Kaseya Community

KAV taking forever to complete a scan? Here's one reason why.

  • I've been working with Kaseya since the 3rd trying to determine why KAV would sometimes take 50 hours to scan my workstation.  Along the way I stumbled across something fascinating that is certainly contributing to the problem: KAV 1.x (aka Kaspersky AV 2010) scans files and folders found via symbolic links. Yeah, not good.

    As you know Microsoft dropped "Documents and Settings" and "Local Settings" and moved everything to "Users" and "AppData\Local" when Vista came out.  To maintain compatibility with non-Vista-ready software they added symbolic links so that you could go to C:\Documents and Settings and be magically transported to C:\Users.  They added a similar link at C:\Users\[profile]\Local Settings to point to the new AppData\Local directory.  Great for users and backwards compatibility.

    Unfortunately KAV 2010 doesn't distinquish these sympolic links from the real-thing and so it scans those too.  That means if you were to look at a list of all the folders it checks you'd see:

        C:\Documents and Settings\[profile]\AppData\Local\
        C:\Documents and Settings\[profile]\Local Settings\
        C:\Users\[profile]\AppData\Local\
        C:\Users\[profile]\Local Settings\

    It'll do this for each and every profile on a machine.  In my case that transforms 35,793 files and 6GB into 143,172 files and 25GB, or a 25% increase in the number of files scanned on my machine.  At the end of the day, that's a complete waste of time and resources.

    The good news is that Kaspersky fixed this issue in KAV 2011, but of course the bad news is that Kaseya does not have an ETA on KAV 2011 availability.  Anyway, I thought I'd shed a little light on the performance issues you may have been seeing in KAV 1.x.

     

  • So when Kaspersky fixes this it will still take 37.5 hours to scan your workstation?  That's the 50 hours, minus the mess up of +25%

    /scratches head



    [edited by: Dan at 8:50 AM (GMT -7) on 10-24-2011] f
  • ;) No, it's actually been averaging 5 hours (so I'll likely drop down to 3.5 hours... a lot of files outside the user profile).  I had a few 24+ hour scans but it was the 50-hour scan that broken the camel's back and got me to open a ticket with support.

  • I don't use KAV for several reasons but would a few exclusions, as needed, help as a workaround?

  • Ordinarily I wouldn't entertain the idea of adding exclusions to work around a problem in a vendor's program ("it's not my job to fix your software") but in this case it's not even an option.  The global exclusions list is applied regardless of operating system, meaning if I were to block the symbolic links on Vista/7 I'd also prevent the actual directories from being scanned on XP.

  • Couldn't you just use a different profile for the XP and Vista/Win7 desktops?

  • That's an option, but an imperfect one.  While Kaseya does allow profile-based exclusions we've learned, and Support will back us up on this, that they don't always work.  The only way to ensure that an exclusion does work is to add it to the global exclusions list which, as the name suggests, applies to all profiles.

  • I'm not trying to be obtuse but, if you made an exclusion for:

    C:\Users\

    Would it not scan those folders through the symbolic links on Vista/7  which, as you indicated, are the "C:\Documents and Settings\[profile]" links but scan the normal "C:\Documents and Settings\[profile]" folders as needed on XP? I don't see how that would exclude those folders on XP.

  • That's actually not a bad idea.  Of course I hate the idea of not scanning C:\Users\ to get around the fact that KAV doesn't work properly, but with no ETA for KAV 2011 or 2012 we may not have a choice.  The last thing we need is to implement the rule, have the problem fixed one day, and then forget to remove the work-around.  If it weren't for the fact that our business is being decimated by the worst drought we've seen in years we'd simply throw out KAV and go back to Trend Micro.  I hated the cost but there's no arguing with now well their central management console works.