Ever since we went to VSA 184.108.40.206, we've had an issue across all organizations and profiles where the user stations are not updating threat defs. In looking at my list of roughly 200 machines, only about 25 of them have today's definitions. All the other machines are between 1-7 days old. All profiles had "Automatic" set, but when I found that to not be working, I changed them to scheduled, every 8 hours. That's still not resolving the issue and 60% of our machines are in the 3-7 day old range.
If I manually select machines and [Update], then it seems this does update all the selected systems (after about a half hour and the VSA display is refreshed).
But there's definitely something not working with AV updates. Most of our clients are now at 10.2.4.674, but some are still at 10.2.1.23. Neither updates more reliably than the other.
Has anyone seen this behavior?
We too were waiting for this patch and after testing it - I am confidently moving forward with our upgrade to R9.2 this weekend.
It's been about a week since we installed patch 17 and it appears after a week the definition update issue has been resolved!
Whew, it's only taken 18 months for us to get this fixed. Still have profile issue but we have been told and we understand this will be addressed in 9.3 release.
We have noticed little difference since 0.17 was installed 5 days back. We have many, but not all, of our KAV nodes updating, but virtually all of our nodes have the "out of compliance" flag displayed. So for us, this issue is not resolved at all.
Since .17 we have seen an improvement in definitions being update, not fixed; but an improvement. However, the AV profiles being out of compliance has not improved. We manually re-apply all the profiles, and in 2 hours they are all out of compliance again.
marcb; did a Kaseya rep tell you the profile issue wont be fixed till 9.3? This KAV product is taking too long to fix. We are very close to doing something outside kaseya.
Yes, I was told many months ago the the profile issue is separate and won't be addressed until the re-write was available. That was pushed back to 9.3. However, the compliance issue is now worse than before in that almost every profile is now out of compliance and after 15 minutes for us they are again out of compliance. We did not have this problem this bad last week before the definition issue was fixed.
It seems one thing gets fixed and something else gets broken and broken really badly!
What kind of QA is actually being performed. Fix one, break two? For us, our tickets on these two issues are over 12 months old and still counting....
I just received a workaround for the issue with profile out of compliance issues that appears to be working for me so far. the main issue with the profile out of compliance boils down to be an issue with the scheduler. If your scheduler is set to automatic, try setting it to scheduled. Setting it to hourly, every two hours should mimic the automatic setting. This should remove the profile out of compliance flags within a few hours. Mine have been gone for the last couple of hours now and have not return (except on PCs with known issues).
Matt is correct. The setting is related to the updater and is being picked up by the differentiating process used to determine profile compliance with what is currently set in the application.
If you don't care what the issue is and just want a fix do what he said and set a schedule.
Read on if curious.
The specific setting is this in the user interface:
Scheduled Tasks->Update->Postpone running after application startup for
It appears in the difference file created for the updater component which is causing the KSC to see it as out of compliance.
Comparing files orig_updater.txt and CURRENT_UPDATER.TXT
WorkingTimeout = 00000000
StartDelay = 0000000b <-- HERE
NeedInternet = no
StartDelay = 0000000a <-- HERE
This setting is not visible in the Kaseya KAV profile user interface, but it is included in the policy file it creates and distributes to the endpoint. Kaseya defaults this value to 11. After KAV (on the machine) runs an update it will set this value to 10 for whatever reason. I have tested by allowing it to automatically update and manually updating via the KSC as well as the KAV UI (on the machine) with the same results.
The value will only be changed to the KAV default value of 10 from the Kaseya default 11 when the mode is set to automatic and the option is grayed out in the UI, so specifying any "by schedule" configuration will work around this issue.
Be careful when updating your profiles. During my troubleshooting I found that 25% of the time the update schedule was set to manual on the endpoint when the profiles were automatically pushed out after saving the changes. This was fixed by applying it again using the "Assign profile" button. Easy fix but.... :(