intrusus

Perfect @rvroege Then please mark your solution as “Best answer”. This will help out other members as well. :) Cheers, Intrusus

Hey @rvroege Just for me: Why do you use KES on your file server and not Kaspersky Security for Windows Server? Last one is also included in any KESB license. First, find out whether File Threat Protection actually slows down the computer (or a program): Find the computer that works slowly Disable the policy on it Stop (disable) File Threat Protection Check whether the computer (program) works any faster Even if programs work faster on the computer without File Threat Protection, do not leave File Threat Protection disabled. Configure exclusions for applications. Try various exclusion types: If all program files are located in a single folder, exclude the program’s folder from scanning If the program works with files in various folders or in a temporary folder, make the executable file of the program trusted Never exclude the operating system’s temporary folder from scanning. Malware is often started from it. If the program works with files in shared folders, try to disable scanning of network drives For the programs that start on the specified schedule during off business hours, pause File Threat Protection while the program runs Best regards, Intrusus

Okay, es gibt Antwort aus Moskau: Wähle bitte "Später erinnern" und beim nächsten Mal wo das Fenster erscheint, lehne es ab wenn möglich. Danach müsste es nicht mehr erscheinen. Sollte dies nicht möglich sein, gehe wie folgt vor: Schalte bitte den Kaspersky Selbstschutz aus. Öffne die Einstellungen (Zahnradsymbol) > Erweitert > Selbstschutz > Entferne hier den Haken. Bitte beende danach Kaspersky. Klicke dazu mit der rechten Maustaste einfach auf das Kaspersky-Symbol in der Taskleiste (unten rechts auf deinem Bildschirm) und wähle "Beenden". Öffne den Windows Registrierungseditor: Um den Registrierungseditor zu öffnen drücke auf Deiner Tastatur die Tastenkombination [Win] + [r] und gib anschließend "regedit" ohne Anführungszeichen ein. Bitte bestätige Deine Eingabe mit der Entertaste oder durch einen Klick auf OK. Finden den Registrierungszweig HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\AVP20.0\settings und wähle mit rechtsklick den Kaspersky_ID parameter an und klicke auf ändern. Gib dort einfach test@test.com ein, starte den Rechner neu und überprüfe, ob sich etwas geändert hat. Beste Grüße✌

Hi together - I’ve to interrupt here. Kaspersky is not a provider of VPN (Virtual Private Network) services. If access to specific websites or services is limited in the VPN service provider's region, you will not be able to access these websites and services through Kaspersky Secure Connection. Secure Connection - Application usage restriction This means, that Kaspersky does not want geoblocks to be circumvented with the help of Secure Connection, but simply wants to increase user security, e.g. by concealing the IP address, thus preventing tracking or securing surfing via public Wifi hotspots. It may be that some secure connection servers are blacklisted by Netflix & Co. Others are not. In this case, the random principle applies, with which IP you finally connect to the streaming provider. If bypassing geoblocking is still important to you, you should consider using a pure VPN provider. I personally use MullvadVPN , for example, because anonymity is extremely important to me and you can pay with cash, cryptocurrency and you don't have to provide an email address. Best regards, Intrusus

Hey @TechnicalQ sounds good, always glad if someone figures it out himself. 😎 In general please use the “adavanced desinfection” only if an active threat occurs. This feature is aimed at purging the Windows operating system of malicious programs that have already started their processes in RAM and that prevent KES from removing them by using other methods. The threat is neutralized when Advanced Disinfection technology is applied. While Advanced Disinfection is in progress, you are advised to refrain from starting new processes or editing the Windows operating system registry. After the Advanced Disinfection procedure is completed, the application restarts the protected machine. This caused your problem btw. 😉 After reboot, the program deletes malware files and starts a "lite" full scan of the protected computer. For your future & as a tip, Kaspersky teaches you to use the feature like this: Disconnect the infected device from the corporate network Disable the KSC policy locally (via right-click menu on KES-Symbol in Traybar) Open KES Settings locally Goto General Settings > Application Settings > Select checkbox “Enable Advanced Disinfection technology” Run a virus scan task locally Restart the computer, connect it to the internet again (maybe outside the windows network, so put in some kind of protected VLAN) Scan the whole computer again Cheers Mate, Leon

