Has anyone else come across this?

I have found the compliance in KAV 1.4 to be frustrating in general however I found that through a few steps its possible to actually get a false positive where KAV does not find a compliance issue when there is one.

Can anyone else reproduce this issue:

Step 1 –

Current State: in compliance

  • Manually set Access Control on Tape Drive Devices to true on client machine (open kaspersky on client à goto settings à goto access control à click settings button à tick tape drive à click OK)
  • Entered password on client to allow changes
  • Waited 3 mins (status.xml updated with new changes)
  • Received compliance issue in KAV module in kaseya
  • diff.txt stated that the files were different and showed the values that were different (only the values not the lines… This is quite useless if trying to parse this file to quickly report on what is different)

Step 2 –

Current State: Out of compliance

  • In KAV 1.4 module - Selected the machine stated as out of compliance, clicked Assign, set to same profile.
  • Files updated immediately: AVPsettings.xml, AVPsettings-last, profilesettings.state, globalTrustedApps.xml, kesprofile1570.kav, kesprofile1570exclusions.xml, kav_command_loadconfig.lua, threats.txt
  • Files updated at next 3min interval: diff.txt, getstatus_basesdate.txt, getstatus_component.txt, getstatus_scan_qscan.state, getstatus_scan_vulnerabilities.state, status.xml
  • Kaseya will now say that the machine is in compliance.
  • Manually check Kaspersky to find that the tape drive is still ticked in access control meaning it is not in compliance.
  • Diff.txt says the two files are the same.
  • Manually checked files and both files are the same. However, the reason they are both the same is because both state that the tape drive should be ticked (This is shown by the following value being 0 instead of 1 in line <val name=”Enabled” value=”0” type=”6”/>:

<node name="Devices">

… (other device lines)

<node name="0012">

<val name="ID" value="00000018" type="4"/>

<val name="TypeName" value="OtherTypes" type="10"/>

<val name="Enabled" value="0" type="6"/>

<node name="ClassGUIDs">

<val name="0000" value="{6d807884-7d21-11cf-801c-08002be10318}" type="10"/>

</node>

</node>

</node>