Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mbaerwolff
Participant

Problems after Update to DHS Compliant Version

Since the update of the Anti-Malware Engine, we have had massive problems with various programs. In some cases, .exe files that previously worked without any problems are moved to quarantine. However, this does not affect all clients. The exceptions that we define do not have the desired effect.
Do any of you have the same effects or possible recommended settings?

31 Replies
G_W_Albrecht
Legend Legend
Legend

Have you opened an SR# with CP TAC already ? If exceptions do not work this should be the first step.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
mbaerwolff
Participant

Yes, I have opened a case, but the first recommandation was to deactivate the security settings at the policy. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Did TAC come up with something usefull ? Our TAC case seems to run silently nowhere - also, they did not confirm that it is a known issue...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
mbaerwolff
Participant

No, currently not. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

After Update to client version 88.50, the issue seems to be resolved now !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

I saw someone mention they had issue with forensic service confuming high CPU, but yes, I would definitely contact TAC about the issue.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Sorry, but this is off topic - the issue is with non-Kaspersky  AV/AM engine, not forensics....

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Not really off topic, as issue happened AFTER update to DHS compliant version...

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You did not write that...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Haha...never mind mate, I was more referring to an issue with DHS compliant version.

Cheers,

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Forensics is the reason for 80% of our customers EPS tickets with CP...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

My colleague was telling me it happened with only 3 users so far out of 300+, so its not that bad at all, thats 1%. 

0 Kudos
JonnyRabinowitz
Employee
Employee

If you look at under "Logs" tab for the forensic log entries for these detections, what is in the "Protection Type" field? 

Want to confirm specifically what is making the detections

0 Kudos
mbaerwolff
Participant

For one application I see URL Reputation - Forensics. However, the log message goes on to say which applications have been moved to quarantine.
No log entries are created for other applications although the program freezes and crashes.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

One of our partners customer also is experiencing this issue - RDS server after upgrade to DoC compliant version E88.32 has EPS client crashing 32 times in 2 days !SR# is open with TAC now.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Ouch...mind sharing exact reason for the crash? MY colleague told me one of our customers also has same problem on few machines, but I did not inquire further.

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

The update did it - worked OK before. First solution attempt from TAC is to completely uninstall and re-install the client...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
Legend
Legend

Thats usually first step, sometimes it does work...

0 Kudos
Wolfgang
Authority
Authority

@G_W_Albrecht does uninstall and reinstall solved the problems  ? We are facing more and more problems with other customers after changing to DoC compliant version.

0 Kudos
the_rock
Legend
Legend

I will ask one of my colleagues about it as well.

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would appreciate if someone tries that ! The RDS with the issue is in production and has over 60 users, so any change is only hard to do and has to be allowed by the customer. I would appreciate if this could be replicated by CP in Lab ! Last solution attempt was to update BIOS and all driver on the server, which is hard to do in a Hyper-V VM 😎 So i have now escalated the case.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Glenn_azm
Explorer

We are still seeing issues with our RDS servers, even on E88.60. We are using FSLogix in our environment so maybe it has something to do with that. 

I'm actually getting really fed up with the Harmony endpoint protection software as a whole... 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

After Update to client version 88.50, the issue seems to be resolved !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Gojira
Collaborator
Collaborator

Im upgrading a fleet of roughly 600 endpoints tomorrow, now i'm panicking reading this thread.

Would the recommendation be to go directly to 88.50?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Yes, CP gave the recommendation to use this version as the process crashing issue is resolved here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Alex-
Leader Leader
Leader

Is this for older installations which were then upgraded to E2 or new ones also?

We have a few implementations with EPMaaS which were set from the beginning to EU/DHS compliant in the initial setup, running the recommended version and no big issues reported so far. The difference we see is the "DHS Compliant" label next the version, in the drop-down when choosing the version in the deployment options.

0 Kudos
RS_Daniel
Advisor

Hello,

You should absolutly manage this upgrade very carefully. We had many problems after upgrade to E88.32 and many SR's with TAC without progress. I would recommend you test E88.50 or E88.60 in a few machines for some days, and after you are sure it works ok do the massive change. We did that but only with IT machines and was not enough, normal users had different problems, so if you can, include machines from different areas on the test stage.

Regards

Gojira
Collaborator
Collaborator

Thanks All,

I had a few POC machines in 88.32 which didnt have complaints.


I did the massive upgrade to 88.50 and no complaints either! (for now :D)

 

So all looks good so far.

Thanks all

0 Kudos
G_W_Albrecht
Legend Legend
Legend

That is the right way to do that 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events