This got us too, on an Exchange and DB server. Version 8.5.441, Update 271.../3039

Legacy Forum Name: KES,
Legacy Posted By Username: toolman5774

So my first question is, how does one prevent auto-updates? It's not like we have control over the scheduling thereof...

Legacy Forum Name: KES,
Legacy Posted By Username: GreyDuck

Manually pushing to all clients after vetting, i suppose. Maybe there's improvements in K2

Legacy Forum Name: KES,
Legacy Posted By Username: toolman5774

I, ah, "found" the super-seekirit system scripts interface and pushed the KES processing script out 'til Monday. I've also turned off realtime scanning for all profiles and removed weekly scan schedules 'til we hear that it's safe.

So far, only one machine has been hit badly that I know of. That's the good news.

The bad news? It's our in-house SQL server. *headdesk* So now that I've spent half an hour trying to prevent further problems, I get to remediate one of the most important servers in the company...

Legacy Forum Name: KES,
Legacy Posted By Username: GreyDuck

Yea, the bright spot for us is the only 2 machines affected: one of our biggest clients Exchange server and SQL server. Another wonderful note is that their backups have failed for 3 days now...

Legacy Forum Name: KES,
Legacy Posted By Username: toolman5774

Awesomesauce, man!

Oh, by the by: The "revert database to previous version" thing in the linked forum article? That doesn't seem to have much effect on a KES-managed machine. I ran that and got the same (bad) version again.

The good news is that AVG doesn't nuke its own GUI executable (that'll be their next trick, I suppose) so I was able to pull everything out of the Virus Vault... but I can't actually prevent it from happening again short of yanking AVG off entirely, right now.

Fun!

Legacy Forum Name: KES,
Legacy Posted By Username: GreyDuck

Yea, when using the rescue CD, we have nothing listed in the vault. do NOT restart your machines that are having this problem, AVG clears out the vault, and now we are running recovery of the OS.

Legacy Forum Name: KES,
Legacy Posted By Username: toolman5774

I should have checked the forums sooner.
this update took out two of my clients exchange servers.

Anyone have any good alternatives to AVG that can easily manage multiple customers?

Legacy Forum Name: KES,
Legacy Posted By Username: cbishop

cbishop

I should have checked the forums sooner.
this update took out two of my clients exchange servers.

Anyone have any good alternatives to AVG that can easily manage multiple customers?

I think Kaseya should begin vetting AVG's updates like patches so this doesn't happen. It may be AVG's fault, but its a relationship which Kaseya sells. All of our clients hold us responsible for the damage, Kaseya should be held accountable as well.

Legacy Forum Name: KES,
Legacy Posted By Username: toolman5774

toolman5774

Yea, when using the rescue CD, we have nothing listed in the vault. do NOT restart your machines that are having this problem, AVG clears out the vault, and now we are running recovery of the OS.

Building a new Exchange server this morning

Legacy Forum Name: KES,
Legacy Posted By Username: toolman5774

This hit one of our SBS clients and killed Exchange. I've got to say that I'm extremely unimpressed. They are running AVG 9, not 8.5, so it may be a bit more dangerous.

Legacy Forum Name: KES,
Legacy Posted By Username: alanuhe

I'm still waiting for the part where AVG sounds an "all-clear" so we can start updating endpoints and actually enabling scans again... Ahem.

Legacy Forum Name: KES,
Legacy Posted By Username: GreyDuck

GreyDuck

I'm still waiting for the part where AVG sounds an "all-clear" so we can start updating endpoints and actually enabling scans again... Ahem.

I too would really like to know the status of this issue. I can't finy anything updated on AVG's website.

We have not had any issues - so far, knock on wood, thank God, etc.

My AVG9 agents report as running 9.0.851 271.1.1/3045

My AVG8.5 agents report as running 8.5.441 271.1.1/3045

Does anyone know if these versions and virus defs are "safe" from the "AVG moving all EXE files to Vault" problem?

Lloyd

Legacy Forum Name: KES,
Legacy Posted By Username: lwolf

Same questions as LLoyd as we show

271.1.1/3045 - Majority of our Servers
271.1.1/3041 - One of our Servers

Need to know how to prevent we already have two black eyes with some of our client's

Please advise if there is a fix or if the fix is 3045 and higher now..

Legacy Forum Name: KES,
Legacy Posted By Username: itgurullc