Kaseya Community

KAM blocking KAV updates?

  • We've recently started installing KAM & KAV on a number of our test machines. KAM is blocking what I believe is the KAV update process, but it is some part of KAV being blocked.

    A number of these machines log the following repeatedly:

    machinename  Blocked URL 90.156.178.31 (Type: outgoing, Port 51725, Process: avp.exe)

    The IP changes slightly, 90.156.178.31-34, ports also change, some detected ports...51725,51727,51733, usually in the 517xx range.

    It's also blocked AVP.exe from connecting to 94.100.30.164-167

    Is there anything we can do aside from manually excluding that exe on the workstation?

  • I had this issue and was basically told to disable KAM live monitoring and only use it for scheduled scans.  Here is the response I got from support-

    Thank you for your response. I found a answer to your question in the Malwarebytes forums,  forums.malwarebytes.org/index.php.

    1. Why is KAM logging it with the KAV (avp.exe I think) process?

    Here is a response from Malwarebytes

    Why is Malwarebytes' blocking my antivirus?

    •  It isn't, but it may appear so because of the process name shown in the pop up which belongs to your antivirus. This can happen if you use an antivirus software that intercepts all incoming and outgoing internet traffic to look for infections which makes Windows think it is your antivirus initiating the connection and thus Malwarebytes' Anti-Malware thinks the same thing. In the below example you can see that the process name is avp.exe, which belongs to Kaspersky Anti-Virus even though this block was incurred by using Internet Explorer:

    •  

    For our version of Malwarebytes you won't see a popup, but instead you'll see a Detection for that Agent on the Detection Page.  

    2. Is it not necessary to have both KAV and KAM on the same machine?

    That is up to you and what protection you want on your machines.  The common scenario is our users will have both KAM and KAV installed, and will choose which application is responsible for each type of protection.  You can have all features enabled on both applications and have it work just fine, the only side affect is the amount of resources that will be consumed.