It's finally time to say goodbye to Kaspersky, as we we should have done long time ago. Unfortunately since very recently and very probably only on Windows 10 workstations, the machine freezes and slows to a crawl after removing Kaspersky. I can vouch for the fact that wasn't true a month ago, so that points to Windows patches, which I'm about to test. But, wanted to warn everyone this issue can really bite you.
We've seen this happen with Kaspersky 10.3.0 and the newest 10.3.3 version on Kaseya 9.5. We hoped to install Webroot next to Kaspersky, as we've done for the last year. Then remove Kaspersky with an Agent Procedure, so we don't have to bother the user as he works. When they shut down their machine or reboot later that day, things should be fine.
For us, this issue means having to call some 400 different customers and negotiate a time when we can remove Kaspersky and reboot immediately. That will be a nightmare, since we have almost 6000 KAV installations at this time, with lots of roaming users with notebooks all over the country. Not looking forward to such an operation. Unfortunately Kaseya hasn't taken this issue seriously and only 'contributed' we only have to reboot the machine to 'solve' the issue. Not really breaking news, as I has already supplied this option when submitting the ticket. What I hope to find is what patch causes workstations to hang so badly. On my way to test, but maybe someone has already run into this?
To be continued...
I can only suppose nobody is running in to this issue, which is good. Let me add an update. A flurry of testing has led to some conclusions on this issue we ran into:
• I can only duplicate the issue with a machine that has Kaspersky 10.3.0 (in our case about 5500 machines);
• I have seen this on Windows 10 1803 and 1809 (April and October 2018) versions;
• I can’t confirm this issue on Windows server versions - tested it on 3 of our servers, Windows 2012 and Windows 2016;
• I can’t confirm this on Windows 7 or Windows 8.1, due to lack of test machines;
• I can’t be sure Windows patches are the cause, it might be down to Kaspersky 10.3.0 only.
Which version of 10.3.0?
According to this 1803 and 1809 is only supported by 10 SP2 MR2 and above, not MR1.
I wasn't aware of the fact Kaspersky has released different versions without updating the build number. The logic is lost on me, and seems to create a bit of confusion.
The release notes for Patch 184.108.40.206 and 11 from May last year inform us about the update to SP2 MR2. The text refers to instability and our previous versions of 10.2.5. or 10.2.6 for our customers where all updated to that version. So, there is no issue with compatibility that I'm aware of.
Patch 220.127.116.11 released the update to SP2 MR3, without mentioning any issues it was fixing, so we left that update alone, knowing we were going to move to Webroot soon....
We're now one week into this issue and are waiting for input from Kaseya. They're certainly involved at the moment, but not up to speed....
OudjesEric do you have access to the 10.3.0 installer?
Oscar Romero - Sort of, not in Kaseya, so the installation of Kaspersky 10.3.0 is now possible, but that doesn't tie in to Kaseya at all and doesn't cause issues. So, the issue comes from the Kaseya-Kaspersky combination, but no one has been able to pinpoint what hangs the machine at this time.
So, if we could see a way to have the 10.3.0 installer the default again in Kaseya (on patch 18.104.22.168, instead of the current 10.3.3. version, that would hopefully give us some testing options. I feel there's more to it than just changing the installer. The behavior in Kaseya of the installation, information in the VSA, all that exchange of information is handled by Kaseya and was probably updated with the installer.
I do have a few machines left with a 10.3.0 installation 'll be testing over lunch. I'm looking at 2 machines to log and test and that hopefully gives is some info.
I have one machine on that version on my VSA personally. You should have received the 10.3.0 installation we were able to uncover.
Let me know if you have yet to receive it. OudjesEric
Oscar Romero - I did get the installation file, but it only proved the issue wasn't really with Kaspersky, but with Kaseya. When I install that 10.3.0 version I can remove it without problems. Considering the only difference is it's not tied to Kaseya (it's a separate installation file where Kaseya doesn't interact with Kaspersky), it stands to reason that's where the issue lies. So, some kind of process Kaseya uses to update the status of the Kaspersky installation in the VSA seems to hang the machine...
There's a Zoom meeting scheduled this morning to discuss alternatives with Dublin support and the PSE team.