-
Posts
128 -
Joined
-
Last visited
Everything posted by MilanBortel
-
Hi @ealnajjar, I must say that I don’t understand your issue completely..? Current versions are: KSC/Network Agent: 12.2.0.4376 (12.2) KES: 11.5.0.590Where are you getting the error? It’s always better to attach printscreen, so we know better what’s happening :) Cheers, Milan
-
Hi @K1029, are you using full disk encryption (BitLocker) on that server? If not, you can always boot the host from removable drive (e.g. WIN10 or Linux) and get access to original C:\ drive. And I’m thinking about changing registry entries, so Kaspersky won’t automatically run on computer start.. This is the location of services in Windows registry: Windows registry → KAVFSHere you can find the Start settings: KAVFS → StartAs you can see, the default value is 2 (to start Automatically), but you want to change it to Manual): Start optionsLet us know if it helped 🤓 Cheers, Milan
-
Hi @itcurves, yes, just as I thought - whenever you see a folder path containing “Cache” I wouldn’t worry and remove content from that folder (keep the folder itself!). If files are held by OS, you’ll be prompted.. Cache folderLast two items are located in servicing\LCU: servicing folderFor more details on LCU folder please follow https://social.technet.microsoft.com/Forums/en-US/be35a9ee-a610-4fdc-bb6c-50b9f458d19a/huge-lcufolder-after-latest-cumulative-update-on-windows-10-1809?forum=win10itprosetup Hope it helps 🤓 Cheers, Milan
-
Security for Windows Server
MilanBortel replied to Aaron Lopéz's topic in Kaspersky Endpoint Security for Business
Hi @Aaron Lopéz, if I understand well, you want to learn more about installation results? I would first go to installation task result - you can always see which computers has the installation successful and if there are any other problems .. Then you can connect to problematic host (with Network Agent installed) and go through event logs for details: Remote diagnosticsConnecting to host: KSC 12 Remote Diagnostics UtilityDownload event logs: How to download event logLet us know, if it helped 🤔 Cheers, Milan -
Unreachable clients
MilanBortel replied to FC Sistemi's topic in Kaspersky Endpoint Security for Business
Hi @FC Sistemi, it is really weird. With the same Network Agent installation some hosts are connecting and some are not? Did the Network Installation task completed successfully on such hosts? Can you share printscreen of Network Agent klcsngtgui.exe from one such host? Network Agent → klcsngtgui.exeI’m afraid you will need to reinstall Network Agent with fresh package once more 😱 Cheers, Milan -
Hi @kemuda, this is very tricky.. AV product needs to decide whether the process responsible for renaming is legitimate or malicious. I’ve tried it also with my own programmed “ransomware” and Kaspersky didn’t block it. My ransomware was using standard aescrypt binary for encrypting the files.. so I guess Kaspersky took it as a legitimate action 🤔 From admin perspective, I’d harden the policies: change basic settings of Host Intrusion Prevention: KES policy → Host Intrusion PreventionI’d disable to automatically trust apps with digital signature and move unknown apps to Untrusted category then you can protect your resources with updated Host Intrusion Prevention settings (follow article https://support.kaspersky.com/10905#block3). It is described on KES version 10, but it is the same in 11 :) Only the Application Privilege Control has been renamed into Host Intrusion Prevention 🤓 Let us know of result! Cheers, Milan
-
use Kaspersky as DLP
MilanBortel replied to aseman.ab's topic in Kaspersky Endpoint Security for Business
Hi @aseman.ab, I’m afraid not. There’s no file operations logging on file shares, AFAIK.. Cheers, Milan PS: you can select one of my answers as “best answer” 🤓 -
use Kaspersky as DLP
MilanBortel replied to aseman.ab's topic in Kaspersky Endpoint Security for Business
Hi @aseman.ab, see Google SMTP settings at https://support.google.com/mail/answer/7126229?hl=en Cheers, Milan -
Unreachable clients
MilanBortel replied to FC Sistemi's topic in Kaspersky Endpoint Security for Business
