Kaseya Community

KAV 10.2.4.674 (Classic) - Receiving "Virus Definition Out Of Date" on a large percentage of systems since July 13th

This question is answered

I am wondering if anyone has run into this recently: System shows "Virus Definition Out Of Date" through the VSA but when you log into the actual system it is showing up-to-date.  This just started earlier this month.

Support is requesting that Windows Defender be disabled, Malwarebytes uninstalled, and a repair of KAV be performed....

Verified Answer
  • That's a good tip, but it shouldn't be the cause of the issue. Since locally on the machine it's OK, so updates are being deployed, it's only the communication stack with Kaseya that's not so good (to put it mildly).

    The new KAV module is somewhat better, but has it's own set of challenges. I was told after 9.3.0.17 came out  a fix to patch issues would be presented soon, unfortunately that's been a while.

    KAV has been mostly miss for us, with some short periods of hitting, so... waiting for a good slugger.. ;-)

All Replies
  • Yes, I have seen this and also the reverse where Kaseya says it's fine and the endpoint complains to the end user.  I have multiple tickets open with support on this.

    What version are you running out of curiosity.  We are on 9.3.0.09 and are waiting for the .14 patch to be released with hopefully the fix for kserver.exe crashing!

  • We are at 9.3.0.12 currently and planning on going to 9.3.0.13 tonight.

  • we are on .14 and still see the same issue. we have tested it internally and oddly enough after no changes the message seems resolved after 3 days....

    we will be expanding our test environment soon

  • Same here. VSA says agent is out of date and protection disabled. Endpoint itself shows everything as A-OK.

    Performing 'get status' or 'repair installation' doesn't help.

    community.kaseya.com/.../17158.aspx doesn't show anything in the MSMQ issues - restarting server services doesn't help.

    9.3.0.15 VSA and 10.2.4.674 agents (classic) currently, has been an on-and-off issue the entire lifespan of KAV, it's never been right since day one.

    I'd try to upgrade agents from classic to 9.3 Anti-virus, except you can't upgrade agents if classic isn't first working properly. Gaah!!

  • What? You mean that the KAV console is supposed to report when agent definitions are current or outdated? ;)

    In all of my experience with 8.0 through 9.2 it's been hit or miss (mostly miss) when reporting definition status.. It was the dozens of outdated definition alerts each day that caused me to develop our 'smart monitors" - they check AV status daily, report status to an agent custom field, initiate a definition update on the first detection of them being outdated (supports 9 different AV products/versions, not just KAV), and - failing all that - generates an alert. We now get only about 5-6 definition outdated alerts a week now and we've added almost 800 agents since the days of crushing alert levels.

    The only thing I'll say is that when our environment was a mix of V6 and V10 KAV agents, it was much worse than it is now.

    We're just testing 9.3 and are waiting for a couple of AV licenses to see how it goes. We're all hoping that how 9.3 handles AV is a significant improvement over classic methods.

    Glenn

  • Set automatic updating inside your profiles to every 2 hours vs automatic is what we had to do to resolve.  Automatic doesn't work correctly, but every 2 hours did for us and was recommended by support for this issue

  • That's a good tip, but it shouldn't be the cause of the issue. Since locally on the machine it's OK, so updates are being deployed, it's only the communication stack with Kaseya that's not so good (to put it mildly).

    The new KAV module is somewhat better, but has it's own set of challenges. I was told after 9.3.0.17 came out  a fix to patch issues would be presented soon, unfortunately that's been a while.

    KAV has been mostly miss for us, with some short periods of hitting, so... waiting for a good slugger.. ;-)

  • @ OudjesEric

    I 100% agree with you. KAV is a massive failure as a module. We have a few thousand endpoints out there with it and know that we cannot rely on on the data reported through the VSA. It reports as installed when it isn't, not installed when it is, out of date when it isn't, in date when it isn't, no data at all because it feels like it, and policy compliance all over the place for no reason whatsoever.

    We haven't moved from 9.2 to 9.3 yet because of all of the KAV horror stories we have seen so far, and cannot keep updating and rebooting our clients because Kaseya/Kaspersky can't get their s**t together.

    I know that as a software vendor, a reboot seems like a quick, trouble-free process that should be easy to achieve 24/7, but in the real world where entire businesses rely on machines being online and available, this is not an easy target to hit.

    Multiple Kserver patches that introduce as many KAV problems as they fix and requiring reboots on every endpoint in the estate is not the way forward.

    Kaseya's policy of wiping their hands and walking away from problems is not the way to treat customers. Neither is telling customers that they will be doing no further development on 9.2 because 9.3 is out (and you should upgrade because it will solve all of your problems), especially because 9.4 is just around the corner, so are we to assume that they will leave 9.3 customers in the lurch as well in a couple of months?

    My best wishes go out to the early adopters of 9.4 who have the steel pants to go ahead and upgrade their production Kserver and let us know about all of the failings of the product that wont be sorted out before they push us to move to 9.5 (because that will solve all of  your problems).