Kaseya Community

How "Real Time" is KES

  • I just started to do a bit of testing with KES and one of the standard things that I do is create a test virus (see code below)

    All one has to do is save this string in a file (.txt or .com) and it should pick it up right away. Maybe it was in the configuration but KES did not pick up the file until a scan was started (scheduled or otherwise).

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 


    Again it could have been the way it was set up (just the standard install package with no settings changed).

    Any insite to setup for real-time protection?

    Edit: read more on the test virus

    Legacy Forum Name: How "Real Time" is KES,
    Legacy Posted By Username: thirteentwenty
  • I have tested this myself and while the AVG system itself seemed to report a little slow, it did stop the virus.

    I would check your settings. Downloading the eicar.com virus to one of my server wouldn't allow me to save the file. It gives a 'file cannot be found' error message. My assumption, it was detected as a virus and moved to the virus vault. I manually checked the virus vault and it wasn't there (however, it did show up that night I believe, it is reported in Kaseya and the virus vault now).

    I was able to create a .txt with the code in it. It was not detected as we don't scan for .txt files. Once I renamed the extension to .com it was unreadable but the file was still there which was kind of concerning. I was then able to rename the extension back to .txt and read the file.

    I asked support about notifications and I guess if you hide the AVG systray icon, you will not see any notifications. If you show the AVG systray, you will see notifications (as long as you are on KES 2.1). I have not tested this yet.

    Legacy Forum Name: KES,
    Legacy Posted By Username: GDRBrian
  • If I go to the http://www.eicar.org/anti_virus_test_file.htm website, and click the eicar.com file, and try to save on my desktop, I got a popup error message "'file cannot be found' , and an immediate 1" x 3" popup AVG message fore Threat Detected from the system tray.

    Lloyd

    Legacy Forum Name: KES,
    Legacy Posted By Username: lwolf
  • lwolf
    If I go to the http://www.eicar.org/anti_virus_test_file.htm website, and click the eicar.com file, and try to save on my desktop, I got a popup error message "'file cannot be found' , and an immediate 1" x 3" popup AVG message fore Threat Detected from the system tray.

    Lloyd


    Are you displaying the AVG icon in the system tray?

    Legacy Forum Name: KES,
    Legacy Posted By Username: GDRBrian
  • Interesting, I guess I'll have to tweak my settings a bit more. Would either of you care to share some configs so I'd have a better starting point than the standard, or is the standard a "good enough" starting point that I can go from there.

    @DGRBrian: Just out of curiosity, did you try different extentions other than the COM and TXT... It's a bit ummm, "old school" but what about a JPG file.

    Legacy Forum Name: KES,
    Legacy Posted By Username: thirteentwenty
  • Yes, We are displaying the AVG icon in the system tray.

    My settings for System Tray Notifications are as follows:
    CHECKED -> Display system tray notifications

    unchecked -> Display tray notifications about update
    CHECKED -> Display tray notifications about scanning
    CHECKED -> Display Resident Shield related tray notifications (automatic action)
    unchecked -> Display components state change notification
    unchecked -> Display Email Scanner related notifications

    Hope this helps!

    Lloyd

    Legacy Forum Name: KES,
    Legacy Posted By Username: lwolf