Kaseya Community

AV Update causing too much internet traffic at once

This question is answered

A client of mine called today saying that his internet connectivity had all but stopped due to all of his machines updating Kaspersky at once.  As a quick fix, I changed the updating schedule from Automatic to Saturday at like 2:00AM.  However, I would like for the AV updates to be included in the patch management portion of Kaseya or the ability to designate a local server or local machine to distribute the updates.  This should be a plus for both sides by alleviating a ton of internet traffic on both sides.

If this has been discussed elsewhere, I apologize... I searched quite a bit before I posted.

Oh yea, I also should add that I am on the IT Center or (Cloud Version) of Kaseya.

 

Thanks,

Verified Answer
  • Hey Matt,

    Good news--we've got changes coming in VSA 6.2 which will enable us to add the local file source distribution feature to KAV in a future release.  So stand-by...

    Jeff Keller

    Product Manager

    Kaseya

All Replies
  • Hey Matt,

    Good news--we've got changes coming in VSA 6.2 which will enable us to add the local file source distribution feature to KAV in a future release.  So stand-by...

    Jeff Keller

    Product Manager

    Kaseya

  • I too am having the same issue.  Is there an ETA for VSA 6.2.  I didnt' see anything on the RoadMap.  Will the change also work with KAM?

  • Yes, we will also add the changes to a future release of KAM.  6.2 will only introduce the architecture we need to develop this feature for KAV/KAM, it won't automatically come with the feature though.  We still need to develop it and QA it as we do with any future release.  I'd like to put this feature into KAV 1.3 though, so stand-by for formal announcements after we get 1.2 out the door.

  • This is a bit of a pain. Local File Server updates should have a high priority. I want to roll this out to one of my clients, but with updates going over the internet it will be impossible. ~60 Workstations on a 2mbit link would kill it with updates.

    Can I just load a custom profile into Kaspersky? I did this when I manually pushed out Kaspersky with Kaseya scripts.

  • Hey gang,

    Local File Source is actually a higher priority than Kaspersky Server support--but we were unable to use the mechanism that KES employs and have been forced to wait for the soon-to-be-revised Local File Source Mechanism that was scheduled for VSA 6.2 (and it looks like it's still under development and will get bumped to 6.3).  

    So the purpose of this post is to let you know that this is truly the single-highest-priority on my list right now and as soon as it's available in the VSA, we'll issue an update to KAV to take advantage of it.

    Sorry for the delay.

    Jeff Keller

    Product Manager

    Kaseya

  • Really looking forward to this, its severely impacting clients both on performance and cost, some of our clients are paying for their traffic by the megabyte and are on small quota plans.

  • While I share the same concerns about local update source, it really isn't anything new for the client if you implement KES/KAV.  

    Windows updates without K uses the internet, AV updates for all their machines would use the internet as well so realistically speaking unless they were never doing either, they will not see a change in their bandwidth usage nor link utilization.

    I've had the same conversation with my clients about this as well..  The only difference with K is that I actually control to a tighter degree when these actions happen (vs every machine being different and potentially also running during the day.

  • Here's an alternative.  Why not add the updates as a distribution window such as with procedures/installations/etc.  This would stagger the updates and somewhat throttle traffic.

    Another possibility if you have the option to bandwidth throttle or use QOS on Layer 3/Router you can reduce consumption but your updates will take much longer.

  • No need to wait for this update, just use the Kaspersky Update Utility on the server or workstation you want to be the source, share the "Update" folder.

    Change the source the workstations use for updating using a procedure with the registry keys, I also delete the Kaseya source for all except laptops.

    Job done, both the scheduled update utility and the reg keys are controlled by the agents + procedures.

    We do this at every KAV site we have even if the PC's do have Internet access. Works perfectly, quick and easy to implement.

  • Jgolding, anyway you could help us out and point to these registry keys you are referring to?

    I see the copy updates to folder option from kav, now how can I implement this change to all the workstations on the network via registry keys?

  • To find the registry path on your machine search the registry for sec-update.kaseya.com/update

    For example, on 64 machines its normally:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP9\profiles\Updater\settings\Sources\0000\Path

    On 32bit machines its normally:

    HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP9\profiles\Updater\settings\Sources\0000\Path



    [edited by: jgolding at 12:44 PM (GMT -7) on 10-13-2011] this editor sucks !
  • Next question is, how do you manage the folder size and the updates that are being downloaded to this new source? Do the updates overwrite existing files already in place? What is your solution?

  • Hi Johnathan,

    The update utility takes care of that for you, only the latest update and required files are kept based on the selections you choose. You will also see some options to automatically delete all temp files after each update.

    For us, we only download the single version required, windows only, 32bit & 64bit.

    Thanks

  • golding,

    Thank you for the consistent support. I am looking right now at the Kaspersky Updater and I am not seeing my version 9.0.0.747 showing. Do you have this same version? Or is there a version that works with this version..

  • 459-736 works fine and is what we use on all sites, same definitions as 747 uses.

    Thanks