I would like to take a moment to update our clients with an on-going issue that may be affecting some:
Issue sympthoms: KAV 220.127.116.114 and KAV 18.104.22.1681 lose license after installation of Windows Update KB2823324 which was released yesterday. After first or second reboot CheckDisk is being prompted on each boot of the OS.
The best course of action at this moment would be to remove the KB2823324 update and reboot the endpoint. We are currently communicating and working with Kaspersky on development of a patch to fix the issues. The first patch released by Kaspersky was not successful in initial attempts when tested within various environments.I will keep this thread updated and thank you for your understanding in this matter.Oscar
Kaspersky has acknowledged the issue(s) as well:
Here is a recent update from microsoft on various issues concerning the respective patch:
Microsoft is investigating behavior where systems may not recover from a restart, or applications cannot load, after security update 2823324 is applied. We recommend that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate.
I will continue to contact Kaspersky and begin to set some alternatives for our clients to recover from this event.
Posted Uninstall script on community.kaseya.com/.../84382.aspx
Thanks Chris, I've posted 2 agent procedures as well: community.kaseya.com/.../84386.aspx
@Travis.Boyle - Great script.
Anyone have any ideas how we can access/download our current update.key file as a SaaS user? I don't really feel like pushing full reinstalls of 53 KAV instances :)
You can import and use the key refresh AP I put out on community.kaseya.com/.../84390.aspx on SaaS as well as on premise.
Yeah I just found that it didn't pull the update.key file from the VSAHiddenFiles\kav\ dir on my SaaS. I thought it might have just been a security thing where SaaS users have no rights to these dirs.
I ended up finding an update.key on a system I recently installed KAV to though and I uploaded this to my managed files to use in the script instead.
All works perfectly now thanks.
Thankfully I haven't installed this patch since I wait a few weeks before approving patches and also have the workstations broken out in to two phases. I just blocked this patch from being approved.
Can't Kaseya pull the patch from their list instead of me having to deny it myself? I know that this wouldn't help those who've already installed it but it could help those who might have approved it like myself.
Microsoft did not acknowledge the issue with this patch until thursday 4/11/2013 (two days after it's release). It was pulled from their update servers the day after all the issues were confirmed, unfortunately we have no control when microsoft releases a faulty patch. We do however, do everything possible to correct these type of issues for our clients (as we have done so with created instructions/procedures).
Thank You Oscar,
Microsoft is well known for some bad patch releases, and as you mentioned, it is usually a few days after the release they discover the patch is bad. You would think they would do a better job of testing.
Microsoft has replaced KB2823324 with KB2840149. We haven't had a chance to test this version but I thought I'd point it out just the same.