So we've recently started cracking down on monitoring at my place and a couple time a day we'll get one of these Protection Disabled ALARMs. I check in Kaseya's security tab for the machine that threw it, and I can never seem to find anything that needs to be fixed. I guess what I'm trying to ask is, when I get one of these alarms, what am I supposed to do? I guess I should check to see if AVG really is disabled, but I don't even really know how to do that.
Here's the full text of the ticket that the alarm produces, if that's at all helpful:
Security Generated Protection Disabled ALARM at 9/8/2010 12:14:21 PM
onpas-or.root.paservices Alarm Set: Workstations Alarm Type: Protection
DisabledAlarm Specific Message: None Alarm Time: 9/8/2010 12:14:21 PM Ticket
Id: Noticket assigned Security Generated Protection Disabled ALARM at
9/21/20108:04:56 AM on pas-or.root.paservices Alarm Set: Workstations Alarm
Type:Protection Disabled Alarm Specific Message: None Alarm Time: 9/21/2010
8:04:56AM Ticket Id: No ticket assigned
I would check to see if the timing of this relates to any updates. When KES does an update it will sometimes show protection disabled until the machine is rebooted even though the protection is still running.
Go to the client and in the c:\program files\avg\bin directory run avgui.exe to check it manually.
I've suspected for awhile it was related to AVG updating itself. What I'd like to know is if there's a way to change the change the alert trigger .. for example, AVG has been disabled for X minutes. For the most part it appears to be update related but I suspect we might have few who have tried to disable it. Also the clients would feel better to know that if it's really disabled they don't need to panic because we'll know.