Hi @FC Sistemi, from what I can see, there is problem with KSC certificate, although it is available.. I’d recommend to manually set the connection for Network Agent on affected host using klmover utility (see https://support.kaspersky.com/KSC/SP3/en-US/3911.htm). Current KSC certificate is available in C:\ProgramData\KasperskyLab\adminkit\1093\cert folder. Let us know if it helped 😇 Bye, Milan -
Unreachable clients
MilanBortel replied to FC Sistemi's topic in Kaspersky Endpoint Security for Business
Hi @FC Sistemi, I’d recommend standard steps: Can you ping the host? Is the Network Agent service running on host? Network Agent service Running What are the connection settings in Network Agent installation package? Is it IP/DNS? Network Agent installation package properties → Connection From one such host, run the klnagchk utility "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagchk.exe" to see what might be the problem when connecting to KSC: klnagchk utilityYou can share the printscreens here 🤠 Cheers, Milan -
use Kaspersky as DLP
MilanBortel replied to aseman.ab's topic in Kaspersky Endpoint Security for Business
What do you mean by “where I create this report”? I was describing the event selections. You find those in the main screen of KSC console.. There is button Create a selection, then you go to Selection properties. -
Printing and scanning issue on network printer
MilanBortel replied to faz's topic in Kaspersky Endpoint Security for Business
Hi @faz, I’d recommend to first put the network printer IP as trusted: KES Policy/General Settings/Network settings → Trusted addressesCan you check if it helped? If not, there are other possible ways how to help, don’t worry 🤓 Cheers, Milan -
use Kaspersky as DLP
MilanBortel replied to aseman.ab's topic in Kaspersky Endpoint Security for Business
Hi @aseman.ab, first, you need to update Notification settings in your KES policy: General Settings/Interface → NotificationsAfter that, you can see these events in KSC console main window: Administration Server → EventsYou can prepare your own selection for such events: New event selection/Properies → Events → File operation performedCheers, Milan -
use Kaspersky as DLP
MilanBortel replied to aseman.ab's topic in Kaspersky Endpoint Security for Business
Hi @aseman.ab, you can use Device Control feature with basic Select license. And when defining rules for Removable drives, you can turn on logging: Device Control → Removable drivesCheers, Milan -
Hi @marafado88, and how did you create that installation package? In my experience, it might happen due to incomplete setup - most likely the command line might be missing (EULA, silent installation).. When you start the installation, it might get stuck in installation wizard, waiting for user interaction, you get it? 🤓 So, for example: PF6076 installation packageAnd this is the commandline: Installation Settings → command line Maybe you can share printscreen of that installation package properties/settings. Cheers, Milan
-
KSC 12 Clean WSUS Table
MilanBortel replied to m.cavazzini's topic in Kaspersky Endpoint Security for Business
Yep, that was my next idea @Cesare - simply go straight to SQL ;) Milan -
KSC 12 Clean WSUS Table
MilanBortel replied to m.cavazzini's topic in Kaspersky Endpoint Security for Business
Hi @m.cavazzini, I think you can do it by cleaning all updates repositories: KSC12: Clear updates repositoryLet me know if it workes 😎 Cheers, Milan -
KES licenses over shwoing
MilanBortel replied to Deadlock4400's topic in Kaspersky Endpoint Security for Business
Hi @Deadlock4400, if you want to delete any device from KSC, first you need to delete it from any managed group (it moves automatically to Unassigned devices folder). From there, you need to delete the device once more. After that, it is eventually deleted from KSC 😇 Cheers, Milan -
KES licenses over shwoing
MilanBortel replied to Deadlock4400's topic in Kaspersky Endpoint Security for Business
Hi @Deadlock4400, in license properties, you can always view assigned devices, so probably you can check here, what’s going on … ? License properites → DevicesCheers, Milan -
Intrusion.Win.CVE-2020-1350.b [MOVED]
MilanBortel replied to dmkasp's topic in Kaspersky Endpoint Security for Business
Hi @dmkasp, from what I know, you can only set that “attacker” as an exception in Network Threat Protection component: Network Threat Protection But then the server would not be protected from any possible attack coming from that excluded device 😒 Cheers, Milan