Kaseya Community

AVG/KES detecting kaseya component as a virus/trojan (KRlyClis.exe)

  • Problem:
    When trying to remote control a machine with KES or AVG installed, you may see a Threat Warning from KES/AVG

    Cause:
    AVG is reporting a false positive in a virus signature. That signature happened to match exactly with one of our remote control EXEs which then blocked that program from being accessed which then blocks remote control. This issue appears to affect all machines running AVG both 7.5 and 8.0. Since KES uses AVG, all customers using KES are also affected. We are working with the AVG virus labs and they are working on an update to the signatures to release within the next couple of hours (VDB version 1770).

    Resolution:
    Grisoft are updating their signatures and will have an update to the signatures within the next couple of hours (VDB version 1770).
    • AVG will release an update to the signature in the next couple of hours
    • AVG will automatically get an update to its signatures and stop detecting the file.
    • You can use the workaround in the short term. In many cases it will fix itself once the signature updates are released.
    • KES automatically schedules updates at a rate of 200 machines / hour once the new update is available.
    Workaround:
    You will need to do the following on any machine you initiate Remote Cntl from: -
    1) disable AVG 'Web Shield' component if its installed
    2) disable Resident Shield OR add the following directories as exceptions: -
    - agent temp directory (e.g. c:\temp)
    - user temp directory (e.g. c:\users\\appdata\local\temp)
    If you have any questions, please contact support.

    Legacy Forum Name: AVG/KES detecting kaseya component as a virus/trojan (KRlyClis.exe),
    Legacy Posted By Username: gfernandez
  • This hosed our RDP connections and mounting images through Kaseya. I ended up deleting the threat out of KES and assigning myself a different profile without file scanning turned on and now I can mount and RDP.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: bkelleher