This is news to me, as I have just found out via a Support ticket.
Basically, I have lots of machines that I have not upgraded to AVG 2012 because I didn't realize it was an urgent matter. I do however, have all endpoints set to auto-renew their KES license. AVG 9 has been OK and I have lots of things going on, so this wasn't a high priority for me.
I've heard of AVG licenses expiring on our managed endpoints every once in a while, but when it's a server- I have major concerns. When your license expires instead of auto-renewing, you are unprotected. You go from having a managed anti-virus, to having NO anti-virus. You can manually fix this by running a Connect Client on the endpoint, but you have no way of knowing that the license is expired unless a client calls to let you know that they are getting the expired license pop-up.
I asked via a ticket what the deal was and if machines need to be upgraded to 2012 for the auto-renew feature to work. I was curious because this seemed like a possibility, although an odd one because I thought AVG9 worked fine. After barking at my support agent for a couple days, I finally got a response and it's not pretty:
"Yes please you need to upgrade the current version KES on the endpoint to the 2012 version to have full functionality, the auto-enable license will work if you have the current version and they have expired, not when you have reached the end of version and need to upgrade."
So if you have a bunch of AVG9 endpoints running around, you are at risk of having no anti-virus protection. At a time when Crypto instances are still thriving, this is a sad way to find out that I could have thousands of unlicensed, unprotected endpoints when I thought all along that my licenses were auto-renewing.
Another day in the life...
Can anyone from Kaseya support comment on this?
I have asked the KES Product Manager to review and comment.
Dantheman can you please post here the number of that ticket you mention above?
Thanks for your patience
#7423 AVG licenses expiring on machines set to auto-renew
I don't mean to throw anyone other the bus. If the tech is wrong, that would be fantastic. If it is true, this is a serious flaw that was never pointed out to me and I feel that other admins should know. Bugs are bugs, but serious flaws that can jeopardize client relationships are critical.
There is lots at stake here.
#1 I have no way of knowing what machines have expired licenses. I have methods for finding machines without AVG, but I have no idea how to identify expired instances of AVG 9. I could have 5 expired or I could have thousands expired. I was thinking I had amazing KES stats, but now...?
#2 We are more than likely consuming KES licenses for machines that are expired and unprotected. If the licenses are set to auto-renew in Kaseya, why should I think that the licenses aren't being consumed when some AVG on the endpoints show expired?
#3 I've dealt with enough grief with using KES. I've had to make custom fields to grab the install date, so that I can accurately identify machines without licensed AVG installations because no other method works effectively. I ensure 90+% compliance on over 15,000 machines. I make magic happen with the product I love. If KES is self-destructing on its own, I need to know why.
#4 If this is a nuance with AVG9 and AVG 2012 like the tech stated in the ticket, these things need to be communicated to your VSA's/community. I understand that AVG 2012 has been out for a while, but upgrading all endpoints hasn't been high on my priority list. A flaw like this will certainly make this a huge priority for me. I just need to know what the circumstances are, by someone who knows the product.
I don't know if it's related or not, but I noticed that I have a number of servers with AVG installed that show "Invalid License" in KES - License - Extend/Return. They are all AVG 2012. I logged in to to spot check a few servers and the AVG interface says that the license is OK and the server is protected. I will open another ticket for that...
I hate to be terse, but, AVG 9 is grossly out of date, unsupported, and its detection rate is inferior (to 2012).
The real issue here seems to be that you failed to make moving to AVG 2012 a higher priority?
How many endpoints do you manage Craig Hart? If you want to go that direction, I hope all of your managed workstations are running Windows 7 by April 8th as well. If you want to poke fingers at me for pointing out a flaw in the product that I use everyday, you have no place on this forum.
Dan, I'm just curious as to why you haven't pushed out AVG2012. It is, after all, just a few mouse clicks to schedule upgrades; meaning of course the number of endpoints involved is not that important.
Kaseya have been telling us for a long time now that AVG9 endpoints have limited functionality. e.g. security status says clearly "The page below may include older KES endpoints, AVG version 9. These endpoints continue to function but have limited control ability from the Kaseya server until they are re-installed or upgraded" every time you view it...
The onus is on us users to do the upgrades in a timely fashion; I wanted to remind you that you are expected to upgrade your unsupported endpoints, and to realize that K has advised you that these old endpoints need to be upgraded ASAP.
I don't think it's fair to criticize Kaseya when you haven't followed best practices and rolled out AVG2012 ASAP, as you are meant to.
All of the buttons in KES have been around since AVG9, so I don't know why I would assume that those same buttons would stop working. The auto-renew button has been there since KES came out. I understand that updating to the latest version is typically a good idea, but it does not always happen in a timely fashion. I have many other duties outside of Kaseya, therefore I cannot focus 100% of my attention on Kaseya unfortunately.
It is one thing to have less features or old antivirus engines on some endpoints, but to have the endpoints that become unlicensed/unprotected on their own is a joke. Why don't you just tell me that I need to be on Kaseya 6.5? That's basically what you're saying. I must be the only person with AVG 9 instances out there...
Dan, I have some AVG 9 endpoints as well. My reason is that we are migrating away from AVG to another AV product because of the last several years of frustration with KES. Since AVG 9 is still supported, it wouldn't make sense to upgrade to 2012 and then move to another product.
Regardless of the situation, if I told my customers something they paid me for was supported, didn't warn them about a problem, and then blamed them for using that product when the problem occured, they wouldn't be my customers for long.
Kaseya, Any update?
We would like to know if this is true or not as well.
I understand that these bugs are not blatantly obvious to devs. It's probably not very possible to work on real world machines day in and day out, so I am just trying to be helpful here. I don't know how you guys develop/test/troubleshoot Kaseya, so my findings should be rather helpful because I deal with a large # of endpoints, therefore I will have typically more quirks or findings than most. You could have test VM's or a lab or something, but there's so many variables in our worlds. I only hope that you take my thoughts and appreciate the troubleshooting time that I potentially saved you. I do not have a badge in my signature, but I've worked with the product for 5 years now.
I can definitely believe that upgrading from AVG9 to 2012 is worthwhile and should be a higher priority for me. I am only asking about this issue because I would have made it a much higher priority, had I known that version 9 was going to stop working on its own. I probably have more machines that need to be upgraded to AVG 2012 than some MSP's have in total. When you say "oh you should just upgrade to the latest version", you are not realizing that something as simple as this is a monster task for me. As VSA's, it is beneficial that we stick together and post our findings in the community forums. This has been the most helpful place for me to research many issues I've had over the years.
I'm also running into issues where I schedule upgrades, the machines do not upgrade, and instead show AVG9 was newly installed. When I try to schedule the upgrade again, the dialog box says an upgrade is already in progress and I am unable to click the upgrade button. I had a ticket for this issue previously and I've since reopened the ticket. I can set an upgrade to immediately run and it works fine, but the scheduling has been a waste of effort. :[