Just recently after updating to the most recent version of the VSA (9.5), our KAV has been sending out false positive email alerts for a handful of agents stating that the definitions haven't been updated for over 700,000 days with a null date of 1/1/0001 (see attached photo below for an example). I've opened up a ticket with support and they're currently investigating the issue, but I was just wondering if anyone else had any insights on such a strange issue. I'm curious because such an issue to this degree never happened prior to the upgrade to 9.5. Prior to this upgrade, every now and then we'd have a few false positive emails from KAV stating the definitions on an agent were out of date, only with a different date of 12/31/1969.
We have that problem too and our ticket response was "This is a known issue and development/engineering are currently working on it. " Also they said it was "Fixed - Next Version".
We also reported this issue in ticket #316770 [INC000009683742] in September last year. We were told in that ticket that this issue was due "to be patched out in 126.96.36.199". We have since given up but feel free to link your ticket to our one so that there a record of how many customers are being affected.
Here's my currently open ticket with the helpdesk for the record: helpdesk.kaseya.com/.../341678
We reported this bug about a year ago - after much time wasted in obviously irrelevant 'trouble shooting' the ticket is still with engineering.
We cancelled our KAV licences instead of waiting.
Looks like we will probably going the same way.
My personal opinion is that KAV is dead. The US fed gov basically killed it - not Kaseyas fault, but also no longer a priority due to the fact that K is a US company hence must comply with local laws.
Perhaps it will revive if the wind of US foreign politics changes direction at some future date.
Kaspersky products are not dead here in Europe, but KAV through Kaseya needs to be put out of its misery now.
Seriously? This is just downright unacceptable. How can they have known about such an issue for a year and not even remotely try to do anything about it?
Forgoing KAV altogether for us is simply not an option as we have 100s of computers that make use of it. Yes, I realize there's other options out there, but KAV has just been the most convenient for us with how easily it integrates into our VSA as well as how easy it was to set up the email alerts. This does beg the question though. Would there happen to be any way to configure a custom rule to the point where emails with the body of the message says that the definitions haven't been updated since that strange artificial 1/1/0001 date?
You could continue to use KAV but get it directly from Kaspersky and use their console? We have been using some fairly extensive KSD processing, procedures and agent procedures to try to keep KAV in check, otherwise we wouldn't have stood a chance.
For the record, our ticket on this issue is:
false alerts from KAV -- INC000008818098 #227260