Kaseya Community

Current Available Version: 270.12.1/2071 machines update to 270.11.59/2063

  • I am noticing for the last couple of days that in KES Manual Update tab it indicates that the Current Available Version: is 270.12.1/2071 yet when I run the manual update - the machines update successfully but to version 270.11.59/2063. At first I thought that the servers hosting the file share might need to be updated first, but they update "successfully" to the old version as well. Oddly, a few seemingly random workstations report that they are at the new version. Some of these update from the KSERVER, but some update from servers that themselves are on the old version after a forced update?!?. Is anyone else seeing this?

    Legacy Forum Name: Current Available Version: 270.12.1/2071 machines update to 270.11.59/2063,
    Legacy Posted By Username: SlipKid21
  • Have figured this out. We use sonicwall firewalls and the IPS has arbitrarily decided to start blocking avg updates.

    From Sonicwall:

    [INDENT]AVG -- Update

    Category: APP-UPDATE

    AVG is an umbrella term for a range of anti-virus and internet security software for the Microsoft Windows, Linux, and FreeBSD computing platforms, developed by AVG Technologies, a privately held Czech company formerly known as Grisoft.
    This SonicWALL signature identifies legitimate AVG Update traffic. The primary purpose of this signature is for bandwidth management when used in the Application Firewall feature.[/INDENT]

    Translation: The primary purpose of this signature is to irritate the living $&*@ out of everyone using our product!

    Legacy Forum Name: KES,
    Legacy Posted By Username: SlipKid21
  • We use SonicWALL appliances a lot. We are just now evaluating KES, so this has me very curious.

    Which SonicWALL appliance were you using? Standard OS? or Enhanced OS? We haev a lot of TZ 170, 180, 190 appliances, and some 2040's.

    Lloyd

    Legacy Forum Name: KES,
    Legacy Posted By Username: lwolf
  • Actually I've seen this issue in the newer Gen 4 Sonicwalls (the ones that do deep packet inspection at the application layer) when an admin has gone a little crazy with tweeking it. By chance, is the sonicwalls with this problem Gen 4 (NSA series, TZ210, etc...)?

    Legacy Forum Name: KES,
    Legacy Posted By Username: boudj
  • These are all just TZ-170's w/ Standard OS. I have IPS turned on for the defaults - low, medium, and high risk categories. I am considering just allowing anything categorized as low risk, because over the past few months these sonicwalls have been tightening their policies - one day adobeflash is OK the next day it's blocked and I get a phone call and have to manually re-open it. There are quite alot of things that are categorized low risk - so I have in the past preferred to only open the few things the customers need. I am highly ticked though, that they would start blocking virus updates. I mean - I understand they want to categorize it to manage the bandwidth - just set the defaults on it to "allowed". I would think they wouldn't want to risk being sued. I have sent them a rant to that effect, and I was serious when I told them that if this keeps up - we may need to re-evaluate sonicwall as a vendor.

    Just my $.02.

    Legacy Forum Name: KES,
    Legacy Posted By Username: SlipKid21
  • lwolf - how do you handle these? Do you allow all "low" risk signatures, or certain categories, or do you manage by exception?

    Thanks - Mike

    Legacy Forum Name: KES,
    Legacy Posted By Username: SlipKid21
  • Mike,

    Yes, we allow "low" for IPS on SonicWALLs, and only block Medium and High. We do block Low, Med and High for AntiSpyware, withotu any issues.

    When we had originally blocked Low for IPS, as we had issues with RDP, VB Scripts, and some other items. Sad to say we took the "easy" way out back then, and instead of digging into the details and makign specific exceptions, we found that allowing "low" did the trick, and that become our standard procedure.

    Lloyd

    Legacy Forum Name: KES,
    Legacy Posted By Username: lwolf