Kaseya Community

Kaseya Relay Program Detected as TROJAN

  • blocked.JPG
    Folks - this is pretty crazy - and i'm only having this problem in ONE location:

    ONE of my clients is running AVG8 - not part of kes.

    It has all of a sudden started detecting KRLYCLis.exe as a "Generic12.FDL"

    For the moment I excluded the directory holding that file from scanning - but that is NOT a good option.

    See attached screenshot of the alert...

    Anyone else seen this? Can someone at Kaseya reach out to AVG and see whats up? None of my other clients are having this issue... but this is the only one I have using a non-KES AVG. Everyone else is using KES or Symantec or McAfee or something else.

    Legacy Forum Name: Kaseya Relay Program Detected as TROJAN,
    Legacy Posted By Username: chavousc
  • We have confirmed that KRLYCLIS.EXE is being detected as trojan by AVG, and this has been reported to AVG.

    This affects KES and stand-alone AVG installations.

    As a workaround you will need to do the following on any machine you initiate Remote Cntl from: -

    1) disable AVG 'Web Shield' component if its installed
    2) disable Resident Shield OR add the following directories as exceptions: -
    - agent temp directory (e.g. c:\temp)
    - user temp directory (e.g. c:\users\\appdata\local\temp)

    Kaseya Support

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: dwalsh
  • thanks - just saw your post in the KES forum... ah the joys of antivirus

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: chavousc
  • Now all we have to do is explain the explanation point in AVG...

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: classnet
  • Also saw this last night when remoting from a personal PC with AVG8 on it through Kaseya. Everything worked as normal but got an alert which I 'ignored'.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: GDRBrian
  • hideavgscript.txt
    You can get rid of the systray warning by going into Advanced AVG Settings > Ignore Faulty Conditions

    Alternatively the attached script will remove the systray icon completely (after a reboot)

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: dwalsh
  • I just excluded these as well and they are working. It is just a headache now having to let all of our people know how to exclude these.

    --Jason

    dwalsh
    We have confirmed that KRLYCLIS.EXE is being detected as trojan by AVG, and this has been reported to AVG.

    This affects KES and stand-alone AVG installations.

    As a workaround you will need to do the following on any machine you initiate Remote Cntl from: -

    1) disable AVG 'Web Shield' component if its installed
    2) disable Resident Shield OR add the following directories as exceptions: -
    - agent temp directory (e.g. c:\temp)
    - user temp directory (e.g. c:\users\\appdata\local\temp)

    Kaseya Support


    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: jhand
  • Problem:
    When trying to remote control a machine with KES or AVG installed, you may see a Threat Warning from KES/AVG

    Cause:
    AVG is reporting a false positive in a virus signature. That signature happened to match exactly with one of our remote control EXEs which then blocked that program from being accessed which then blocks remote control. This issue appears to affect all machines running AVG both 7.5 and 8.0. Since KES uses AVG, all customers using KES are also affected. We are working with the AVG virus labs and they are working on an update to the signatures to release within the next couple of hours (VDB version 1770).

    Resolution:
    Grisoft are updating their signatures and will have an update to the signatures within the next couple of hours (VDB version 1770).
    • AVG will release an update to the signature in the next couple of hours
    • AVG will automatically get an update to its signatures and stop detecting the file.
    • You can use the workaround in the short term. In many cases it will fix itself once the signature updates are released.
    • KES automatically schedules updates at a rate of 200 machines / hour once the new update is available.
    Workaround:
    You will need to do the following on any machine you initiate Remote Cntl from: -
    1) disable AVG 'Web Shield' component if its installed
    2) disable Resident Shield OR add the following directories as exceptions: -
    - agent temp directory (e.g. c:\temp)
    - user temp directory (e.g. c:\users\\appdata\local\temp)
    If you have any questions, please contact support.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: gfernandez
  • this works for rdp, but our vnc is still broken.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: MikeConigliaro
  • This crippled us until 2+ hours later when we found this post.

    I thought Kaseya and AVG have started working closely together. This is beyond rediculous.

    Get your act together Kaseya.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: phippsrd
  • Our VNC is also still broken.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: kkesler
  • This has been a major issue for us today also.



    It's rediculous but if you really need access to a machine call your client up and walk them through temporarily disabling the resident shield on their side.

    We've confirmed this works on serveral machines.

    Thankfully our clients have been quite understanding so far.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: techsquad
  • now that the new signature file has been pushed out, our vnc works again.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: MikeConigliaro
  • phippsrd
    This crippled us until 2+ hours later when we found this post.

    I thought Kaseya and AVG have started working closely together. This is beyond rediculous.

    Get your act together Kaseya.


    I don't blame Kaseya for this. A week ago, AVG pushed out an update that disabled web browsing. We saw this on some of our AVG clients (not KES). The solution then was to disable web shield to get web access back and then manually download and manually apply an update.

    hc

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: howardc