Kaseya Community

R8 Agents asking for screenshots

This question is answered

Since upgrading to R8 any new agent installs are asking permission to take a screenshot. This is happening every 4 hours. Looking in the Procedure Log I'm seeing "Collect Desktop Screenshot-0014" and "Collect Desktop Screenshot-0018" being ran. I think it's running with the Symantec Endpoint Protection script "SEP-Status" but I can't think of any reason it would be asking for a screenshot?

Anyone have any ideas on how to turn off the screenshots?

Verified Answer
  • Hello!

    We experienced this problem, but with Kaseya 6.3. We logged a case with support in the United States and received a timely response. In the end, the issue was resolved by re-applying the schema and hotfixes.

    When we upgraded, it appears the schema was not "refreshed"... this caused the VDA to get confused on the agent procedure/s and/or commands.

    My suggestion is to re-apply the schema and apply hotfixes... also reach out to Kaseya to let them know that this has occurred.... They need to resolve this issue!

    Thanks and have a wonderful weekend!

    Troy Adams

    Baroan Technologies

All Replies
  • We have a native agent procedure step to collect a screenshot -- it definitely seems odd that it would somehow be kicked off by SEP. I can't say I have heard of this before. Are you sure you have the latest version of the SEP module? Have you checked your policy configuration to ensure this isn't something that was inadvertently added to a policy?

  • We upgraded the SEP module when we upgraded to R8 so the install function would work again. We're on v2.5.1.14.

    I just double checked the policy settings. One group that is getting the message has no policies applied and another that does. The only policies that are applied are ones related to patching.

    These are the entries I'm getting in the procedure log.

    10:44:43 am 18-Nov-14 Collect Desktop Screenshot-0018 User did not approve of screenshot! Not proceeding with capture.  

    10:42:43 am 18-Nov-14 Collect Desktop Screenshot-0014 Error! Unable to detect notification/permission setting -- aborting procedure.  

    This history log shows

    SEP Status 10:44:44 am 18-Nov-14 Failed THEN in step 3 (Line 334)

    Copy File - Use Credentials-0003 10:44:44 am 18-Nov-14 Failed in the if step (Line 4)

    Which led me to believe the SEP Status procedure was kicking off the screenshot procedure. (Entries prior to these two are just repeats from 4 hrs prior)

    Will a re-apply schema reload the SEP procedures? or do I need to do an uninstall-reinstall of the SEP module?

  • As a follow up, we have confirmed that this screenshot request is coming from the SEP Status procedure. On clients without SEP installed. On clients without SEP installed there are no requests for screenshots, as soon as SEP is installed, the requests start.

    Does anyone have a contact or support info at Symantec I can talk to about this?

  • This is all I have - community.kaseya.com/.../20610.aspx

  • Sounds like some of the script IDs are overlapping. If you can find out what the SEP Status script is suppose to execute you might be able to fix it.

  • I think is on the right track.  The ID for the SEP Status script is 1350000000.  You could check to see if another script has also been assigned this same ID by looking in the Kaseya database (through SQL Management Studio or whatever tool you prefer) and running the following query:

    SELECT * FROM [ksubscribers].[dbo].[scriptIdTab] where scriptId = 1350000000

    If multiple results are returned, you'll know it's an overlapping script ID.  

    To answer your earlier question, a reapply schema will reload the SEP Status agent procedure, but it will always have the same ID.  If it does turn out to be an overlapping script ID, see if you can change the ID of the other script.

  • Thanks for that SQL query! The SEP Status script is unique, no dup IDs. However in trying trace through what SEP Status is doing I've found that the two procedures that are erroring (Collect Desktop Screenshot) and (Copy File - Use Credentials) have duplicate entries but with different IDs such as:

    447                Collect Desktop Screenshot              NULL NULL 0

    1272175217 Collect Desktop Screenshot-0001 NULL 447        0

    1607296749 Collect Desktop Screenshot-0001 NULL 447        0

    Assuming that the ID is what's being used and not the name it probably doesn't mean anything.

    Is there anyway to see what the SEP Status script is actually doing? Very strange that it's only the agents that have been installed since the upgrade to R8...

  • we have the same exact problem, but it was for another step in an agent procedure. if i recall correctly it was the compress file function... after a lot of run around and excuses from Kaseya Support, it seems that the schema was somehow corrupted and the system script IDs got crossed.

    I would say re-apply the schema a few times and open a ticket with support ASAP so they can help you further...

  • Hello!

    We experienced this problem, but with Kaseya 6.3. We logged a case with support in the United States and received a timely response. In the end, the issue was resolved by re-applying the schema and hotfixes.

    When we upgraded, it appears the schema was not "refreshed"... this caused the VDA to get confused on the agent procedure/s and/or commands.

    My suggestion is to re-apply the schema and apply hotfixes... also reach out to Kaseya to let them know that this has occurred.... They need to resolve this issue!

    Thanks and have a wonderful weekend!

    Troy Adams

    Baroan Technologies

  • Applied hotfixes no change. Reapplied schema, problem gone. Thanks everyone for the help and suggestions!