Hi @ramrod, kleines Update. Mein Ticket wurde an die Devs in Moskau weitergeleitet. Evtl. trägst Du durch dein Problem zum nächsten Update der KIS bei. ;) Sehr geehrter Herr [...], Vielen Dank dass Sie sich an den technischen Support von Kaspersky gewandt haben und für die gesandten Daten. Wir haben diese an unsere Produktentwicklung in Moskau weitergeleitet. Ihre Anfrage wird nun bearbeitet. Bitte warten Sie auf unsere Antwort. Sobald ich mehr weiß, gebe ich Bescheid.

Der einfachste Weg wäre über die Firewall deines Unternehmens. Ich weiß nicht, was du für einen Vendor einsetzt, bei Sophos XG reicht es aus, eine URL-Gruppe mit Youtube-URLs anzulegen und diese der Web Filter Policy hinzuzufügen. Auf Endpoint Basis werden, wie @alexcad schon in seinem Post schreibt, weitere Angaben benötigt.

Hi @TechnicalQ the “run missed tasks” option determines the behavior of a task if a client device is not visible on the network when the task is about to start. If this option is enabled, the system attempts to start the task the next time the Kaspersky Lab application is run on the client device: If the task schedule is Manually - it’s run Once, If the task schedule is Immediately: the task is started immediately after the device becomes visible on the network or immediately after the device is included in the task scope. You may want to disable this option for a resource-consuming task that you want to run only outside of business hours. What are the event logs of the specific client devices are saying? Check out the events in the client or administration server reports, please. Cheers, Leon

Okay, das wusste ich nicht. Bin mal gespannt, ob ich die gleiche Antwort bekomme ^^ Bedeutet, du hast nicht wirklich eine zufriedenstellende Antwort bekommen und das Problem besteht weiterhin?

Hi @ramrod Soweit ich weiß, ist dies aktuell nicht möglich. Sicherheitshalber habe ich einen Incident bei MyKaspersky für dich eröffnet und halte dich hier up2date (INC000011355540). Liebe Grüße, Intrusus

@mountaindancer das freut mich! Markiere bitte den entsprechenden Post als “Best Answer”, dann gilt der Thread als closed und andere Nutzer sehen direkt die Lösung 😉

Hi, I want to get knowledge about the future of the KSWS product. Is there a new version planned here (KSWS 11) and if so, will it or also KSWS 10.x be integrated into KSC 12 and KSC CloudConsole? In general we only use KSWS (and not KES) for server protection and we have many customers who also use this protection. Since many of them are migrating to cloud management and KSWS support is neither available for the current WebConsole nor announced for the new Kaspersky Security Center, I wanted to find out about the future of the product. If it is not yet officially allowed to publish information about it, that is okay and understandable. I just have to say that as partner we have to focus on vendors who also offer cloud based server security. KES sometimes does not fulfill the requirements of customers as KSWS does. If any other partner knows more than I do, please let me know. Also officials from Kaspersky Lab are pleased to join the conversation here 😌 Cheers✌

Hi @mountaindancer Sofern Du noch Student bis, verifiziere dich einfach erneut unter https://verify-service.com/kasperskylab/de/verify.html. Ansonsten musst du entweder auf ein gutes Angebot (z.B. Amazon) hoffen, oder in den sauren Apfel beißen. 😁 Grüße

Don’t know if you have meant this but also check out the Moving rules at Device Discovery… sometimes you forget that there are some rules with the option “Rule works permanently” checked and “Move only devices that do not belong to an administration group” unchecked.

Hi @remkovdhoef I think you’ve met all software requirements in advance? Installation of gcc, binutils, glibc, glibc-devel, make, ld, rpcbind Perl interpreter: version 5.10 or higher Cheers, Intrusus