Kaseya Community

Detections blank for all endpoints

  • Anyone else having an issue with the detections page being blank for all endpoints?  I've reset all views and filters and still nothing, checked on a few other user's accounts as well and it's blank for everyone.  Seems to have happened with the 9.2 upgrade.

  • We have the same problem, forgot to open a support ticket but thanks for reminding me :( It seems that KAV is having major problems with R9.2 (community.kaseya.com/.../21639.aspx)

  • We had this issue, resolved itself when we upgraded to 9.2.0.7 though I don't recall any specific mention of a fix for this.

  • Good tip, I updated and the detections are back.  Thanks!

  • I just read the patch release notes, can't find any mention of this one, not in patch 5, 6 or 7.
    I happened to ask about changes in 9.2.0.7 but they insist only one thing was fixed.
    We have the 9.2.0.6 patch active that was pulled, so only miss 9.2.0.7 and I can't open detections at all.
    I'm getting time-out errors now, so maybe something is going on here, but I'll check back on Monday.

  • So, today I'm seeing normal numbers of Detections for selected machines.

    It seems patch 9.2.0.6 and 9.2.0.7 should be the patch level to fix this issue.

  • Patched to 9.2.0.7 yesterday and still Detections is blank *sigh*

  • Does the screen even report a few seconds of "Loading" before going blank?
    That's what I was getting before, but that is now OK after restarting the Kaseya Anti Virus service on our VSA.

    Could also have something to do with the KAV queue not reporting to the table that holds the Detections.
    In SQL you should have a filled table kav.ThreatDetection, for us the number is almost half a million

  • It does the loading and it takes a while but nothing comes up, no filtering used.

    9.2.0.7 did fix the MS Msg Queue problem it seems. kes.service Queue messages is empty, but subscriptions has 129 "stuck" messages with label "Rhino.ServiceBus.Messages.AddSubscription" as does kam.service. I wonder if it's safe to purge them? They are all two days old so they've gone into the queue just before the update to 9.2.0.7

    I could not find kav.ThreatDetection, but I found that kav.vThreats has data.

    I was looking the Views, but kav.ThreatDetection is under Tables :)



    lol
    [edited by: neuvoja at 3:28 AM (GMT -8) on Dec 9, 2015]
  • I restarted Kaseya Antivirus Service and the Msg Queue problem is back *sigh* Can you somehow automate the queue purging? And you'd also need to automate the sql truncate...

  • Doing a default reset of the queue may not be the best option.
    The queue contains information from agents that needs to go into the Kaseya database.

    Resetting the queue temporarily breathes life into KAV events, but does that by throwing away information.
    So, that means you may miss valuable information, like virusses found on scans.

    Thinking back on the things that were done on our Kaseya server, I neglected to mention an important change.
    In a fix that was installed some 2 weeks ago, some communication from agents is not sent through the queue mechanism.
    This was needed in our case, because some errors have the effect of blocking further processing of the queue.
    The fix creates a logfile that catches these communication errors and keeps the queue from getting blocked.

    I don't have a ticket number that logs this fix somehow, so not sure how you could get this fix as a temporary workaround.

  • Thanks for the info, I guess it's finally time to bother the kaseya support ;)

    Supports answer:

    Here are the steps to take:

    • Stop the Kaseya Anti-Virus and Kaseya Anti-Malware Services.
    • Open the Private Message Queue located under the Server Manager > Features.
    • Locate & open the kes.service and/or kam.service folders. Ignore the folders with the # symbol in the name.
    • Right-click and purge both the Queue messages and Journal messages folders.
    • Open the SQL Server Management Studio and perform the following query:

    USE ksubscribers
    DELETE FROM kav.unprocessedclientevent
    DELETE FROM kav.clienteventdeadletter
    DELETE FROM kam.unprocessedclientevent

    • Start the KAV/KAM Services.
    • Confirm all services are running.

    Note: Again, this is not a full fix, simply a momentary relief that you can take in order to help at the moment. This issue is prioritized by Engineering and they are working on it.



    supports answer
    [edited by: neuvoja at 11:01 AM (GMT -8) on Dec 10, 2015]