Jump to content

Erwin NL

Members
  • Posts

    9
  • Joined

  • Last visited

    Never

Reputation

3 Neutral
  1. Thank you Harlan, i see the site is now already accessible, i will inform my college he can now visit the site. Gr. Erwin
  2. Hi, A question, the website https://www.freertos.org/ gets blocked by Kaspersky Endpoint Security, reason : threat of data loss, detection cloud analysis. When tested using VirusTotal only Kaspersky blocked the site naming Phirsing as the reason. https://www.virustotal.com/gui/url/72173d92cb9d9a8cd8cd97bc54ff3813bc74f3295c23f0af1c4d32b441078d04/detection Is it possible to double check this, seeing that only Kaspersky blocked it, all other scanners say it's fine. Gr. Erwin
  3. @sd75 For vSphere and ESX local management websites i was able to resolve this problem easily by downloading the root CA from the vSphere and ESX local management websites and then importing these into the local computers store under "Trusted Root Certification Authorities”. This unfortunately did not work for my RSA servers to access them i still need to use an old Internet Explorer version.
  4. In the first picture you can see that i cannot connect to the vSphere website, in the second picture i first tried to disable the KES policy butt that did not change the situation then i shutdown the KES application and i could immediately connect to the vSphere website without any problems. PIC.01 PIC.02
  5. I have the exact same problem since i updated my KES clients to 11.2.0.2254 last Friday, i am unable to connect to my local VMware vSphere web page because the option “I understand the risk, but want to proceed” is missing, when i disable KES 11.2.0.2254 the web page loads without issues. A little side note the address is added to "Web threat protection” \ “Trusted web addresses” but that does not resolve the problem. The certificate has also been added to my Windows 10 local computer certificate store, still no change, within Firefox i am unable to import the certificate because Firefox says there is no need to import it since it is a trusted certificate, the issue here is KES. I also suddenly have problems with R&D software tools which worked fine but since the KES upgrade to 11.2.0.2254 suddenly are no longer able to write to remote network drives, the policy is in place and the clients are part of the managed devices\clients.
  6. Hi Adam, Luckily i have not seen this issue resurface on any of my servers and client devices, so i guess that's good news, but i never did find out any more about this issue then i had already posted here.
  7. I would love to but unfortunately there is nothing in the KSC backup to send just the notification like in the picture i just added.
  8. Hi, thank you Nikolay for your answer, it's to bad the there isn't more information available, especially because i still have no clue as to how this got to my FileServer, apparently from a client computer sure but that client computer itself didn't detect anything and they both use the same KES11 installation. The only other way i could have spread to the FileServer would be that it spread though a Ricoh network multicopier, and that would be very bad cause if that would be the case, because it could stay undetected and possibly untreated on that device for a long time.
  9. Hello, On our Windows 2019 fileserver there was a "HEUR:Trojan.Multi.Crypmod.gen" blocked according to the KSC10 administration server Threats Report. Path to file : System Result: Blocked: HEUR:Trojan.Multi.Crypmod.gen User: DOMAIN_XXX\USERNAME_XXX (Initiator) Object: System Reason: Dangerous action Database release date: 9/​23/​2019 3:56:00 AM Remote session: 0x1e08736c Remote host: - (192.168.0.xxx) Looking in the KES11 "Reports\Behavior Detection" on the File Server i can see the following. 9/23/2019 4:48:27 PM Malicious object detected External application DOMAIN_XXX\USER_XXX Detected: HEUR:Trojan.Multi.Crypmod.gen External application Behavior analysis Application: External application User: DOMAIN_XXX\USER_XXX (Initiator) Remote session: 0x1e08736c Remote host: - (192.168.0.xxx) Component: Behavior Detection Result: Detected: HEUR:Trojan.Multi.Crypmod.gen Object: External application Reason: Behavior analysis Database release date: 9/23/2019 3:56:00 AM 9/23/2019 4:48:27 PM Blocked External application DOMAIN_XXX\USER_XXX Blocked: HEUR:Trojan.Multi.Crypmod.gen External application Dangerous action Application: External application User: DOMAIN_XXX\USER_XXX (Initiator) Remote session: 0x1e08736c Remote host: - (192.168.0.xxx) Component: Behavior Detection Result: Blocked: HEUR:Trojan.Multi.Crypmod.gen Object: External application Reason: Dangerous action Database release date: 9/23/2019 3:56:00 AM Unfortunately i cannot find much more then this in the Kaspersky logging and cannot find anything at all about this in the KES11 logging on the Users computer. I've scanned all our Servers and every client computer in our company and found nothing, what i do know is the this user used a private USB stick to print some pictures for his kids birthday, this USB stick was placed in his (up to date) Windows 10 computer but was also placed in the Ricoh printer itself, a device that i cannot scan. Fortunately it looks like the program was halted before it could do anything and since this happened we did not detect anything strange on our network or our computers. But the lack of information bothers me, especially because the users client computer has no logging of this issue at all, is there any way i can find out more about this Trojan.Multi.Crypmod.gen or get more useful logging from KES or from KSC..?
×
×
  • Create New...