Kaseya Community

Cannot remote control machines after KAV install

  • We just got KAV to test it out (before deploying).  We have had some annoying issues, the worst one seems to be that once KAV has been installed we can no longer remotely control the machine.  We can connect to the machine and see the desktop (we are using K-VNC), but we have no keyboard or mouse control.  This has happened to all 3 machines we have pushed KAV to, and all were installed via push from the K console.  Anyone else seeing this or have any ideas?

    Thanks,

    Jason

  • I have KAV installed on a Win2K8 server and have no problems RDPing to it through Kaseya. Although I do have a couple of other issues with KAV, I haveto disable it to be able to connect to a coupleof database apps as for some reason it seems to block port 1433 - no notifications or exceptions the app just refuses to work untill I disable KAV.

  • For anyone else that runs into this problem, I got around it by making changes to the KAV console on the remote machine.

    -Open KAV on the desktop

    -Go to My Protection > System and Applications

    -Click on Proactive Defense > Threats and exclusions (under Options on the left)

    -Under Exclusions click on Settings, go to the Trusted Applications tab

    -Hit Add, and browse to the location of the VNC executable

    After you select the VNC executable, there is a window with 4 boxes:

    Do not scan opened files

    Do not monitor application activity

    Do not monitor child application activity

    Do not scan network traffic

    I checked all 4.

    After that it worked.  For clarification, I was using KVNC to connect, not RDP.

    It is disappointing so far, seeming like a beta product rather than KAV 1.0

    I have had so many legit programs blocked, if I were to deploy this now it would be an enormous mess.  I would be getting hundreds of phone calls as programs stopped working.

    For example, KAV has blocked:

    -Kaseya components, including kvnc

    -Evernote

    -Scanning software for my local, usb-connected scanner

    -TimeClock software

    etc, etc,

    I would have to remote into and make individual execeptions for all kinds of applicaitons on a thousand machines.  

    Another major disappointment is that it just blocks these apps with no notice to the user, or a way to "allow".  For example, if KAV were to block EverNote, it would be nice to get a little warning that says "Applicaiton Evernote has been blocked, would you like to Allow Always or keep blocking?"

    As it is, Evernote just stopped syncing (scanning software just stopped working, etc.) with no way for me to know that KAV was blocking.

    It is going to take alot more work and testing before we feel even remotely comfortable rolling this out to our clients.

  • Hey Jason

    I had the same issue as you today.

    What I found out is that if you remote control a machine running KAV and launch the KAV GUI or have it up already, it locks your mouse and keyboard control out until it is closed. This is the self-defense mechanism in Kaspersky Anti Virus.

    If you want to get around this to go to SETTINGS(Upper right or GUI) -> highlight OPTIONS and uncheck ENABLE SELF-DEFENSE.

    -Curt



    [edited by: Curt Phillips at 12:47 PM (GMT -8) on 1-4-2011] I will try what you have posted as well
  • Same issues plus some.  Ton of false positives.  Rolled it out on some workstations in the office.  Atleast it is finding stuff, unlike AVG.  

  • @ Curt:  Thanks for that info, i'll look into that too.

    @swilson:  I was also glad to see it catching stuff, on my own machine even, but all 14 "threats" it founds were false positives.  From what I am seeing, all the legit programs I have that were being blocked were classified as "Riskware".  I am trying to see if I can disable or tell KAV to ignore "riskware" for now, but have not found the option yet.

  • Hotfix going out for this now.  By default, we'll disable the setting.

    Jeff

  • Thanks Jeff.  Just so I understand, is the hotfix for the "not able to remote control" issue, or the issue of not being able to turn off "Riskware"?

  • I am noticing that it can be a little overzealous complaining about legitimate software aswell.

    I have KAV installed on my own PC, and whenever I RDP to another machine via Kaseya, I get the following.

     Whenever I use K-VNC, I get the following:

    Kaseya Anti-Virus is therefore complaining about Kaseya!!

    Remote controlling machines also seems to be less reliable since I installed it on my own PC, but that may just be K2 (we've only just upgraded).

