57


Newbie
*

Group: Members
Posts: 8
Joined: 13.01.2015




This is actually a very good topic for my organization.

1 - Our internal patching is geared entirely towards Microsoft Updates. We are currently very, very behind on third party software. KSC is the only viewpoint I have (security team) into how bad our patching actually is, and provides a good cross-check for the SCCM results for MS Patches

2 - Please, change the Vulnerabilities report. I would like to see CVE, KB, or other vendor-specific details in the report, as well as having the ability to click on a KLA vulnerability link and see actual information on the vulnerability. Currently if I click a "KLA" link it just opens the exact same report in my default web browser. This complaint extends to malware detections as well, if I click on a detection name I don't want another report, I want information on the malware. In the documentation it refers to the Virus Encyclopedia but I have yet to find it. (See KSC 10.3.407, English, editing a KES v10SP1MR2 policy, General Protection, Exclusions, Add, Object name. It is very possible I'm an idiot on the Virus Encyclopedia and missing something, but the Help instructions don't provide a link or describe what part of the object name is important)

3 - A report without an entry for every single machine would be appreciated. I have created a custom report that basically has no Details section, but for our day to day reporting I just need the raw numbers on how many machines have which CVEs (a CVSS base score would also be very useful). It is hard to understand exactly what is being shown without taking the results as raw input and doing a lot of unnecessary research and manipulation.

4 - For software that is widely distributed and tends to have a large amount of version spread on a substantially sized network (with poor patch management and software installation policies), such as Adobe Reader or Flash, please give us the data views to say to our bosses 'on our #### systems, ### have critical Adobe Flash vulnerabilities, with an average of ## critical, ## high, and ### low per affected system across all versions of the software.' Currently I have to dig through way too much external information to say how many issues are from Flash (or Acrobat, or whatever) as each vulnerability is a separate line item, and each version of the software is a separate set of line items, and each system affected is yet another line item. There are literally over 17000 lines in the detail report (yes, we suck at patching). I have no way to determine which ones are overlapping. This is a nightmare for me.

5 - On the software inventory, link back the vulnerability data as described in #4.

6 - I don't foresee us pushing patches with KSC due to internal politics, but I would if they'd let me. Other's descriptions of how medium and large shops already have something in place for this... That's great for them, but in my experience not all of them do. Having this capability (even if it isn't a full blown feature) could be very useful for the odds and ends that the MS/SCCM guys don't want to touch.

Thanks for everything so far, I have my gripes about some fairly minor things but overall I am continuously pleased with the KSC/KES v10 for business. We use a lot of the features and having it on one console makes it easy for a small security team to (attempt to) manage a lot of responsibilities (e.g. malware protection and USB device control) that would normally end up being spread to other groups within IT.

As a last note, and I submitted this under the previous request for ideas.. Please, let us turn off the complaint buttons on policy popups. Seriously.

This post has been edited by Richard Long: 3.10.2016 20:28
Go to the top of the page
 
+Quote Post
siddharthashah
post 3.12.2016 13:46
Post #58


Advanced Member I
***

Group: Members
Posts: 60
Joined: 5.12.2011
From: india




There is problem about reporing proceess need to improve
Go to the top of the page
 
+Quote Post
Artem Ershov
post 3.12.2016 18:57
Post #59


Technical Support Engineer
**************

Group: KL Russia
Posts: 6599
Joined: 15.06.2015




Hi,

Please describe your problem in more details.

BR


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!


Подписаться на новости о корпоративных продуктах
Go to the top of the page
 
+Quote Post
SGatke
post 9.12.2016 02:27
Post #60


Advanced Member I
***

Group: Members
Posts: 56
Joined: 11.08.2016




QUOTE(doug-stamp @ 2.08.2016 17:27) *
This only clears Kasperky definition updates which do not take up much space at all. They are asking for the ability to clear Microsoft Updates as they take up 100's of GB of space.

Also, updates that are applicable to machines are not showing as applicable. The entire WSUS portion of KSC seems to be hit or miss whether it is going to apply a Microsoft/Windows update or not. If I enable KSC as WSUS and run a find updates and vulns., then sync/download windows updates, then approve updates, then run the task "Install updates and vulns..."(which is configured to apply approved MS updates), none of my devices actually update, I get "no action required". I have created a task to install specific updates, added said updates to that task and run it and I get "no actions required".

If I disable KSC as WSUS and then enable my WSUS server and the GPO specifying the WSUS server, all the sudden I have tons of updates to run on all of my devices.


My suggestions would be to allow better control for the administrator about how space is used and reclaimed.
Forcing us to have massive C: drives is not ideal. Even though we can expand C: drives in a virtual environment, the amount of space needed is not nice when we try to have C: drives run from SSD disks.
Please allow us to perform maintenance tasks like cleanup of the patch management data. Right now it is impossible to plan for long term disk usage.
One suggestion would be to assign a maximum amount of storage for patch management. When reaching this limit, KSC should auto-delete older files. If they are needed again, they should be re-downloaded.
There are plenty of posts in this forum about this issue and it would be much appreciated if Kaspersky could improve on the patch management features.

On our network we have to run a new tasks each time we want to install a patch, even though we have a scheduled task in KSC that is supposed to install all missing updates that are approved.
This would also be much appreciated if this could be fixed.

Thank you.
Go to the top of the page
 
+Quote Post

4 Pages V  < 1 2 3 4 >
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 24.06.2017 00:46