Unique client ID

[Drew]

I have a client who had a laptop stolen a few months ago. The laptop was never removed from KSC.

 

Afew days ago the laptop connected to KSC. My client is convinced that the stolen laptop was not the PC that connected to KSC, but in fact it was one of the other PC’s in the organization, and that  KSC incorrectly identified it through a bad or incorrect DNS entry.

 

How can I prove that it was definitely the stolen laptop that connected to KSE?

Version: 10.5.1781

 

Thanks Drew

[Nikolay Arinchev]

Hi,

You can only figure it out using some indirect data - OS version, set of installed software, computer name and so on.

There is another way,which is more precise, but you need to run klnagchk utility at stolen laptop to get it`s host ID.

[Drew]

Hi,

 

Thanks for the reply, but as mentioned the laptop has been stolen so we cant run the utility on it.

 

The laptop connected to the network via VPN as mentioned the client is convinced that KSC has incorrectly identified the laptop and that it was not the stolen one.

 

There mus surely be some unique key that the network agent uses when it connects to KSC?

 

Regards,

 

[Nikolay Arinchev]

It sure is.

You can get it from KSC DB using C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center\klakdb.chm file

But you need to run klnagchk utility at stolen laptop to get the ID from the host to compare both.

 

[Drew]

Hi

 

Thanks this information is really useful!

 

Can you please confirm one more thing for me? If KSC says that a device was on line did it “see” the device ID? ie. was there communication between the network agent and KSC and the device ID was checked.

 

Or is there a possibility that KSC marks the device on line if it can resolve its host name only?

 

Regards,