IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Any issues with Kaspersky software if we disable SMBv1? [In progress]
dpeters11
post 18.05.2017 23:10
Post #1


Advanced Member II
****

Group: Members
Posts: 471
Joined: 6.07.2013




Our KSC is on version 10 SP2 MR1, most client agents are also on that version (but not all).

Would there be any issue with Kaspersky if we just disable SMBv1?

We do have the MS17-010 patch installed, with System Watcher but we're looking at this as a defense in depth.
Go to the top of the page
 
+Quote Post
Nikolay Arinchev
post 19.05.2017 01:54
Post #2


Technical Support Specialist
**************

Group: KL Russia
Posts: 11989
Joined: 5.10.2009




Hi,

QUOTE
Would there be any issue with Kaspersky if we just disable SMBv1?

Could you please be more specific?
What kind of issue we are talkig about?

Thank you!


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)

На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Подписаться на новости о корпоративных продуктах

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Go to the top of the page
 
+Quote Post
dpeters11
post 19.05.2017 18:52
Post #3


Advanced Member II
****

Group: Members
Posts: 471
Joined: 6.07.2013




QUOTE(Nikolay Arinchev @ 18.05.2017 17:54) *
Hi,
Could you please be more specific?
What kind of issue we are talkig about?

Thank you!


Well, I guess my question is, will anything dealing with Kaspersky break? Meaning if we disable SMB1, will I still be able to deploy to a client (either with or without the agent installed), communication between the client and KSC/update agents still work?

I'm asking for several reasons:

Kaspersky states that port 445 needs to be open, so that indicates to me that SMB is used, but not the version.
One of your competitors does require SMBv1 in at least one situation for authentication so made me think of AV.

I know I could just try it and see if AV breaks, but was hoping someone would know.

This post has been edited by dpeters11: 19.05.2017 18:52
Go to the top of the page
 
+Quote Post
Konstantin Anton...
post 19.05.2017 19:30
Post #4


Technical Support Engineer
*************

Group: KL Russia
Posts: 4021
Joined: 2.12.2015




QUOTE(dpeters11 @ 19.05.2017 17:52) *
Well, I guess my question is, will anything dealing with Kaspersky break? Meaning if we disable SMB1, will I still be able to deploy to a client (either with or without the agent installed), communication between the client and KSC/update agents still work?

I'm asking for several reasons:

Kaspersky states that port 445 needs to be open, so that indicates to me that SMB is used, but not the version.
One of your competitors does require SMBv1 in at least one situation for authentication so made me think of AV.

I know I could just try it and see if AV breaks, but was hoping someone would know.

Hi,

445 TCP port are used for copying installation packages.

Thank you!


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 | Трассировки KES8 | Отчет утилиты klnagchk

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Go to the top of the page
 
+Quote Post
dpeters11
post 19.05.2017 19:58
Post #5


Advanced Member II
****

Group: Members
Posts: 471
Joined: 6.07.2013




QUOTE(Konstantin Antonov @ 19.05.2017 11:30) *
Hi,

445 TCP port are used for copying installation packages.

Thank you!


Using SMBv1?
Go to the top of the page
 
+Quote Post
Konstantin Anton...
post 19.05.2017 20:18
Post #6


Technical Support Engineer
*************

Group: KL Russia
Posts: 4021
Joined: 2.12.2015




QUOTE(dpeters11 @ 19.05.2017 18:58) *
Using SMBv1?

Unfortunately, we don't have this information.

Thank you!


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)
На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 | Трассировки KES8 | Отчет утилиты klnagchk

Please evaluate support help by using "Rating" option!
Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!
Go to the top of the page
 
+Quote Post
dpeters11
post 19.05.2017 22:06
Post #7


Advanced Member II
****

Group: Members
Posts: 471
Joined: 6.07.2013




QUOTE(Konstantin Antonov @ 19.05.2017 12:18) *
Unfortunately, we don't have this information.

Thank you!


Ok, I guess I'll disable and see if it breaks.
Go to the top of the page
 
+Quote Post
Dmitry Eremeev
post 20.05.2017 02:54
Post #8


Technical Support Specialist
**************

Group: KL Russia
Posts: 11386
Joined: 30.07.2014
From: Moscow




QUOTE(dpeters11 @ 18.05.2017 22:10) *
Our KSC is on version 10 SP2 MR1, most client agents are also on that version (but not all).

Would there be any issue with Kaspersky if we just disable SMBv1?

We do have the MS17-010 patch installed, with System Watcher but we're looking at this as a defense in depth.


Hello,

I guess you're trying to protect your company against WannaCry.
Please keep in mind that disabling of SMBv1 is not a solution.
You need a bunch of countermeasures to prevent infection - http://support.kaspersky.com/general/products/13698
Thank you.


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)

На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Подписаться на новости о корпоративных продуктах

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!

Please evaluate support help by using "Rating" option!


Go to the top of the page
 
+Quote Post
dpeters11
post 20.05.2017 03:44
Post #9


Advanced Member II
****

Group: Members
Posts: 471
Joined: 6.07.2013




QUOTE(Dmitry Eremeev @ 19.05.2017 18:54) *
Hello,

I guess you're trying to protect your company against WannaCry.
Please keep in mind that disabling of SMBv1 is not a solution.
You need a bunch of countermeasures to prevent infection - http://support.kaspersky.com/general/products/13698
Thank you.


Not really, Wannacry is just bringing the issue to the forefront. Microsoft is trying to get v1 disabled, and the way I see it, there likely will be other vulnerabilities in it. If we don't need it, then why keep it enabled.

Go to the top of the page
 
+Quote Post
Dmitry Eremeev
post 20.05.2017 08:51
Post #10


Technical Support Specialist
**************

Group: KL Russia
Posts: 11386
Joined: 30.07.2014
From: Moscow




QUOTE(dpeters11 @ 20.05.2017 02:44) *
Not really, Wannacry is just bringing the issue to the forefront. Microsoft is trying to get v1 disabled, and the way I see it, there likely will be other vulnerabilities in it. If we don't need it, then why keep it enabled.


Please take a look at one more link
Thank you.


--------------------
In english: GSI report | AVZ report | KSC10 Traces | KES10 Traces | KSC9 Traces | KES8 Traces(RUS) | klnagchk log(RUS)

На русском: Отчет GSI | Лог AVZ | Трассировки KSC10 | Трассировки KES10 | Трассировки KSC9 |Трассировки KES8 | Отчет утилиты klnagchk

Подписаться на новости о корпоративных продуктах

Пожалуйста, оцените оказанную помощь, используя опцию "Rating" в названии топика!

Please evaluate support help by using "Rating" option!


Go to the top of the page
 
+Quote Post
dpeters11
post 21.05.2017 05:27
Post #11


Advanced Member II
****

Group: Members
Posts: 471
Joined: 6.07.2013




QUOTE(Dmitry Eremeev @ 20.05.2017 00:51) *
Please take a look at one more link
Thank you.


Ok, so since that recommends disabling SMBv1, then it seems safe to say that Kaspersky products don't use SMBv1.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 24.06.2017 18:02