We've had a few machines today with broken internet and other application problems. We can disable Kaspersky and it works. We can even enable antivirus again and it will works for a while at least. Has anyone else seen this? Was there an update recently that could have caused this?
We've been fighting this issue for almost 3 weeks.
1. KAV's root scanner gets stuck and causes an instance of AVP.EXE to run at 100% of a single core, this causes internet explorer / firefox etc to sometimes open, if it does open it can't seem to go anywhere.
Temporary solution: Use Liveconnects Task Manager to kill the instance of AVP.exe that is running at high utilization.
This solution doesn't last, as soon as the rootkit scanner starts again, the problem reappears. Disabling the rootkit scanner in KAV has no affect, the scan still starts on its own at a random time.
2: We've seen the update engine get stuck. Updates taking 1-8 days. We've simply killed all instances of AVP.EXE, forced a PC reboot and then applied a manual update after adding dnl-01.geo.kaspersky.com to the update managers list. Kaseyas Kaspersky update server totally sucks and has since KAV was launched. We complained about this many times but its been simply ignored.
We set all of our clients to use dnl-01.geo.kaspersky.com for its updates, Kaseya's servers are unreliable at best.
Kaseya / Kasperksy has issued no fix for this as of yet. We've done extensive traces, etc to try to resolve this. We've ended up removing KAV from the affected PC's and using another anti-virus protection.
Affects all Windows PC's from XP to Win7SP1.
mcsnetworks, are you using Network Discovery? We had a problem with the same client today with the NIC on their server. It was disabled somehow and occurred every 2 hours. Disabling the Network Discover collector on another server seemed to fix it.
I don't know if that is related to the KAV problem, but it is the same client.
We're having the same issue with KAV not updating correctly. Each week at least one KAV endpoint will not update, and avp.exe will run at over 50% CPU for DAYS until we restart the workstation (applying a manual update command from the kserver does not help). The update logs show that the downloaded updates are corrupt and/or the endpoints cannot connect to the update server.
Is there a way (using an agent procedure?) to set all KAV endpoints to update from Kaspersky and not Kaseya?
A note I received from Kaseya:
In discussions with Kaspersky, we found that they released via the definition update process a version of the rootkit scanner that showed significant issues on some endpoints. The reversion of this change was released in a definition update late yesterday. Please verify if you continue to see this behavior on endpoints running up to date definitions.
We also had a couple of instances of this. Common threads were specific web sites causing the issue. Symptoms were that all http traffic was blocked. All other TCP traffic flowed including HTTPS. It would affect all browsers until system was rebooted. We removed KAV from affected machines. Our assumption was that KAV was getting stuck on what it viewed was a threat from code on the specific web sites. Problem has seemed to go away as no new reports for at least a week. Perhaps it was fixed on the 12/26 update.