Kaseya Community

KAV 1.3 - where's the features at?

  • quote - What this means is that files that the user copies (to launch or open) from the network will be matched in real-time to detect any potential threat

    aka you are scanning the file on a read or a write to the network.  This is called Realtime Scanning.

    You NEVER perform realtime Scanning of network drives from the client.  That is left up to the antivirus scanner on the file server or NAS A/V scanning solution...not the desktop.

    As an enterprise administrator in charge of Global environments I can tell you for fact that is NOT what you want to have happening.  Sure you might think its ok with 20 people accessing a server...how about 20,000?  You can, and will bring your netapp, fileserver or any other product right to its freaking knees doing that, not to mention cause huge slowdowns and other issues due to multiple A/V scanners locking the files at the same time (from client and server side scanning)

    The help states the protection scope defaults to All network drives...the protection scope needs to be modifed to Exclude network drives...and we need a way to do that...globally.

    Want and example of why this is bad?

    http://forum.kaspersky.com/lofiversion/index.php/t102810.html



    [edited by: Mark.Hodges at 10:21 PM (GMT -7) on 3-26-2012] added link to example
  • Mark, the feature you're asking will be available in KAV1.4

    In the interim you can use exclusions rules to avoid this problem

    In the scenario you describe of 20,000 users accessing the same file at the same time, I'm sure you would know what this file is - just add it to the list of trusted apps

    Or if you don't know, you can add the folder as an exclusion

    The ability to completely ignore files coming from the network (though highly not recommend and rendering your system not secure) would be added in the next version.

  • I think the real issue is Kaseya is making assumptions on the feature set and defaults with no way for us to customise them to suit our customer environments. That's why I say Kaseya AV is only suited to the smallest of environments. Kaseya pitches itself as automation and productivity tool but if I have to connect to each computer individually and _manually_ configure AV so that it will adequetly work in the customer environment that is very onerous and doesn't fit in at all with your products vision.

    I'm still looking for an answer how I can trust a particular URL at a customer site without connecting to 100 desktops and manually updating it.

  • I give up.  Jamesn - i have asked at least 3 times what the target date for this glorious 1.4 release is.  I realized this morning that *we* the customers did not turn this thread into an argument, but *Kaseya* did... and did so without answering many of the very direct questions we were asking.  

    So you win, Kaseya... i secede... you're right and we are wrong.  And the other IT professionals in other posts with the exact same concerns are all wrong too.  Especially about network file scanning.  I'm sure there are centuries of collective experience all saying it's not preferred, but you're still right.  Seriously... at the beginning of this thread i was disappointed, maybe slightly annoyed.  Now I'm angry; we all pay (very) good money for this product and we want answers to our questions.

  • Rick Mras

    He was not mistaken... it really does reboot twice.  It did it identically on two test systems;  granted, the server warned me this would happen before i did it, but there's no way around it to my knowledge.  And given that the WOL functions within Kaseya are marginal at best (even after designing a script that enables WOL on all adapters on all systems), after hours is not a viable option either.

    That makes some sense: 1 reboot to remove the old engine and 1 reboot to complete the installation of the new engine (even though KAV prior to 1.3 didn't require a reboot).  Combine this with the fact that you can't control when an endpoint gets the upgrade (unless that's new in v1.3) and after-hours installation in the only option we have.  We have a three-day weekend coming up that might work, but based on the KAV 1.2 upgrade it's going to take longer than that to upgrade nearly 900 endpoints.

    My biggest frustration is that we're more or less being forced to upgrade to v1.3.  When we upgraded to v1.2 two weeks ago we immediately found a bug, one that's significantly impacted our helpdesk and has burned Kaseya with dozens of our users (including stakeholders).  After two weeks Kaseya confirmed that the bug persists in v1.3 and turned the matter over to their developers.  They then came back and said they'll only be patching v1.3 so we needed to upgrade.  We need the bug fixed but I'm not certain we'll survive the upgrade.  As I said, frustrating.

  • Bill, can you tell me which bug you're referring to?

  • I don't see how real time scanning is putting extra stress to file servers? All it does is to check the file user is accessing. This actually puts the stress to client computer. And biggest problem this seems to cause big latency with software which rely on heavy read/write to network or with slow computers. This have to be dealed either with disabling network scanning or with exclusions. Depends by case which method I'd like to use (now can use only one method:)

    And I'm mostly pushing client installations with 5min install window and the all seem to get installed during 5-15mins depending on network. Not usable with hundreds of clients I admit that (unless you use those scripts to pre-deliver installation packages). I push installations in smaller batches since most of the computers are laptops nowadays and they are never in one place same time or running without user logged in.



