xpreme
-
Posts
64 -
Joined
-
Last visited
Posts posted by xpreme
-
-
Hi,
I am going to install Network Agent MSI file on clients using GPO in Active Directory. Can I also automate deployment of KES on clients? For instance, every client on which Network Agent has been installed goes to a special group in KSC, then KES starts being installed on those clients automatically.
Thanks in advance
-
Dear @ElvinE5
Thank you so much for your all-time help. I was looking for such tricky thing. I will do it. I really appreciate your help.
-
Hi.
In my network, I have to change IP of KSC server. What should I take into account before? I'd prefer not to use KLMOVER on all clients after change. Can I figure this out?
Thanks
-
Dear @ElvinE5
I really appreciate your all time support and great and complete answers. Thank you so much
-
Hi,
I need to block a file using its MD5 hash. It is not an installed application. It is only a file. Is it possible to block it using MD5 hash or I have to inform Kaspersky about it? Thanks in advance.
-
Thanks @ElvinE5 for your usual support.
Thanks @Joerg Lechea for your reply.
-
Thanks for youe support. As a matter of fact, events are exported while setting on Syslog server but it does not work when choosing Splunk format. Then I checked Kaspersky event in Windows event viewer. I found some errors regarding export failure due to limited functionality mode. So, I guessed it is somthing related to license.
Thanks
-
Hi,
Good day. Does this feature require a special license? I am now using a Select license.
Thanks
-
-
Dear @ElvinE5
Thanks for your all time support. It was straightforward and cool. I checked some events to be exported to Syslog server. I am waiting for the result.
Thanks
-
Dear friends,
Good day. I have configured "Export to SIEM system" on my administration server (Automatically export... was checked as well). But nothing is exported to the syslog server. However, as I enable syslog export on KSWS policy (for servers) it sends data to syslog server (per server) successfully. But I need to send Kaspersky Security Center events to syslog server. Would it be possible? By the way, Kaspersky server has access to syslog server on port 514 UDP and TCP.
Thanks in advance
-
Thanks for your reply. However, this is not what I am looking for. It seems somehow a bug here.
-
Hi @ElvinE5
Thanks for your reply. Actually, when I re-specify the KLSHARE in my Windows, it works fine in terms of copying update files. But when I create a new stand-alone package, it will be stored in the former KLSHARE (defualt by Kaspersky) directory.
-
Hi,
I have just installed KSC 14.2. Now, I want to change the KLSHARE destination. To do so, I have removed the default KLSHARE folder in windows shared folders on Computer Management console. Then I created a new KLSHARE folder pointing to another destination. But, now, when I create a stand-alone installer package it goes to the former destination in C:\ProgramData\... again. What should I do now? Thanks a lot for your tips.
-
Thank yo so much for your usual help.
-
Dears,
Is it possible to pause, disable or stop KSWS on windows server side not the KSC side?
Thanks for your help
-
Dears,
I am checking Audit logs in event viewer on my KSC windows server. I have found some logon events (ID 4624) which are based ont NTLM. Does it happen normally from clients to the KSC server or it can be unauthorized access? Here is the event details:
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0Logon Information:
Logon Type: 3
Restricted Admin Mode: -
Virtual Account: No
Elevated Token: NoImpersonation Level: Impersonation
New Logon:
Security ID: "a user in our domain" (I have sealed it)
Account Name: "the username"
Account Domain: "our domain"
Logon ID: 0x19565D21
Linked Logon ID: 0x0
Network Account Name: -
Network Account Domain: -
Logon GUID: {00000000-0000-0000-0000-000000000000}Process Information:
Process ID: 0x0
Process Name: -Network Information:
Workstation Name: "client's computer name"
Source Network Address: "client's IP"
Source Port: 63675Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V2
Key Length: 128Thanks in advance
-
Hi @ElvinE5
I really appreciate your detailed answer and complete instructions. It is possible to do such thing in Windows Firewall, however since Windows firewall is being managed by Kaspersky app, I won't be able to use it. I will check your instructions as well.
Thank you so much again
-
Dears,
I have a specific application on some devices which their access to the internet must be blocked. I tried configuring application rules on Firewall in Kaspersky Security Center (KES policy). However I cannot find it on application rule window. How can it be done actually? Can I define an application manually to block its access to the internet?
Your help is highly appreciated
-
Thanks for your detailed answer @ElvinE5
-
Thanks for your reply.
Infact, we have some users which leave the office for several days occasionally. I want to keep them out of my main managed devices in order not to have lots of devices in Critical status (because of not being connected). While creating periodic reports, active devices need to be taken into account in our company.
-
Dears,
Is it possible to create a rule in KSC in such a way the computers which have not been visible for more than 1 week move to a specific group automatically?
Thanks in advance
-
-
Hi,
Based on the article "https://support.kaspersky.com/KSC/14.2/en-US/183040.htm", Network Agents send requests to each other within one broadcasting domain. Why does such flow happen? Is it necessary or required?
Thanks for your help
Automating KES deployment
in Kaspersky Security Center
Posted
Hi @THask
Thank you so much for your help. I will check these steps.