Deadlock4400
-
Posts
87 -
Joined
-
Last visited
Posts posted by Deadlock4400
-
-
Hello Everybody,
As there written latest KES 11.3 supports only KSC v12, then what will be the upgrade procedure from KSC v11 to KSC v12, including the KES 11 or 10 to 11.3?
If the KSC v12 installed and it has it’s KES v11.3. Can KSC 12 supports to have DB backUp, Policies Import and Tasks import from earlier KSC versions?
Thanks in Advance
-
-
Thanks. Meaning that I will have the option to enable AMSI protection when the trial period expires, and we’ll start paying for the license, right?
seems like AMSI is on all three versions.
-
need to perform action on all 3 policies
-
hello @flas
Advance license is needed
-
Hello Everybody,
The scenario is explained below-
Kaspersky Security Center 11.0.0.1131b
Kaspersky Endpoint Advance 11.2.0.2254
Syslog Server is a TheckOS Storage where Syslog Server option is there.
Now problem is that The Syslog server can only showing Informative Logs of KSC. Not the warning, Critical etc. logs of KSC.
Even from Wireshark , it’s clear that KSC is not sending other type of logs (only Informative logs of KSC are being sent)
Below url was being followed -
On KSC Enabling automatic export is done (Screenshot Attached below)
Then Syslog Server IP added with UDP port 514 -
Selecting export events
Selecting events in a policy has doneFrom the properties of Event configuration section, all the events are selected and then from events properties, Export to SIEM system via Syslog check box is enabled for all selected events
Upto this point done.
But now We can see only KSC information event on Syslog server, no other critical or warning events there showing on Syslog Server, even Wireshark we only see informative events are forwarding from KSC to Syslog Server, no other events are going.
Should i do the “Selecting events for an application”??
Thanks in Advance
-
hello @ak01
Thanks for your reply.
Option “Scan encrypted connection” was ON n OFF both way tasted. Even i use the trusted domain also. I follow the below web link -
also follow -
No way out!!
-
I don’t think Kaspersky is the issue here. Did you tried Opening the same website with any other browser?
Because browsers too block such requests and don’t allow you to proceed further.
hello @raviparker
See the first screen shot, there below left corner you can Kaspersky logo.
It’s fine that the website has certificate or other problem, but there should be some way to exclude such irritating problem.
Dear @Nikolay arinchev can you please answer something cool over here and make a awesome solutions !
Thanks -
-
-
If the connection between KSC Server and Clients are good to go then the problem in your Network Agent and on Client Packages.
Try to make standalone package of Network Agent and Endpoint. Then first installed Network agent then Endpoint agent.
-
Dear Deadlock4400
I implement Kaspersky security Console, and then saw which clients are discovered in the unassigned clients list, just one of all my clients was discovered
so I installed package (integration of Agent & antivirus) on client,Agent was installed successfully but the antivirus was not installed , then I tried to use remote installation tools but it was not successfull
The installation task got stuck in 32% and the problem was in connection between client and server.
please note that I disabled firewall service in server and turn off It in client control panel
try to do ping with IP and hostname from both side (Server to Client and Client to Server), if that’s alright then from Client PC \\…...(KSC server IP), see if you have the KLShare folder or not?
-
Dear Deadlock
hi
What do you mean by windows remote registry service? is that Windows Remote Management Service?
and It would be on , on all clients? or you mean It should be on, just on server?
There is no FQDN because It’s a workgroup network, and I set the Server IP in “Change administration “ Task to established a connection between clients and server based on IP Address
but I chechked it before and I’m sure about solving NetBios Name to IP Address correct
I clearly wrote there that for Client/Target machine, NOT KSC Server?
You can find the Remote Registry Service on Services.msc
While you did KSC, what did you chose, IP or FQDN for this KSC Server, that i was saying!
-
Hello @Samira-IT Expert
Your Remote Installation Target machine should have Windows Firewall Off and Windows Remote Registry Service ON. And check if any other AV is installed there or not.
And while you installed KSC, was it IP base or FQDN base installation?
Thanks in Advance
-
Hello Everybody,
Getting the message: "Visiting a domain with an un-trusted certificate".
Tried into above network setting no luck.
Also from Web Threat Protection> Trusted Web Address the site was added but still the same warning showing.
-
Hello,
After KSC 11 and Syslog server connection done then will the client machine push the logs through KSC 11 automatically or there should make some work like making tasks on KSC11?
-
Hello @kk60
Kaspersky Security Center 11.0.0.1131b Supports up to Operating system: Windows Server 2019 , but The Microsoft SQL Server for this KSC supports up to MS SQL 2017.
please visit the below web link -
Hardware and software requirements
If your new Windows 2019 for KSC has different IP and different FQDN from Running KSC Server then, you can do agent transfer from Old one to New Windows 2019 KSC server. That’s smart move.
If you don’t want to go above Agent transfer method then You have to do old KSC DB backup and make the restore into New KSC DB (Note: If you old KSC setup was IP base then different FQDN will not make problem, otherwise you will fall into trouble)
Thanks in Advance
-
While the KSC and Alien Vault will be integrated then LOGS fro KSC to SIEM = Push or Pull method will be in action?
-
hello @Kavuser10
Thank you for your reply.
-
hello @Nikolay arinchev
Thanks for your response.
-
Hello everybody,
The scenario is like below-
Kaspersky Security Center 11 need to be send logs to Syslog Server then from Syslog server logs need to be sent to AlienVault SIEM.
is the above scenario is a good practice? If the scenario is set like the above then -
what will be the method from KSC11 to Syslog Server and then Syslog Server to SIEM….is that push or something else?
Thanks in Advance
-
-
Hello everybody,
If a license is issued for 12 days by written on it's papaer starting and ending date, then if this license put into KSC, will this license impact on that starting date to ending date?
Thanks in Advance
-
Dear @Nikolay arinchev
I will let you know by updating one endpoint to latest version.
Thanks in Advance
-
Hello @Nikolay arinchev
Thanks for your quick response.
The KES version is 11.0.0.6499
The KSC is 11.
Exactly from where I have to do some tuning for the Honeywell handhold scanner?
Thanks in Advance
Create a VM for KSC12 to download updates to the repository
in Kaspersky Endpoint Security for Business
Posted
Hello Everybody,
Kaspersky Security Center 12 is on a place where it is unable to download updates to the repository. So is there any way, to make a VM, from where it can take it’s all update?
Thanks in Advance
@Deadlock4400