Jump to content

Omarinho

Members
  • Posts

    9
  • Joined

  • Last visited

    Never

Reputation

2 Neutral
  1. Hi Nikolay, Thanks this is really helpful. I only have one further question is there anyway I can prove that HTTPS inspection is actually functioning i.e. if I enable some form of logging. Is there any test site of some sort to prove this? Thanks, Omar.
  2. Hi, I don’t seem to have had any response on this. So I’ll log it to the technical support team instead.
  3. Hello there, We’ve been attempting to enable some form of HTTPS content inspection via one of our existing management systems and noticed that Kaspersky 11.0.1.90 pf5323 does have this feature Under General Settings > Network Settings > Encrypted Connection scan. This is already active and I can see how it can be setup and implemented and it doesn’t appear to be causing us any issues, However I would like a detailed understanding of precisely how Kaspersky implements this feature and compare this against other solutions for example https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/https/https_proxy_contentinspection_c.html Thanks, //Mod Note: moved to the correct section.
  4. Hello, We are hosting an unsupported system called Care Free (http://www.carefreegroup.com/) for a customer that we provide IT support and Infrastructure for on one of our Windows 2016 Servers running SQL 2017 and KES 11.0.6499 pf5101 As of yesterday only Database release date: 04/09/2019 06:39:00 We've been receiving an alert from the NTP component on this server alerting us of a Bruteforce.Generic.MSSQL.b. on port 1433 of the server from clients running the Care Free software. This issue can be recreated when the client accesses a specific location within the application. The NTP block is causing a complete loss of connectivity to the SQL database intermittently making the application unusable. Obviously with the nature of the attack being a brute force I've had the affected system users change their password to a much more complex one (it is a local SQL account) I've been in touch with the vendor to identify what the precise workflow within the application is actually doing. However, is there any chance we could maybe identify whether the new database release might be a false positive? Event type: Network attack detected Application\Name: Kaspersky Endpoint Security for Windows User: F4\xxxxxxxxxx (Active user) Component: Network Threat Protection Result\Description: Blocked Result\Name: Bruteforce.Generic.MSSQL.b Object: TCP from 172.xx.xx.xx to 172.x.x.x:1433 Object\Type: Network packet Object\Name: TCP from 172.x.x.x to 172.x.x.x:1433 Object\Additional: 172.x.x.x Database release date: 04/09/2019 12:08:00
  5. Looks good so far. This can be closed now. Thanks for the suggestion!
  6. Hello! First of all you need to check target host to some advertising applications and extensions for browsers. Thank you! Hello, I believe that the most likely culprit was that the user was synchronising their personal google account with Google Chrome. We're in the process of initiating a full scan after disabling it and will update further if there is any known issues. Thanks,
  7. Hello, I'm after some advice. We use KES 11.0.6499 pf5101 on our estate of around 800 Windows 10 devices. We also use this alongside Windows Defender Advanced Threat Protection. We have an instance of one device triggering a suspected false positive. This tends to happen without user intervention i.e. this threat occured outside of office hours when the user had simply logged off the machine and left it turned on for the day. I'm wondering if someone can confirm or provide clarification on this alert. Any advice would be appreciated Event type: A backup copy of the object was created Application\Name: Windows Defender Advanced Threat Protection Service Executable Application\Path: C:\Program Files\Windows Defender Advanced Threat Protection\ Application\Process ID: 4348 User: F4\xxxx (Active user) Component: File Threat Protection Result\Description: Backup created Result\Type: Adware Result\Name: not-a-virus:HEUR:AdWare.Script.SearchExt.gen Result\Threat level: Medium Result\Precision: Partially Object: C:\Users\xxxx\AppData\Local\Temp\7745a4f1-50e3-42fa-a4f0-3cda56888e0c.tmp Object\Type: File Object\Path: C:\Users\xxxx\AppData\Local\Temp\ Object\Name: 7745a4f1-50e3-42fa-a4f0-3cda56888e0c.tmp Hash: 94ba1af36e29fd4775e113a2e75dc3ed9e481695e067d967ad96daa2fb860b1a
×
×
  • Create New...