Folks, some more info on WannaCry ransomware attack is in this Securelist article.
In short: PATCH the vulnerability, enable/check settings of your security solutions (e.g. those who use Kaspersky - please check System Watcher & Anti-Cryptor settings), scan your machines' critical areas.
We have an small client with 6 users. They use 6 computers (Latitude E7470 Windows 10 Professional)
They have Kaspersky Antivirus 2016, expiring in September.
I'm trying to purchase 2 boxes of 3 licences each for renewing the AV.
I have some confussion because I found this 2 similar products:
Kaspersky Antivirus 2017 3 users
Kaspersky Antivirus 2017 3 devices
Question 1: what's the difference?
Question 2: I found a promo, special price for a box of Kaspersky 2015 Antivirus, 10 users. Can I purchase the 2015 version and use the license to renew the 2016 AV? Can I renew my 2016 license with the 2015 BOX and update to 2017 for free?
https://www.cyberscoop.com/fbi-kaspersky-private-sector-briefings-yarovaya-laws/
Looks like the FBI is pushing the private sector to abandon Kaspersky. What's your opinion on this, do you think the product has been compromised?
Hi,
We have KSC10 running and around 790 clients and 10 servers have Kaspersky installed. We had some performance issues on some clients setting everything up, but Kaspersky is running pretty good now and we are mostly happy with it. We still have some critical clients, but we are slowly working through those errors.
Just one thing is driving me completely nuts:
All statistics in KSC10 suddenly jump 150 clients up and just as suddenly down again. How is this possible?
graph_07-38-38.png
And one minute later:
graph_07-49-31.png
And 16 seconds later it suddenly looks like this:
graph_07-49-47.png
Searching the administered computers also gives different results:
small_search.png
big_search.png
This problem isn't too bad for us, but I don't really trust the reporting of Kaspersky anymore...
Kaspersky searches the AD for computers every 60 minutes.
Do...
A former admin had encrypted a couple end-user drives using Kaspersky Endpoint Security 10. At some point he switched A/V over to Eset, and there is no sign of Kaspersky Security Center 10 running on any systems here. Is there any way to decrypt these 2 drives without the original administration console that was used to encrypt them?
It's political and sensitive but now my Bosses are asking about Kaspersky on our servers.
When Kaspersky 10.3.0.6294 clients with agent 10.4.343 indicate on the task bar that they need a reboot are not being marked as in need of reboot on the KSC 10.4.343 console or on reports generated from the console.
Has anyone else seen this or know of a fix?
I suspect it's limited to agent version or KES version as I have seen reboot notations for other agent or application versions.
We have recently just started blocking USB storage devices around my company for PCI compliance. There are a few items we do want to white list through the block so we have used the device control portion of our Kaspersky Endpoint Security / Security Center software to white list a USB dongle for our meeting room and a few other select devices.
Today I discovered one of our users has an Unauthorized portable hard drive that appears to still work. Upon investigation it shows up in the Disk Drives section of device manager in Windows 7 and not under Portable Devices. How can I block such a device and stop everyone else from doing this same thing to circumvent the system? I do not want the possibility of similar devices being able to be accessed or written to.
Below I have added a screenshot of device manager showing my actual...
Kaspersky Endpoint Security 10 Windows.
We put already the path to folders of Kace agent C:\Program Files (x86)\Dell\KACE in the Exclusion but Kaspersky Application Privilege Control continue to block the deployement of applications patches of Kace
Below the logs of Kaspersky :
Application placed in restricted group $vb1c85.tmp Application placed in group Group of applications Low Restricted Heuristically calculated threat level
27/09/2017 09:14:45 Application placed in the trusted group Patch-Smart™ Bundle Application placed in group Group of applications Trusted KSN service
27/09/2017 09:14:48 Application Privilege Control rule triggered Patch-Smart™ Bundle Blocked: Xls Create File C:\WINDOWS\TEMP\7ZS4E6D.TMP\ ACTIVITIES.XML Xls
Hi Guys,
We have moved devices running windows 10 from the old Administration Server to the new one using the task "change the administration server" as default provided by kaspersky.
