Around 2PM Central today most of clients started reporting they couldn't access some websites. It seemed random at first, and still pretty much seems random, but I think we pretty much narrowed it down to Windows XP and Kaspersky.
We created a new profile in Kaseya that has WebAV protection disabled and assigned it to a small test group. We'll see if this works.
Does this work? We also have been seeing this issue on Windows XP machines as well ... And we DESPERATELY need a fix ...
It looks like this is broader than Win XP machines. We're seeing it happen on Windows 7, as well. We had no success with disabling the some of the web components; however, this is primarily due to the fact that Kaspersky profiles won't consistently apply to those machines (a broader issue with Kasperksy/Kaseya).
We're in the process of removing Kaspersky and deploying Symantec Cloud - this has accelerated our time table.
I'd be interested if anyone has an ETA on when this will be resolved.
I'm seeing on twitter that people have gotten in touch with Kaspersky and they are saying a temporary fix is to disable Web AV. We're still testing to see if it resolves it. And so far, we are only seeing the problem on XP.
we are only seeing xp so far as well, no idea if the web AV profile we put out is working or not yet either ... but will update as we find out ... we also initiated an urgent ticket with K-Support on this - so we ought to have a response from them in about ... oh ... a week or so!
We're confirming that the temporary fix of disabling Web AV protection resolves the issue for now.
I am having the same issue with my clients. This has turned into a horrible Monday because of this. We need news asap on a resolution!
same here. I noticed i had to reapply the Profile to get some to work.
i also confirmed if you disable web AV. This will fix your issue.
Just FYI, here's a link to a post on Kaspery's forums about the issue (nothing official from them): forum.kaspersky.com/index.php
yeah, looks like all hell broke lose on their forums...luckily we update once per day at 2am....
in meantime I've disabled web filtering just in case.
Could have been worse..could have been a bluescreen due to quarantine of svchost.exe like mcafee did that one time....
I would not be in a hurry to disable WebAV unless you have other Web content protection in place between PCs and the internet on both email gateways and web traffic gateways.
WHY...Some people may have noticed that Yahoo was hacked over the weekend and the hackers managed to hijack (who knows how many) email account and send out links to a variety of Web sites that had been compromised with malicious content.. KAV WebAV actually blocked the link in one email that I received .
better to have a risk of some attack vs having 800 calls because people can't get to internet...
Lesser of 2 evils don't you think.
Hmmm. General concensus in our office is No. We sent a broadcast out to the users (via Kaseya), saying we weren't prepared to activate the 'Workaround' due to the risks that would be created and if users had a burning business requirement for Internet access to log a ticket. It will depend on how critical Web browsing is to your users. Senior management at our customers generally agree..
Kaseya forum post showing resolution lists the following:
"We apologize for the inconvenience. It does appear that there was a hiccup with an Update pushed out causing Windows XP machines to lose internet connectivity. An update was just released that should address the issue, what I will need you to do is:
To get XP users internet connectivity (temporarily), please disable the Web AV component of your protection policy for your managed computers. After doing so;
In Security Center (or Admin Kit):
1.) Go to the Repositories section >> (Right click) Updates >> All Tasks >> Clear updates repository.
2.) Go to the Repositories section >> (Right click) Updates >> Download Updates
After taking this step, please run your group Update task for Managed Computers. After the update has been pushed to your workstations, please re-enable your Web AV component in your protection policy. This should resolve the issue. "
Do us Kaseya users need to do something special to clear out the "bad" update? Or is it enough to disable Web AV and then let the XP systems update?