ak01
-
Posts
257 -
Joined
-
Last visited
Posts posted by ak01
-
-
please try kavremover
-
habe ich auch schon umgesetzt, ohne Probleme für Exchange etc.
-
ich nutze auch gerne Richtlinienprofile, denn diese machen es sehr flexibel, spezifische Einstellungen (mit einer globalen Richtlinie) zu setzen. Man benötigt keine unterschiedl. Richtlinien mehr, eine pro Gerätetyp (Clients/Server) genügt (wenngleich man aber keine Einstellungen pro KSC Gruppe setzen kann, aber pro Tag/AD Gruppe/OU usw.).
Danke für die ausführliche Beschreibung.
-
you should check the quarantine part of kes or on KSC (https://support.kaspersky.com/KSC/12/en-US/12430.htm)
-
man muss URLs angeben bzw. mit * Platzhalter arbeiten (siehe Beispiel):
-
2
-
-
Does the KES Adaptive Anomaly Control Module help to block that CVE?
https://support.kaspersky.com/KESWin/11.9.0/en-US/173855.htm
-
Theoretically (I have not done this before) you can download the Updates with the update tool https://support.kaspersky.com/updater4 to a folder an point the KSC update task to that (shared) folder.
-
Ich schätzte die KSWS immer, weil man bei Updates (z.B. KSWS10 → 11), Deinstallation(KSWS10)/Installation(KSWS11) oder Patchinstallation (CFxxxx) keinen Neustart brauchte.
Bei der KES11.8 schätze ich, ist das nun auch beim Server (aufgrund der NDIS Treiber Entfernung usw.) notwendig, oder?
bez. Verschlüsselungsausnahmen habe ich mal ein Topic erstellt, wenn das gemeint ist:
Link -
You can exclude ost file from real time scanning...
-
Maybe the affected computers are not managed anymore? Are they located under “managed devices” and showing as online?
Can you turn off the module (bad usb) on the local KES gui?
-
I would use setup_kes.exe
the official documentation: https://support.kaspersky.com/KESWin/11.1.1/en-US/123468.htm
-
You can allow overwriting a specific setting section on the slave server policy by opening the lock in the appropriate section on the master policy, but you should close that lock on each slave server (policy) in order to not allow users on the endpoint to change it.
-
it depends on the sql database and version (with mssql express it could be 10gb).
-
To be honest I have not updated to ksc13 yet (a lot of other work, I read about troubles at the beginning with ksc 13 but they seem to be fixed now and ksc12 works fine for me till now) and in ksc12, I do not have such an issue.
-
there should be a setting within the kes policy to allow local control of tasks...
-
Maybe the second server does ip range scans (or a connection gateway/distribution point)?
Have you had a look in reverse lookup zone (dns)?
-
Could you please post a screenshot how this is configured into intune?
Do you want to monitor other components of KES as well? It depends which components are activated within the policy but I would check all the basic ones (FileAV, WebAV, MailAV, …)
-
INC000013733537 created
-
I will create a ticket but could you please tell me if you know this issue or you know a fix/setting for it or if it is new to you? I opened the resource monitor from windows (tcp connections) and noticed that the connections are coming from avp.exe, so it is genereated by KES11.7 and not by the agent.
-
We are using KSC12.2 and KES11.7 and I noticed that my/many computer within the corporate network reach the KSC server as excepted, try to connect to ds.kaspersky.com every five minutes. However KSC server is reachable all the time. We also use KSC as a KSN proxy.
Why is that and is it possible to turn it off? We only want connections to KSC within the corporate network and no direct cloud connectivity (this is also no update problem, updates are not done every five minutes).
-
$myExeOutput = & "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com" STATUS
$found = $false;
$myExeOutput |
Where-Object {$_ -match 'File_Monitoring' -and $_ -match 'running'} |
ForEach-Object {
#$_ -replace '\s+Version:.*$',''
Write-host "av is running! "
$found = $true;
}
return $found;first line was truncated…
-
you can use something like this (this script works locally) but I am not sure how to return the correct state to intune (I assume a true or false return value?):
$myExeOutput = & "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for
$found = $false;
$myExeOutput |
Where-Object {$_ -match 'File_Monitoring' -and $_ -match 'running'} |
ForEach-Object {
#$_ -replace '\s+Version:.*$',''
Write-host "av is running! "
$found = $true;
}
return $found; -
You could turn of one component after the other until it works. Then I would check the settings of component which got turned of at the end.
You could also uninstall KES, reboot and install the latest version (11.8).
-
You can try to query avp.com (and parse output):
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.com STATUS
You can also check if specific executable files exist or if specific programs are installed (within windows software database).
Database update task complete successfully but give event error: Not all components were updated
in Kaspersky Endpoint Security for Business
Posted
From my experience, this disappears when you restart the endpoint. However I only have such problems on a very few amount of computers (one or two computers during a long time).
Maybe it also helps to close KES and start it.
You should check if you have the latest KES version or to update it (current version is KES 12.2).