We have assigned the new devices to groups, then we have create full virus scan task and linked to the groups, once the task starts it just applies to a few computers on selected group instead all them.
If we create the task selecting "managed devices" instead groups and try to run it will works perfectly.
Can anyone advise on the issue?
Many Thanks,
Eduardo.
I have never used Kaspersky and never will. I try my best not to use software that comes from a country such as Russia (since putin came to power). Does this make me smart? No, just cautious.
"It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.
What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies."
How Israel Caught Russian Hackers Scouring the World for U.S. Secrets
...
Hi, actually my PC does not use kaspersky antivirus, but every time I insert a USB stick kaspersky internet secuiry will be there, and he does not run on my PC. after the direct delete, it will come back on usb, how to remove it.
I am getting error while performing task " Perform Windows update sync"
Assertion "nSize && nSize < 100*1024*1024" failed
Hello Experts,
I am System admin and using Kaspersky security centre 10 for endpoint protection and Remote Desktop sharing. Suddenly my manager ask to find best alternative for that.
Please advice me any sort of Antivirus which can managed centrally and which has remote desktop sharing feature built in it.
Thanks
HI Guys,
We’ve got an ongoing issue at the moment, and wonder if you can assist us please.
We’ve had a couple of laptops, all running the same software packages
When opening a saved Excel file or Word/Powerpoint, and then attempting to edit it and re-save, Excel hangs and then produces a “Sharing Violation” error.
This error does not occur if a fresh new file is opened and then saved, but any opening and editing thereafter produces the above mentioned error.
We’ve been in contact with Exertis with regards to support, and have followed they’re advice. We’ve added All Excel/Office applications to the Kaspersky exclusion zone, to no affect.
The only way we can prevent this error from appearing, is to forcefully remove Kaspersky. (Simply disabling the policies and software doesn’t prevent the...
Hello,
I'm looking into using Kaspersky for our MDM service. Is there any way to manage mobile data usage for our devices? Some of the things I would like to do is send alerts when a user hits a certain amount of GBs per month, pause data usage if they hit another threshold, etc.
Thanks!
Good day everyone
On the Admin server... my updates haven't worked in a week or so now.. so, digging into the problem, it's 'timing out' it says. When I go in and run the updates engine in the Admin panel (server) here's what it looks like:
Connects to the update server, gets to 35%.. then 'times out'.. and flips to a different server, and again... you get the idea. This is a week or so, so I'm not blaming the update servers at this point..
I've made no changes to the update server or console in months, and my firewall is set to allow traffic to the update servers. The Admin server has been rebooted.. and everything seems fine, all services are working. The a/v otherwise works, but is not updating the definitions at this point.
Suggestions?
Our engineers received this info from Kaspersky and I wanted to share it in case you haven’t seen it yet, here’s the full article: https://www.kaspersky.com/blog/two-severe-vulnerabilities-found-in-intels-hardware/20620/
“As operating system vendors rushed to patch Meltdown, they published security updates on January 3 that turned out to be incompatible with a lot of security solutions, causing either some features of those solutions not to work properly or OS freezes and reboots.
Good news: Both business and consumer solutions from Kaspersky Lab are fully compatible with this update. Microsoft delivers the update only if the system is flagged as ready, and from our side, the readiness flag has been included in the updates that were delivered on December 28, 2017. If your antivirus databases are up to date, then your computer is...
On Microsoft Exchange Server there is Kaspersky Endpoint is installed but the Microsoft Exchange Server provider is saying with urgent basis is given below -
MS exchange server vendor are saying -
We have analyzed the Exchange Server 01 for high CPU Usage. As per our investigation we found traces of Malware viruses and fileless malware execution along with remote access.
There suggestion to consult with Antivirus vendor about the issue with our findings and protect and remove the threads.
Attached images can be found on attachments:
· Remote Service installed as AMMY service,
· Remote File Execution,
· Remote Script Execution
· Mics Script Execution
· Untrusted file registered as Service
These all should be blocked by your antivirus solutions.
From those screenshots, are those really fileless...
