Deadlock4400
-
Posts
87 -
Joined
-
Last visited
Posts posted by Deadlock4400
-
-
Hello @ElvinE5
It is very irritating to add many unknown hashes manually use the "Application Control" tool (as described above) to block launch attempts. They are also not in the OpenTip.
Can we add many unknown Hashes from a CSV file format in EDRO? If we have already many unknown Hashes then why we can not update Kaspersky Threat Intel also by adding Hash?
-
Hello everyone,
The environment is below -
KSC 13.2 Master with internet
KSC 13.2 Slave without internet
Database MS SQL Express
How can the upgrade of KSC 13.2 (Slave Server) to KSC 14 Master server done? Here old Master server will be drop and the old Slave 132. will be upgraded to KSC 14 Master server and will have the internet connection.
Thanks in Advance
-
On 8/10/2023 at 11:43 PM, Vimaro said:
Dear user,
Thanks for your post. IMHO: Is no needed to add manually hashes for detection of malware in application control, because if you have Kaspersky EDR Optimum, KSWS & KES have cloud based detection with Kaspersky Security Network and this is an infrastructure of online services providing access to Kaspersky's online knowledge base on the reputation of files, web resources and programs. In summary: malicious hashes should be detected automatically by our technologies. It is recommended that you use Application Control to add riskful tools that can be used by attackers against your computers (Nmap, Advanced IP Scanner, PsExec, MimiKatz, Kali, etc).
Maybe you receive that amount of hashes from your SOC? If yes, please reply this message to bring you some alternatives.
Many Hashes are not recognized by Kaspersky OpenTip. I think there should be a option in KSC to add manually or set of Hashes.
-
Hello @ElvinE5
Thanks for your reply.
I always access Kaspersky OpenTip. I quires many Hashes but many of them yet not sown by Kaspersky OpenTip. Even I tried on other Tip too, same result. I think there should be a option in KSC to add manually or set of Hashes.
-
Hello @DonKid
thanks. but see the previous reply, please.
-
Hello @ElvinE5
Thanks for the reply. Yet not in the EDR Optimum. Seems like if EDR Optimum is there then also only one HASH can be added at a time. Hopefully near future, Kaspersky give the option to add many HASH at a time from a text file.
Now from file category HASH cane be added at a time. Is that for KESB only? How can be those HASH added into KSWS Policy?
-
Dear Concern,
Greetings.
How can I add multiple file hash on Kaspersky Security Center 13.2 to block applications / Programs through Kaspersky Endpoint Security for Business (KESB)?
Thanks in Advance
-
Hello everyone,
Seems like no update here for my queries.
I explore other products like Trend Micro, ESET etc. where I found the below URLs about Azure Code Signing (ACS) program as an IMPORTANT BULLETIN / Notice / Warning. Please visit the below -
-
Hello everybody,
Does Kaspersky Endpoint products must be running a version of Microsoft Windows that has been updated to support the Azure Code Signing (ACS) program, which replaced the deprecated cross-signing program.
Windows support for the Azure Code Signing program
-
Dear Concern,
How can we have the logs of Scan and database update of every PCs logs from KSC13.2?
Thanks in Advance
-
Thank you for your kind advice.
-
Hello everyone,
Greetings.
The environment is given below -
*Kaspersky Security Center 11
while try to back up the KSC Database then a dialog box appears where written Generic db error: " 'Can not open database KAV" requested by the login. The login failed. ' "
Hope to have exact and rapid guideline for the above problem.
-
Hello everyone,
The scenario is like below -
Kaspersky Security Center 13
SIEM QRadarWe previously able to send logs from KSC to Syslog Server. Now we are trying to send logs / events from KSC to QRadar SIEM. But it is not working?
Also visited the following webpages -How to integrate Kaspersky Security Center 10 with SIEM systems
About configuring event export in a SIEM system
Wish to have some guideline / suggestions from here.
-
Hello @DMorg24
Happy New Year to You too. Thanks you.
As I mentioned earlier that only the Primary KSC server has the internet and it was installed IP base and also it has the Internet connectivity.
Can I select the properties of this server from Primary KSC server Managed Device Group and change the old IP to a NEW one?
Thanks with Regards -
-
Hello everybody,
Greetings.
The environment is given below -
Master KSC 12 (It has Internet connectivity)
Slave KSC 12 (No Internet Connectivity)
All clients are connected to Slave KSC 12. And the Master KSC 12 is used to getting update for Slave KSC 12.
Now can we change the Master KSC Server IP?
Thanks & Regards -
-
Hello everybody,
The KSC Server’s IP was changed and all Client PCs were vanished from KSC but while the IP was put as it was before then all previous Client PCs showed.
