Not a question, but a finding:
Shortly after upgrading to Kaspersky Endpoint Protection 8, I began to have problems with seemingly random workstations in my domain losing their connection to one or the other of my Windows Server 2008 R2 boxes. Some of the workstations were XP SP3, some Win 7--both OS's were affected. The break in connectivity went both ways--the server could not see the workstation and vice-versa. Occasionally if I waited about an hour the workstation would re-establish its connection spontaneously, but usually I had to change the workstation's IP address. Doing so consistently restored the connection. Release and renew for workstations using DHCP did not work because they always got the same IP address again--the address had to change to restore the connection. After an exhaustive and exhausting process of trial and error to determine the cause of this problem (I did not initially make the connection between the Endpoint Protection upgrade and this issue), I finally determined that the Network Attack Blocker component was causing this issue. I disabled that component throughout my deployment, and have not had any connectivity drops in the three months that I've had that component disabled. I also had one instance when after re-enabling Network Attack Blocker I had a workstation lose its connection to one of the servers, and after disabling Network Attack Blocker again, the workstation which had lost its connection almost immediately re-established the connection on its own. So, if you're having this problem, and are using Kaspersky Endpoint Protection 8, consider disabling the Network Attack Blocker component.
Windows Server 2008 R2, Windows 7, Windows XP, Kaspersky Endpoint Security
January 30, 2013 9:58 PM
January 31, 2013 1:58 PM