![kaseya agent procedure log kaseya agent procedure log](https://us.v-cdn.net/6032361/uploads/migrated/AY492MQZ0FZ6/mceclip0.png)
- Kaseya agent procedure log how to#
- Kaseya agent procedure log install#
- Kaseya agent procedure log Patch#
- Kaseya agent procedure log windows#
We recommend that you re-run this procedure to better determine if the system was compromised by REvil.
![kaseya agent procedure log kaseya agent procedure log](https://helpdesk.kaseya.com/hc/article_attachments/115002833691/Screenshot.png)
The latest version searches for the indicators of compromise, data encryption, and the REvil ransom note. This tool analyzes a system (either VSA server or managed endpoint) and determines whether any indicators of compromise (IoC) are present.
Kaseya agent procedure log Patch#
We will provide you details for obtaining the patch prior to the release.ĭo not start up your VSA Application until this VSA patch has been applied!
Kaseya agent procedure log install#
Now that you have completed these steps, you are ready to install the patch when released. The next step is to install the latest VSA Patch This script will be posted prior to the patch release, stay tuned for updates!
Kaseya agent procedure log how to#
We will provide you with a script/instructions on how to clear any pending VSA scripts/jobs that accumulated since the shutdown to run prior to installing the patch and restarting your VSA. Please ensure you send us all the information requested above as it is necessary for the FireEye agent to function properly. Once Kaseya receives your email, our teams will contact FireEye to have the agents provisioned, and will then reach out to you with instructions, and a link to the installer. VSA Agent Port (By default it is 5721, please provide your port number if you changed this) Your Domain Name (for example, )Įgress (External) IP Address (Please use this URL on the server itself to confirm your gateway IP - ) Please provide this information for both servers. If you have a split server configuration, you will need to install FireEye on both the Web Server and the SQL server. VSA Device Role (Web Server or Database Server) Your Mobile Number (only to contact you in case the information is not complete) To initiate this process, please send an email to and be sure to include the following information: Kaseya is providing complimentary licenses of FireEye Endpoint Security agents for each customer’s VSA Server(s). Once this is completed, you should expect the following:Īccess to your VSA UI will only be allowed by the IP addresses on your corporate LAN.Įxternal access to the UI should ONLY be allowed via VPN.įor more details about configuring URL Rewrite manually, please refer to the following. Please follow the instructions available via the link. There is a tool available for download, which helps automate this configuration process. The purpose of this step is to control access to your VSA server and only allow the necessary access to the system User Interface (UI). Step 4 – Using URL Rewrite to control access to VSA through IIS
Kaseya agent procedure log windows#
Please ensure no Windows or SQL patches remain outstanding. This process might require a few reboots, depending on how many outstanding patches there are. This page tells you about the latest available patch for the product you use: Please verify that your SQL server is on the latest available patch. Before doing so please double check that the Kaseya Edge Services service is still disabled.Īpply the latest Microsoft patches to both the Windows operating system and SQL server. Step 3 – Patching the Operating Systems of the VSA Serversįor the following steps we require internet access, so if your machine is completely isolated from the internet, please restore “ Outbound” internet connectivity now. We will be happy to assist you.įor information about the detection tool, see the appendix below. If, at this point, you are unsure about the results received, please contact our support team at, or send an email to. Please ensure you follow the directions available via the link. If you have not already run this tool, it can be downloaded from. Please make sure you have run the “Compromise Detection Tool” on your VSA server. Step 2 – Check your System for Indicators of Compromise (IOC) In order to disable Kaseya network communication, please stop the Kaseya Edge Services service and set it to Disabled. Keeping this enabled will allow you to RDP into the virtual machine (VM) and perform the next steps without exposing the VM to the internet. For example, port 3389 is the standard port for RDP. Leave only the ports enabled, which provide you access to the device. You should deselect/disable ports 80/443/5721 (or any other non-default Kaseya port you might have used). If you host your server in AWS we recommend that you check the NIC network security group and the public inbound ports assigned to the application server. Booting it up in Safe Mode could be one way to achieve that. There are several ways to do this depending on your specific case. Before powering on the VSA server, please ensure that you isolate it from inbound and outbound traffic and segregate it from your main network. Step 1 – Ensure your VSA server is isolatedĭepending on where and how you host your VSA server, this process will vary between platforms.