Now If we make new Network Agent (standalone) and try to install in a PC (Win10, Win7) then it’s showing an error that it can not connect with the KSC. But Network Agent has been installed.
Upon checking the log file there showing
“Attempting to connect to Administration Server...Transport level error while connecting to http://192.168.88.60:13000: SSL authentication failure, certificate is invalid or outdated.”
Log file is being attached, please see.
The environment is -
Kaspersky Security Center version is 11
Network Agent version is '11.0.0.1131 (b)’
Waiting for a good suggestions.
Thanks in Advance
-
Hello @MilanBortel
Thanks for your reply and suggestions.
I used KSC and Ubuntu Desktop Linux in a Virtual environment and as per the video link Kaspersky Network Agent and KES was installed and then it was visible.
Is there any suggestions for installing KES on Linux Ubuntu Server?
Thanks in Advance
-
Hello everybody,
Greetings.
The environment is given below -
KSC version: 12.2.0.4376
KES for Linux version: 11.1.0.3013
KSC Server: Windows 2016 Standard
Client Desktop: Ubuntu Desktop version: 20.04.2 LTS
Below files are downloaded from web link - Kaspersky ENDPOINT SECURITY FOR WINDOWS, MAC, LINUX
Kaspersky Endpoint Security for Linux
1. Version 11.1.0.3013 | Debian x64 | Network agent
2. Version 11.1.0.3013 | Debian x64 | Distributive
3. Version 11.1.0.3013 | Windows | Administration Plug-InI’ve visited the Youtube link - Install Kaspersky Security for Linux and connect to Kaspersky Security Center (Step by step) and installed the above 2. and then 1. Those are working alright but as i did not put License key, KES for Linux is showing expiration time 30 days. And the major fact - that Linux device is not showing on KSC 12 at all? Point is - does not the Kaspersky Security Center Network Agent work with Linux Network Agent?
If manually I have the step-by-step guideline then really would love to know how to make remote installation of Linux device through KSC!! Waiting for proper guideline here.
Thanks & Regards -
-
Hello @MilanBortel
Thanks for your reply.
Yes we can see the Devices which have Kaspersky Licenses by double clicking on the License key file/activation code from the Kaspersky Licenses section.
Another option is there 'View report on usage of license keys'.From Device Discovery we can do Domain Scan / Active Directory / IP range Scan.
If some Devices (PCs) are formatted and again KES agent installed Or previously a PC had another version of KES License and now lets say KES advance license then after Device discover same PC show 2 or 3 times but with Real Time protection 1 PC is there, others 2 might have Network Agent showing.
So how can we permanently delete those duplicate PCs from KSC or from KSC database?Thanks
-
Hello @Caos may i have a suggestion?
-
dears,
I have KSE 11.5.0.590 up to date and all engine worked, my device infected with Lock Bit ransomware and the KSE didn't detect this ransomware .?
best regards
can you confirm your network storage / file server position in this scenario? Because your device software and firmware up to date but if remote access or accessing file storage without non-encrypted channel might infected your pc!
Thanks -
-
Hello everybody,
Around 50 KES Advance licenses are not deployed but showing those are being used.
Environment:
KSC Version - 12
KES Version - 11.4
Previously there were KES SELECT License were there but we’ve made a New KSC and deploy all new KES agents and Network agents. Everything seems like alright but problem is with Licenses. Let’s assume 200 valid licenses was purchased but deployed only around 150. But on KSC License sections there showing nearly 195 deployed.
Please give me some exact guidelines then we can sort this problems out.
Thanks in Advance
-
hello @Nikolay arinchev,
hope you are fine and can you give me some solution in this scenario!
-
Hello everybody,
KSC 12 and the Linux based Syslog Server has been integrated. (Exporting events from KSC 12 to Systolg Server)
Right now logs are sending to syslog server but showing endpoint system Host Name not KSC 12?
Is there any option on KSC 12 to customize all logs in user expectation way? or this function on KSC 12 are fixed?
Or, have do customization on Syslog Server?
Thanks -
How can the upgrade of KSC Slave 13.2 to KSC Master 14 including Internet Connection?
in Kaspersky Endpoint Security for Business
Posted
Hello @ElvinE5
Thanks for your reply.
Should I install / upgrade KSC Slave 13.2 to KSC 14.2 then just erase and disconnect the old Master KSC 13.2?
I didn't understand "to switch roles .. just break the chain of command. note that devices from the server that you want to delete must be migrated to connect to a new server, otherwise you will lose control"?
All devices on Slave KSC server 13.2.