For whatever reason, after finally getting our email alerts for Kaspersky/KAV working again, our alerts have been sending us notifications for Kaspersky being disabled on certain endpoints. Don't know what exactly is going on here, though I know for a fact that our users are not able to disable the protection unless they know the admin username and password to do that. So I know for a fact that all of these have to be false positives. I've been going back and forth with someone on the helpdesk about this issue since last week, but I know they're just swamped all the time and it's always takes me days to get an issue resolved with them.
Could someone at least give me any possibilities as to why this is happening? It's driving me nuts!
Do you have a ticket number with the details?
I would be happy to look into this for you.
As a note, we only send a disable it Kaspersky reports that to the VSA. Something must be triggering the disable from the Kaspersky side. Is this continuing to happen? If so would have have an estimate of how often. Maybe something is happening on the endpoints that is causing Kaspersky to report this.
Yes, I do have a ticket number for this case. It is #177747.