04-06-2017 07:47 AM - edited 04-06-2017 07:51 AM
Hi,
I found out that the Antivirus Team update our Kaspersky Antivirus and added a Network Attack Blocker module,
The logs show that it capture some comunication with our service account.
Does anyone know if this can break in any way the Enterprise Vault?
04-06-2017 01:06 PM
Hi Tonaco,
Sadly there's no "official" or "documented" answer to that question, however my bet would be yes - EV's had a very torrid history with AV in general. EV loves to do its work in the temp directory, and most AV software loves to seize anything it thinks is suspicious in the temp directory (along with lots of other directories I won't list for brevity). For good measure, I searched our internal docs and case history; nothing about your description was yielded.
That said, if your AV is making mention of your VSA in the same line as "network attack detected," I'd wager the AV app is going to stop something it's doing sooner or later.
I'm sure you already have the proper exclusions in place and are familiar with this article, but just in case, here's a link to the EV exclusions for AV: https://www.veritas.com/support/en_US/article.000032085. Ensure Kaspersky is following that, of course.
But since you're talking about a new addition to Kaspersky, you'd kind of just have to wait and see. If things start going wrong, I'd open an EV support case and make mention of exactly what you said here. Those types of cases have led to many of EV's fixes and code updates to work in a manner that's considerably friendly with as many AV products as we can. So don't hesitate if you start getting fires while already having the proper exclusions in place, it might be something support needs to be made aware of. Or it could be nothing; again just wait and see.