Kaseya Community

KAV definition discrepancies

This question is answered

After recent rounds of patching to our kaseya server, it appears that there is an issue where the virus definitions on the VSA no longer record the correct definition date and are reporting that certain endpoints are no longer up to date with their definitions. 

I have a ticket open with Kaseya at the moment and they have acknowledged that this is a known issue and they are hoping to have it resolved by the end of their "development sprint" that will go from September 28th to October 11th. Unfortunately I cannot wait that long and need to be able to report on if people are compliant and up to date accurately. Kaseya isn't aware of a workaround for this, but I was wondering if anyone has a way to export the current definition date on the Kaspersky Endpoint Security 10. What I am hoping to do is get the definition date exported to a custom variable. Unfortunately my google fu is not strong enough to find how to do this.

I am wondering if anyone here knows how to extract that information from the AV.

Verified Answer
  • Typically, you can restart the Kaseya Agent service on the machine(s) in question, and it will update the definition in the KAV module. I have created an agent procedure to restart the service daily, and the issue has went away completely across the board. Not a fix, but a workaround until one is released. You should only need to perform the repair on machines which do not update with this method (only had to actually repair 1 device since installing KAV).

All Replies
  • Hi  

    I apologize for causing some confusion/frustration here, the fix was not in a patch release for 9.2 - as mentioned in my post.

    Additionally, I was expecting a patch to come out to correct this in R9.2.

    After further review, it appears engineering made an attempt to include it in the roll out of the 9.2 release (part of the bug fixes in the 9.2 release)

    http://help.kaseya.com/webhelp/EN/RN/#KAVReleaseNotes.htm (look for Protect-42)

    In regards to support wanting you to jump through hoops, from what I can tell of the current status of this issue, Engineering needs more information as to what versions this is not working on and if the fix is implemented and working as designed.

    (Please note I am not a member of support and you should relay all information directly in your ticket to get the most up-to-date information)

  • My ticket is over 4 months old (August 27, 2015) from 9.1. I am on 9.2.9 and plenty of time has gone by to fix a problem we did not have before!

    It is insensitive of Engineering after 4 months of waiting for a fix for a KNOWN issue to ask Support to get "More information from Kaseya customers". WTF have they been doing for the past 5 months when this issue first arose?

  • Really agree with you here, sometimes it seems Engineering has no social clue as to what is expected and acceptable on these old issues.
    To be fair a lot of ground has been covered by support and engineering on known issues, so we're really optimistic about getting these fixed.
    Strange thing is we're not really seeing this issue a lot on our environment, having over 3.000 KAV installations on servers and workstations.
    I'll try to look into this issue on our installations to spot any special configurations.

    Like most folks we're waiting for the KAV update to support Win10.
    That's supposed to be available soon, Kaseya is talking days, maybe end of this week, maybe beginning of next week.
    So, this will mean, some changes in the way KAV and Kaseya work together.
    Very probably this will include some things will work better and equally likely, some functions will be broken.

  • We too are having issues with this and a several months old ticket that has yet to be resolved.

    We are also seeing endpoints that show blank data in the AV Database field.

    Losing hope fast with this product.

  • So, as I have added on my own ticket, the current situation with KAV looks really promising, finally.

    We're on the latest 9.2 patch (9.2.0.17) and are seeing hardly any issues with definition updates not working. We have some 800 servers with the old and new version of KAV (so 10.1.2.23 and 10.2.4.674), out of all these servers there are only 10 having some issue. This number has come down a lot, being in the hundreds before 9.2.0.17. So this patch and reapplying the profiles, with a few manual updates performed has gotten us good results.

    I'm not sure when this fix will go into 9.1 - I think it could and really should be in the next patch release, if that will make it before 9.3 comes out. I guess Kaseya Connect will be the perfect time for Kaseya to look customers in the eye and tell them the struggle is over. KAV will work as it's supposed to and 'we' can go back to spend time figuring out how to make more money with Kaseya. And that won't be too soon. Amen.