hedel
-
Posts
3 -
Joined
-
Last visited
Posts posted by hedel
-
-
Hi,
I'm trying to deploy KSC 13 Network Agent (13.0.0.11247) from KSC to a new Windows Server 2022 Standard Core but the task failed with "The device may have been disconnected from the network"
The task was executed without problem to another server with the same OS but with Desktop UI.
What should I check, please?
Thank you in advance
-
Hello all,
at August 4th, KSC registred a lot of events from different worksations in our network at same time:
Event type: Process action blocked
User: -- (Active user)
Component: Adaptive Anomaly Control
Rule name: PowerShell executes obfuscated code
Source process: c:\windows\system32\wsmprovhost.exe
Source process hash: 41caf4184b3e78ca14966207ff4fecwerwt3d2703b564ff3e6833d
Source object: object://ps:521DC7CFF46F74C6D3C7FF734EDE49AD7A2370F1050ECF8B7A1B385D7
Target object: object://script:$error.Clear() $IDS1 = 1069,1137,1155,1159,1205,1254,1641,2041,10690,10691,10692,10693,10694,10695,10696,10697,10698,10699; $IDS2 = 11370,11371,11372,11373,11374,11375,11376,11377,11378,11379,11550,11551,11552,11553,11554,11555,11556,11557,11558,11559; $IDS3 = 12050,12051,12052,12053,12054,12055,12056,12057,12058,12059,12540,12541,12542,12543,12544,12545,12546,12547,12548,12549; $IDS4 = 13002,1409...
Target object hash: 521dc7cfff734ede49ad7a2370f19ecf8b7a1b385d7The first that come to my mind was PRTG trying to get some WMI data, but we are not monitoring workstations (usually servers and network devices), anyway, I stopped the service but there were more events. At afternoon finished and we didn't see it again.
Some idea?
thank you in advance
deploy Kaspersky Network Agent in Windows Server Core
in Kaspersky Endpoint Security for Business
Posted
Hi @DonKid,
yes, the firewall ?
Thank you!!