[KES11.6 Exclusion trusted application IP range/subnet]

I added a firewall rule on top but it does not work:

 

 

 

I exported the trusted appl exclusion rule and found some XML which describes the IP (is it possible to change something within the XML file to cover more than one IP?):

            <key name="0000">
                <key name="V6">
                    <tQWORD name="Hi">0</tQWORD>
                    <tQWORD name="Lo">0</tQWORD>
                    <tDWORD name="Zone">0</tDWORD>
                    <tSTRING name="ZoneStr"></tSTRING>
                </key>
                <tBYTE name="Version">4</tBYTE>
                <tDWORD name="V4">2130706433</tDWORD>
            </key>

 

[KES11.6 Exclusion trusted application IP range/subnet]

Thank you for the suggestion. Does a firewall rule also apply in such a case (INC000012833838):

 

09:43:07.935 0x13dc ERR http ProxySession(245): traffic_processing::protocollers::http::pipeline::Http1Processor::ProcessData ResultCodeException - 0x8000004b (Unspecified error): Incorrect HTTP header. At C:\a\c\d_00000000\s\component\traffic_processing\source\protocollers\http\http_parser\http1\header_parser\header_parser.cpp(61)
09:43:07.935 0x13dc ERR trafmon ProxySession(245): traffic_processing::traffic_monitor::Session::OnDataReceived ResultCodeException - Failed to process data in high layer protocol: 0x8000004b (Unspecified error). At (0)
09:43:07.935 0x13dc INF trafmon ProxySession(245): TERMINATE connection

 

[KES11.6 Exclusion trusted application IP range/subnet]

Currently, someone can only add single IPs as a remote IP (trusted Application → do not check network traffic to a specific remote IP):

 

 

 

 

Could you please consider to be able to add IP ranges or IP subnets?

 

This is the only way to exclude (old internal) websites, which do not use HTTP protocol as it is described within RFC standards. We have many old printers providing a configuration website which do not send a response header (no even 200 OK) on certain requests (KES blocks that).

[RHEL/ J BOSS CPU utilization]

Normally, this happens when a third party app has a lot of activity (the cpu utilization of java is also high) and KES monitors that. Normally, I would add that app (when it is legitimate and not malware) to the trusted applications (in KES for windows -> I do not know KES for Linux).

[The User Profile service failed the sign in User profile cannot be loaded]

Have you added the NTUSER.dat exclusions stated in one of the first posts (above)?

As fas as I know, KES self defense protects (it’s own) registry keys in HKCU.

[High CPU usage on SQL server with security Center 13]

Have you done that:

https://support.kaspersky.com/ksc/12/en-US/92235.htm

[KAVFSWP consuming 99% of CPU [MOVED]]

Is there any task running (e.g. scheduled scan task)? You can have a look at this information when you start/install the KSWS console.

Are there any other processes with higher CPU load (from my experience, these should be added to exclusions, as long as their legitimate software which was installed, so that the activity of these processes will not be scanned).

[Creating a report of devices with Firefox installed]

you can do a simple search (this does not recognize portable versions):

 

 

[Kaspersky is using 100% CPU on Windows Server 2012 [MOVED]]

Which version/product are you using? You should use KSWS for servers (not KES or a home product).

 

https://support.kaspersky.com/ksws11

[Kes update license remotly silent mode [MOVED]]

but KSC does (can do ) this automatically?!

[Kes update license remotly silent mode [MOVED]]

 ADDKEY in https://support.kaspersky.com/11336

[Files werden von KES blockiert, dadurch wird Outlook nicht gestartet]

aber wie alexcd kenn ich so ein Verhalten auch nicht (haben auch viele Outlook 2010/13 und jetzt 2016 im Einsatz).

[Files werden von KES blockiert, dadurch wird Outlook nicht gestartet]

ok, dann ist das ein file locking?!

Du könntest Outlook selbst als vertrauensw. Appl. definieren (und die Dateien, auf die es zugreift, nicht scannen)...

[Files werden von KES blockiert, dadurch wird Outlook nicht gestartet]

wir hatten einmal einen MS Techniker vor Ort, der dies meinte bzw.:

https://www.msoutlook.info/question/virus-scanner-exclusion-recommendations

 

KES hat ja auch eine MailAV Komponente (ein Outlook Plugin), ob dies dann dadurch auch ausgeschaltet wird, kann ich nicht sagen.

Weiters gibt es ein Plugin für Exchange bzw. das Mail Gateway (AV Scan beim Eintritt in das Org- Netzwerk), dass Viren bereits zentral herausfiltert.

[Files werden von KES blockiert, dadurch wird Outlook nicht gestartet]

Hallo

ich weiß nur, dass MS empfielt, OST/PST auszunehmen.

Werden die Dateien in Quarantäne geschoben? Gibt es in den Reports Meldungen, warum diese Dateien angefasst werden (ist es an Malware Fund bzw. welche Komponente greift)?

[Upgrade KSC 11 to 13 [moved]]

I would just install the agent package from the new KSC on alle the computers (you can also start an agent install task on the new KSC but you need an AD user which has admin rights on the computers).

You can only move computers from one KSC to the other if the original is still alive and the computers are connected to it

[Cannot get application to be Trusted]

I think that’s why the HIPS windows does not show applications.

 

You should activate (sorry, I just have it in german):

 

 

[Cannot get application to be Trusted]

when you look at the properties of a computer object, do you see “executable files”?

 

Could you please post the whole message above?

[Suspicious activity that Kaspersky doesn't notice [Moved]]

you could start procmon (sysinternals)to see which process is doing that change

[Cannot get application to be Trusted]

You should look for the same application name as the Report messages states (this is sometimes not the exe). Maybe the application reporting is disabled as well….

[Cannot get application to be Trusted]

Could you please add the application also under “Application rights” (mark as trusted, last screenshot above).

How does the HIPS message/report in KES (local gui) look like?

[Cannot get application to be Trusted]

Have you added it to the 2nd tab(trusted applications)?

You can also do a manual recategorization in host intrustion module.

From my experience, it could also be that the process which does the work/gets blocked is different from what gets started.

[Update Programmversion Server]

bei CF kann man das PW mittels UNLOCK_PASSWORD= angeben, dann muss man die Richtlinie nicht ändern (aber ich kenne keine Möglichkeit, dies beim Upgrade zu tun → ich mache immer eine vollständige Deinstallation, ohne Reboot weil nicht notwendig, und dann Neuinstallation von KSWS).

[Kaspersky Anti-Virus and CheckPoint VPN problem - Compliance [moved]]

Have you tried to add all the checkpoint processes (maybe there are more of them in the background)?

Are you speaking about KIS, for home?

I only have experience with KES (Kaspersky Endpoint Security) for business and Checkpoint VPN.

[Kaspersky Anti-Virus and CheckPoint VPN problem - Compliance [moved]]

We have KES11 and Checkpoint VPN client. So far it works.

The only thing I know is that when CP VPN Client is installed first, KES cannot be installed (so KEs has to be installed first and after that the CP Client -> but that is an experience from former times). However I think that CP VPN Client can also block things and restrict things.