Kaseya Community

KAM/KAV IT ALL

  • We have been fighting this KAM KAV rollout since day one. It works, then it don't work. Lack of controls, the list goes on. Mad

    We run regular MalwareBytes with ZERO problems. Love it. New to Kaspersky coming from Symantec. Its seems ok, but I hear nothing but problems with KES, so I lean with KAV. But, the Kaseya versions just seen to be a  Rube Golderg approach in its design. Lots of overhead (slowest modules of all to load), and the contraptions just don't play together.

    Its been out there long enough to have the bug fixed, unless they only work on it during holidays when the trolls wake up.

    Maybe its me.Confused

    I was wondering if ANYONE actually has KAM or KAV running RELIABLY on machines on a consistent basis and is not chewing up labor time troubleshooting a product that is suppose to reduce labor.

     

     

  • We gave up on KAV. Just lots of problems that confirmed it was a less than polished product. Have since moved to a standalone business AV product that has a much better centralised console for managing it. And with the right alert settings etc we dont really miss not having AV as just another tab in Kaseya.

  • We have KAM but not KAV (we use eSet NOD32 and really wish it was available as a Kaseya module, but that's another story...)

    KAM is a bit of a disaster. It's un-tunable, there's no exclusions management (critical, and was shown in the lab demo at Kaseya Connect 2011 - what happened to it?), and it is slow as a dog, frequently causing performance problems on endpoints and making us look bad to our clients.

    I've asked repeatedly for progress updates on this one, but nothing seems to be forthcoming.

    Any Kaseyans care to let us know what's going on behind the curtain? I noticed it was absent from the latest roadmap.

  • I am using both, and my experience with the way I implemented it is working very well for me. I followed the guidance of turning off the real-time scanning on KAM and I run a scheduled scan on a weekly basis to make sure there is nothing that got by KAV. I have just implemented this as a weekly job that my techs spend about 15 minutes on reviewing a report to make sure all of them ran the scan, and if not they schedule a manual scan. The scheduled scan runs on 80% of the machines that are online at the time of the scan and I have setup views to identify which ones have not run.

    Since the upgrade to 1.2 in KAV, things have been running a little smoother, I do have to reapply the profile to about 30% of my machines at this point but it is easy to identify which ones because it shows up as PDM for the AgentMon.exe location (I am not using the standard directory). The only thing that gets me is the next version, 1.3, is going to be a completely different setup and I will have to transition all of my settings again, as I did with the Trusted Programs from the old XML file to the profile. I have signed up for the controlled release to test it out.

    One of the reasons I switched from my previous RMM, which I will not name but their solution was based on the Panda Security engine (absolutely horrid), to Kaseya was the integration with Kaspersky. While some of the items are quirky on how it is managed, this engine has removed 2 infections in the past 24 hours for me after I installed it on 2 computers that the client had their own AV and the infections were missed with their AV. I have now just converted both clients to utilize KAV instead of their own solution which means more money for me.

    Just my 2 cents, in summary it looks like things are getting better and the alignment with both products works well for us.

  • jchamness, How many endpoints do you support with both of these modules? We are currently exploring the option of deploying KAM and KAV. It sounds like you have a pretty good grasp as to what works, doesn't work, and how to get things to work.

  • Wait for  1.3



    [edited by: Shickey at 5:25 AM (GMT -7) on 3-22-2012] o0
  • KAV 1.3 came out today.  It's available on the download site.

  • Currently I have 125 machines under management with KAV and KAM. I just go done with the Controlled Release for KAV 1.3 that was released today. There are a couple of bugs in it right now, but I worked directly with one of the engineers to get them fixed, so the hotfixes should be coming out soon. For all other issues that they could not take care of, I developed procedures that work around what the KAV interface lacked.

  • Are you saying that 1.3 have been released with known bugs?

  • Shickey - I would recommend AVG from a Kaseya integration point of view. It is very good and the only problems we have are the typical odd failed install or engine stopping but for the number of agents we have the percentages of these things are very good. However, from an engine point of view AVG 9 is very old, so I would not recommend starting with AVG until AVG 2012 is on Kaseya and has bedded down for a few months.

    Greig - watch this space. The modules that Symantec have released for AV and Backup can only be a sign of things to come and I would say more and more vendors are starting to make Kaseya integration a priority. You have to remember players like eset know they are losing market share to this issue so it is hard to imagine integration not being a priority for them.

  • Can anyone confirm what happens to the existing 1.2 profiles after upgrading? Given 1.2 & 1.3 have different options are there version specific profiles?

  • @Steve, The profiles were not affected by the upgrade. Within the profile, in the components section, you will now see 2 new checkboxes for items that only apply to the new version, and 1 checkbox that is for the older version. I had no issues with my profiles.

    The new (or newer) engine that Kaspersky 6 runs is very fast, and not a resource hog in my testing. I also loaded it on a computer that was ready for the garbage. I started downloading all of the malware I could possibly find, the engine caught all of it except the FakeAV I downloaded. I was quite impressed with it.

    Now to the issues that I found. If you add an item to the Exclusion rules, it only enables the exclusion for the Scan and File Anti-Virus components. I researched where this came from extensively and informed the engineers of what needed to be changed, by including the Proactive Defense. This just got resolved with them yesterday, and the engineer promised a hotfix for this ASAP. You can go into the Kaspersky console and manually change it, or modify the XML file to include this, but if you re-apply the profile via the VSA, it will revert the settings back to only Scan and File Anti-Virus. After doing all of the research, I found that everything that you can manage via the VSA profile can be managed via the XML file and ALL of the missing features that I have been looking for, so I have moved to only managing the KAV agents via the XML file. The second issue that I found was that the default action for a scan was only to "Detect" the issue, and not to "Disinfect and then delete if disinfection doesn't work". The default action in KAV 1.2 was to do the disinfect, so I requested this to be changed too. There will be a hotfix for this as well.

    My recommendation for anyone that is looking to upgrade, go ahead and do it, disable Proactive Defense until the hotfix comes out, and migrate your agents at your own pace. The agents received their daily updates every time, the profiles applied immediately, and there were less complaints by my end users of slow downs of their systems.

    I hope this helps, let me know if you have any questions.

  • Thanks, appreciate the post. We will upgrade over the weekend and cross fingers :)

  • Where is this xml file located on the server that we need to modify since they enabled scan network drives by default and as per best practice, I want that disabled.

  • Hi Greig!

    We've developed a module to integrate ESET into Kaseya. Now you can see your RAdmin servers across your sites inside your Kaseya platform. Check out www.elementra.com/Endpoint-Protection for more information or send me a message. Hope this helps!

    Marek