Kaseya Community

threshold for KAV alerts?

This question is not answered

For many months we have been using the email alerts feature in KAV under the Classic AV module, this morning one machine was reporting "The Kaspersky AntiVirus Quick Scan scan did not complete" and sent emails over 300 times within 40 mins. This has never happened before, attached are the settings, do I need to create an email threshold some how? I've just removed the machine from the alert profile in an effort to suppress our help desk getting flooded with emails. I have also rebooted the machine in question which appears to just have been sitting at the windows 10 login screen overnight.

All Replies
  • This starting happening with a second windows 7 endpoint. This time I just unchecked "Scan did not complete" from the profile, but why is it doing this?

  • This has been a shortcoming of the classic KAV module for quite a while now.  The new KAV module in R9.3 does allow better flexibility and management in terms of timed thresholds for alerts.

  • The KAV module in general has been one big nightmare after another

  • Really, I can't imagine why...... ;-)

  • I would have agreed, but under close examination of the Kaseya environment that I inherited, I found that many of the techs had been updating the AV profiles incorrectly. We found folders defined as applications and files defined as paths. This seemed to confuse the dickens out of KAV... We created new, standardized profiles, deleted ALL customer profiles and re-created them fresh, insuring that every exclusion definition was properly defined. While I won't say it's resolved every issue with KAV, it has made a serious improvement in operation and reduction in the truly weird problems.

    Every time a tech updates a profile, someone on the NOC team does a quick review, fixes any issues, and explains what we found to prevent further problems.

    We've done technical reviews for several Kaseya VSA implementations, and the common-denominator for problems is inconsistency. Too many cooks, chiefs, and all that. We documented our internal process, restricted access to certain areas until our staff had training, and do periodic reviews and refreshers. Yeah, it's work, but not nearly as much as fiddling with all of Kaseya's twiddly bits on a daily basis to keep things running.

    Glenn

  • Well, we did the same excercise on our profiles, but can't claim the same improvement.

    It's never been an issue, causing problems, in any discussion with support that I can remember. The module in itself provides enough challenges that you don't need to introduce your own problems... :-)

    We can however credit Kaseya with putting in a lot of time and effort in cleaning up KAV issues. It's taking longer than we want and it should be taking, but still, their efforts also make a big difference.

    Eric.