    [edited by: Tomi at 10:40 AM (GMT -7) on 3-27-2012] typos
  • If the Client is scanning a network drive for each file it reads and writes and you have 3000 clients doing it at the same time, you introduce latency for the client (and I can tell you I've seen the problem with Trend, Symantec, Norton, Mcafee and Kaspersky) and file lock issues.

    Now..combine that with the fact that the Server is also scanning the same files as the same time and you have 2 different Antivirus products (same vendor usually) and you cause lock issues because 2 products are trying to lock and scan the file as the same time as the user application.

    You never run 2 antivirus products on your system at the same time to scan the same files...what makes it ok to do it to the same file with 2 different products.

    Granted, in the SMB market it doesn't cause many problems, but I can tell you that CAD and accounting packages really do not like that and will/have crashed.

  • Inbar Gazit

    Bill, can you tell me which bug you're referring to?

    CS096708. In short, KAV alerts when threats are discovered but not when they're remediated.

  • Question to Kaseya - Do you use KAV 1.3 internally across all of your devices?

  • KAV is installed on my laptop and has been since it was originally released over a year ago.  My machine was upgraded to KAV 1.3 several weeks ago.  As an end user, the upgrade was transparent (now that I think about it I was prompted to reboot a couple weeks ago, but I did it on my own time) & I have had no issues since it was installed.

  • Well Max maybe you can have the deployment scripts deployed to your customers too? Because our upgrade process reboots the computer without any warning - It's known too because someone was thoughtful enough to put a warning on the deployment window.

    It still hasn't answered my question though - what I was trying to ascertain was whether Kaseya themselves have confidence in their AV solution to deploy it across all of their internal devices as an effective AV solution. I'd love to hear from whoever manages & maintains your internal Kaseya deployment and find out how they configure the additional features of KAV 1.3 that aren't exposed in the Kaseya interface.

  • @Jamsen

    Comments inline for your  initial post.  

     

     

    - The install is some 140MB with no way to set an install source

                        KAV1.3 doesn’t have the ability to set the install source or update source.   One of the top requested feature and so we are working on to get this out in next release. [ Release date TBD, rough guess around late Q2 or early Q3]

    - The client upgrade procedure reboots the computer twice with no warning to the user. How do you propose we upgrade with minimal impact?

    Reboot is required as it’s a consumer version to Corporate version upgrade. Kaspersky engine requires this reboot and so highly recommend   you to schedule the upgrade during OFF BUSINESS hours.

    - The new client has many more features, including IM AV, Anti-Spam etc. We can enable/ disabled through the profile wizard but that's it, how do we configure it? KAV1.3 focus was to replace the old engine and add turn on/off capability for that feature. However, we understand the lack of mangebility and so planning to get this out in KAV1.4.   Majority of the work for the above mentioned [IM, AV, Anti spam etc] has been already done in our team.  Our current plan is to get this out with other missing manageability features [ + exchange[To Be decided]  in controlled release within 2-4 months’ time frame.

    - The profile wizard still contains only the most basic settings. How do I configure KAV further than enabling / disabling an entire component.

           More manageability features in KAV1.4 release.  We would like to hear some early feedback. If interested to participate, please email meghana.subramanian@kaseya .com .

    - Network drive scanning is on by default: / Quick scan & Full scan by default doesn’t scan network drive.  By default it’s turned on in real time protection. 

     

     

    Your feedback is valuable. Good or Bad, let us know. email securityproducts@kaseya.com 

     

    Thanks

    Meghana Subramanian

    Kaseya Antivirus Team

  • Straight after installing KAV 1.3 update on our server we noticed several client systems say they no longer had Kaspersky Anti-virus 2010 installed despite it being installed on the actual PC. We couldnt run an "ugrade client version" so we ran an install. It then reports on the Kaseya GUI that Kaspersky Corporate is installed but again once we check the actual PC's it is still running Kaspersky Anti-virus 2010.

    I then had to logon to these PC's to uninstall Kaspersky Anti-virus, Kaseya GUI no longer reports Kaseya Coprorate is installled so had to run an installation again.

    Looks like I will need to write my own agent procedure for KAV deployment, shame once again we cannot reference system scripts like KAV installations in agent procedures.

    Sigh....

  • Any one else noticing the same problem mentioned above by lenski?  Please file a CS ticket and ask to escalate to engineering.

    Thanks

    Meghana Subramanian