Kaseya Community

Request for KAV 1.2 Status Update Sticky post

  • I'm sure their big enough to take it and other companies are mentioned all over the forums.

    Back to topic, has anyone got 1.2 working on TS/RDP servers yet? I hear that they arent supported but I'm keen to know whether it works as thats one of our key drivers.

    Olly

  • Ouch!

    I've been over in the product marketing land and its quite apparent I need to spend more time in the forums!

    On the event side side of things, the development team gets requests to implement all sorts of things.  You'll notice that the list of event sets is larger than what we did in KES.  For those that have been around long enough,  in KES 1.0, there were a ton of alerts that really didn't make actionable sense

    Threat detected - like has been mentioned...what are you supposed to do about this?

    Threat healed - same as above.  If the problem is solved, why would I have an open ticket.

    Scan Started - Would I really create a ticket for this?

    The problem came in that as soon as we reduced down the set in KES 2.0, we got all sorts of complaints how people really LOVED getting an alert that there was some threat - even though it didn't have some action related to it that a technician could do. The problem is that we needed more configurability (is that a word?) on the alerts that were created so we could give everyone what they needed.  

    So....he's the summary thoughts then.

    1.  NOT advisable to create alerts on every event created from KAV (just like you wouldn't create alerts on every security event log entry).  We have them...and included the event sets to help make them more discoverable.  Maybe in hindsight, we should have only included the eventsets that folks should alert on (as I'm sure more than a few folks are going to see the list of event sets and "select all").

    2.  If you'll notice in the event sets, we differentiate the events with "W"arning, "I"nformational, and "E"rror.  I'm hoping that gives a first step into knowing what to do with these.

    3. Some individual comments

    - ZC-KAV-DF1-W Definitions Not Updated in 2 Day:  According to Kaspersky, if the signatures haven't been updated in 2 days, they are considered obsolete.  The UI itself will also warn that the signatures are obsolete.    

    - ZC-KAV-FS3-E Full Scan Failed to Complete & ZC-KAV-QS3-E Quick Scan Failed to Complete.  Agree - not always huge problem.  In some cases however, it can be.  Typically organizations run scans on off hours.  In some financial institutions, they have to prove that scans were run.  If a scan failed to run (and it was run off hours), they really do want to know about it and treat it as an error.

    - ZC-KAV-TH1-W Threat Detected: This is supposed to contain the status at the time of detection / remediation.  Looks like some of the details were omitted in the event log entry and the team will have to get those included.  Each threat detected also has its current status (deleted, infected, quarantined, etc.),location, etc.  A refinement of the event set could produce what you are looking for.    (I'll get that over to the dev team).

    Bottom line is that via the eventsets, we have a LOT of flexibility of what to alert on

    Per the UI comments, there are plans to improve this so that you can bring down to some simpler options.

    On the missing options

    "Here are some Event Log Alert Sets which, in my ever-so-humble opinion, should be included that currently aren't:"

    > Threat Cannot Be Remediated

    This is there are part of threat detected logic once we include more data with it.  Likely the team should just implement this as a new event.

    > Real-Time Scanning Engine Inoperative: Darn... looks like Kaspersky's having a bad day... let's see if I can't figure out why... maybe a reinstall would help?

    This is a great idea.  If any of the components report an error, we should log it.

    > Reboot Required For Threat Removal: Ooh... should probably call the end user and have him/her reboot post-haste!

    Good idea - I don't know if Kaspersky actually has this situation.  Unlike other engines, the KL engine is more aggressive and will kill the process and then kill the file.  I've yet to hear of any situations where KAV needs to reboot in order to heal.  The only place I hear reboot is required is after install and potentially some large updates. (To date, the only reboot required I've seen on KAV is after install)

    > User Has Deleted A Recurring Scan Schedule: Sheesh... better call the end user and tell him/her why that's a bad idea!

    The broader idea here is to

    1.  Option to lock the end user UI

    2.  Compare the profile settings with the currently running settings.  If they don't match, then create an event.

    Thanks for the feedback.  Sorry for the problems.  I'll get these over to the dev team

    Jeff

  • Your thoughts and criticism aren't in vain.  This community is a great way for us to understand our customers' needs/wants.  That being said, our goal, and this isn't an altruistic marketing-lingo, mission statement with no meaning type of goal, is to provide world class IT systems management solutions for everyone.  Part of that is feature set, part of that is usability and part of that is market demand.  All of these are highly important to us here and we're working hard to deliver solid solutions at market prices.  Some of our best customers are our biggest critics too.  Its kind of like when your wife asks "Does this make me look fat?"  The folks in here are clearly the ones willing to tell us "...yes, Kaseya that does make you look fat."

    We're not crying about looking fat.  We're headed to the gym.  Keep the feedback coming.  My understanding is that the final coat of wax is being put on KAV 1.2 for GA.

    Have a great weekend everyone!

  • We too are extremely concerned with the lack of value of M&S. The KAV product has not been updated in a year. New feature sets which were promised to us when purchasing Kaseya 5.0 (Software Deployment) are now coming out as add-ons. Support is so lackluster we had to reach out to Brendan for resolution. I've spoken to our account rep at length about our concerns and yet I still continue to receive SPAM emails for SDU and not a single email about KAV 1.2 availability or a timeline for Kaseya 7.0 (with performance improvements and some of the features we were promised long ago!)

  • rmeyer

    Support is so lackluster we had to reach out to Brendan for resolution....not a single email about KAV 1.2 availability

    I have to say, once our tickets get escalated to Travis everything goes smoothly, but the road to get there?  For get it.  We received a KAV 1.2 invitation this morning as a resolution for one of our tickets.  It listed GA as "officially available in the coming weeks".

     

  • Kaseya is with the anti-virus solutions completely overwhelmed!

  • Can anyone tell me if you can add applications as trusted within the Profile with 1.2 vs needing to screw around with the xml file or doing it manually on the systems?

  • @Mark.Hodges: community.kaseya.com/.../13613.aspx