Kaspersky 6.0 Issue(s) after Windows Update

Forums

Forums
Forums, discussions, and Q&A for all products.

Kaspersky 6.0 Issue(s) after Windows Update

  • I would like to take a moment to update our clients with an on-going issue that may be affecting some:

    A recent Microsoft patch released is causing licensing issues within our Kaspersky products as well as issues with CheckDisk prompts for machines.  
    The licensing issue is as follows:
    Upon installing KB2823324  http://www.microsoft.com/en-us/download/search.aspx?q=KB2823324  (dated 08.04.2013) from Microsoft on the following operating systems:

    Microsoft Windows Vista x32/x64, 
    Microsoft Windows 7 x32/x64, 
    Microsoft Windows Server 2008 x32/x64, 
    Microsoft Windows Server 2008 R2

    Kaspersky Anti-Virus for Windows Workstations / Server version 6.0.4.1424 and 6.0.4.1611 displays the message: "Your license is not valid. Protection disabled."

    As a result, the protection components stop functioning.
    As for the second issue concerning chkdsk:

    Issue sympthoms: KAV 6.0.4.1424 and KAV 6.0.4.1611 lose license after installation of Windows Update KB2823324 which was released yesterday. After first or second reboot CheckDisk is being prompted on each boot of the OS.

    The best course of action at this moment would be to remove the KB2823324  update and reboot the endpoint.  We are currently communicating and working with Kaspersky on development of a patch to fix the issues.  The first patch released by Kaspersky was not successful in initial attempts when tested within various environments.

    I will keep this thread updated and thank you for your understanding in this matter.

    Oscar

    Kaseya Support  



    [edited by: Brande Schweitzer at 8:24 AM (GMT -7) on May 31, 2013] removed stickiness
  • Update:

    Kaspersky has acknowledged the issue(s) as well:

    support.kaspersky.com/9750

    support.kaspersky.com/9751

  • Update:

    Here is a recent update from microsoft on various issues concerning the respective patch:

    support.microsoft.com/.../en-us

    Microsoft is investigating behavior where systems may not recover from a restart, or applications cannot load, after security update 2823324 is applied. We recommend that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate.

    I will continue to contact Kaspersky and begin to set some alternatives for our clients to recover from this event. 

    Oscar

    Kaseya Support

  • Posted Uninstall script on community.kaseya.com/.../84382.aspx

  • Thanks Chris, I've posted 2 agent procedures as well: community.kaseya.com/.../84386.aspx

    Regards,

    Travis

  • @Travis.Boyle - Great script.

    Anyone have any ideas how we can access/download our current update.key file as a SaaS user? I don't really feel like pushing full reinstalls of 53 KAV instances :)

  • You can import and use the key refresh AP I put out on community.kaseya.com/.../84390.aspx on SaaS as well as on premise.

    Travis

  • Thanks Travis,

    Yeah I just found that it didn't pull the update.key file from the VSAHiddenFiles\kav\ dir on my SaaS. I thought it might have just been a security thing where SaaS users have no rights to these dirs.

    I ended up finding an update.key on a system I recently installed KAV to though and I uploaded this to my managed files to use in the script instead.

    All works perfectly now thanks.

  • Thankfully I haven't installed this patch since I wait a few weeks before approving patches and also have the workstations broken out in to two phases.  I just blocked this patch from being approved.

    Silly question

    Can't Kaseya pull the patch from their list instead of me having to deny it myself?  I know that this wouldn't help those who've already installed it but it could help those who might have approved it like myself.

  • Hello,

    Microsoft did not acknowledge the issue with this patch until thursday 4/11/2013 (two days after it's release). It was pulled from their update servers the day after all the issues were confirmed, unfortunately we have no control when microsoft releases a faulty patch.  We do however, do everything possible to correct these type of issues for our clients (as we have done so with created instructions/procedures).

    Oscar

    Kaseya Support

  • Thank You Oscar,

    Microsoft is well known for some bad patch releases, and as you mentioned, it is usually a few days after the release they discover the patch is bad. You would think they would do a better job of testing.

  • Microsoft has replaced KB2823324 with KB2840149.  We haven't had a chance to test this version but I thought I'd point it out just the same.