     

  • Unfortunately, I don't see a way to progmatically add exclusions to the application list for KAV.

    It would be nice if there was a way to control the application exclusion list from a KAV profile so that one could add "Logmein.exe" etc so that self defense could be enabled and yet we could sill remote control the machine.

    Disabling self defense "solves" the issue alltogether, but this is just (I hope) a temporary solution until a true work around is found.  Leaving self defense disabled really defeats the purpose of self defense in the first place.  Not to mention that now the users see a message that something is wrong with their antivirus and sumbit tickets / call us about it. "YOUR COMPUTER SECURITY IS AT RISK!"  It makes it looks like we are not doing our job when the end user sees warnings about things that should be enabled but are not.



    [edited by: Dan at 5:51 AM (GMT -8) on 1-14-2011] f
  • Do this for me...(maybe I can help fix it up)

    - Get a workstation that is tweaked with the right settings.  (i.e.  make sure that you have self defense enabled and the exclusions such that you can remote control)

    - open a command window - go to the Kaspersky program directory

    - execute   AVP EXPORT RTP c:\mysettings.dat

    Send me the file  (jeff.keyes@kaseya.com)

    Jeff

  • Mine is on it's way to you Jeff.   You will also see some of the exclusions I've had to add for other apps to not be blocked or flagged as "riskware".  It would be great if Kaspersky would give me a way to say "ignore all riskware".  I can't push KAV out right now, because I can't handle the huge number of problems this generates.

    Thanks,

    Jason

  • We had the same problem and logged a call ticket number CS036361 on Dec 30, 2010.  This is what I logged "kaspersky is detecting the remote connectiion as riskware.   I have tried to put in exclusions but same problem.  This problem is happening on Win7 pro and window XP Pro workstations that i have kaspersky loaded."

    This is what support said Jan 12, 2010

    "The remote control hotfix has been released as part of KAV hotfix levels 2050-2059.<p></p><p></p><p></p><p>A KAV profile needs to be re-assigned to previously installed endpoints to apply the changes. Once this is done you should be able to use the Kaspersky UI through remote control.</p><p>Let us know if you continue to see problems with this.</p><p>Dan</p><p></p>"

  • Jeff, can we use the "export" procedure you outlined to also import?

    we've got a client who has a SQL app - currently we simply disable the "Proactive Antivirus" portion and that seems to work.  However we'd love to setup a process exclusion, but doing that individually on 50-ish machines doesn't make sense.  

    Could be cool to setup a client the way you want using the regular interface, and use that .DAT file to create a profile with all those settings in it.

  • I'm adding trusted apps into the profile recognition...but don't have it in the UI just yet.

    I've also added into trusted apps WinVNC, TightVNC which fix the remote control problem.

    So...how to export / import?

    Here's the scoop

    1.  We have a customized build of KAV that allows for exports to use XML formatting rather than binary.  The engine currently supports both.  If your extension is .DAT, it uses XML...otherwise (as far as I can tell), it uses binary

    2.  You'll need a password for this.  Right now we hardcoded the password, but it is centralized and we'll be randomizing that in the future.

    Process

    1.  (via script - on my 64 bit box)

    C:\Windows\system32\cmd.exe /C "c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp" EXPORT RTP c:\kworking2\kav\AVPsettings.dat

    2.  Muck with the settings you want

    (in this case, its one big XML file...change settings, do a "diff" on the before and after xml files, and you'll get what you want)

    3.  (via script - on my 64 bit box)

    C:\Windows\system32\cmd.exe /C "c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp" IMPORT c:\kworking2\kav\AVPsettings.dat password=SeedPassword

    The biggest problem here is that this OVERWRITES ALL SETTINGS ON THE TARGET BOX...  There isn't a way in this method to merge in your changes unless you speak XML and do that work.

    The next biggest problem is that this assumes all paths are going to be the same across boxes (64 and 32 bit)...which of course isn't right.  We take care of all of those things for you.

    Hope this helps

    Jeff

    PS.  Please email me / yell / whatever to let me know of things that are missing in the profiles that you need sooner than later