Theme

Welcome · log in · join

Search similar:

Forums → Software and Operating Systems →

Security → KIS 2016 - The network attack has been blocked

uniqs
7866

« Linux TCP sequencing vulnerability - patch and fix available • Avast keeps popping up on boot »
prev · 1 · 2 · 3 ... 5 · 6 · 7 · 8

vandergraff2 join:2005-10-17	vandergraff2 to Whizard Member 2016-Jul-20 7:51 pm to Whizard Re: KIS 2016 - The network attack has been blocked Latest message I got from Kaspersky support on Monday (18 July) 'Our malware analysts have requested that Wireshark logs and Kaspersky trace logs be gathered simultaneously so that they can further investigate the issue.' They have had both in the past (but not gathered simultaneously) - if I get an attack report with both running I'll send it to them. There have been a number of possible suggestions from them as to what is going on but no definitive statement that the issue is a false report and can be safely ignored.
	· actions · 2016-Jul-20 7:51 pm ·
vandergraff2	vandergraff2 Member 2016-Aug-17 3:06 am OK it looks like this is finally resolved. After the message above Kaspersky support asked if I could capture Kaspersky logs and run klpacketdumper to generate pcap files during an attack. I asked what klpacketdumper would capture that wireshark couldn't Here is their response. ------------- Thank you for the new reports. Good news! The issue was located with the new reports and will be fixed in one of the upcoming product updates (probably as a patch). We can confirm that it is false alarm and can be safely ignored. "What is klpacketdumper capturing in pcap file that Wireshark couldn't capture in a pcap file?" This utility collects some additional info regarding our traffic interceptor driver for more detailed analysis. -------------- They also gave me a free license code for KIS for one year 3 computers. Happy to move on from this. It has been a bit disconcerting to get these frequent attack reports from South American IP addresses
	· actions · 2016-Aug-17 3:06 am ·
norwegian Premium Member join:2005-02-15 Outback	norwegian Premium Member 2016-Aug-17 5:40 am Glad to hear it is a false positive. It isn't easy to trouble shoot sometimes and working with a software company to find something they themselves can't is quite often rewarding knowing you have actively helped. Loved beta testing for that reason and still would be if it wasn't for personal changes.
	· actions · 2016-Aug-17 5:40 am ·
HELLFIRE MVM join:2009-11-25	HELLFIRE to vandergraff2 MVM 2016-Aug-17 11:39 am to vandergraff2 Thanks for the update, and glad it was indeed a false positive. said by vandergraff2: This utility collects some additional info regarding our traffic interceptor driver for more detailed analysis. Hmm, taking a stab sounds like it operates at a higher layer of the OSI stack than wireshark.... but that's speculation on my part. Regards
	· actions · 2016-Aug-17 11:39 am ·

tlbepson Premium Member join:2002-02-09 dc metro	tlbepson to vandergraff2 Premium Member 2016-Aug-17 5:48 pm to vandergraff2 So glad this has been figured out. I have followed this thread--much of which is over my head but I found it interesting--and I'm glad you continued to pursue it.
	· actions · 2016-Aug-17 5:48 pm ·

Forums → Software and Operating Systems → Security	« Linux TCP sequencing vulnerability - patch and fix available • Avast keeps popping up on boot »
prev · 1 · 2 · 3 ... 5 · 6 · 7 · 8