KAV6 close program, KAV6 close program unexpectedly Options

[Marcus Leal]

Hi all,

I hope you can help me!

So... here, at my work, we use the KAV6 (KBSS), and since we installed it on all machines through Administration Kit deployment the problems started.

Before KAV we had used the Symantec solution for medium businesses.

Well, actually our problem is a program that close unexpectedly without any trace log to analize.
We tested the program on a machine without KAV and the program runs normaly. But when the KAV is installed the program start to be killed.
So, after, I created a group to host all machines with that killed program and disable the ProActive Defense. The problem persisted. I made this because the messages logged in the Administration Kit.

We suspect that is a program problem executing a forbidden instruction to KAV.
I would like to find a way to trace or debug this problem so I can justify the program problem. I alread tried the verbose log but it didn't help.

Thks in advance.

Marcus Leal

[phr3n1c]

Could you please specify the exact version of KAV and the name of that software which is closed?

[dawinci]

Hi all,

I hope you can help me!

So... here, at my work, we use the KAV6 (KBSS), and since we installed it on all machines through Administration Kit deployment the problems started.

Before KAV we had used the Symantec solution for medium businesses.

Well, actually our problem is a program that close unexpectedly without any trace log to analize.
We tested the program on a machine without KAV and the program runs normaly. But when the KAV is installed the program start to be killed.
So, after, I created a group to host all machines with that killed program and disable the ProActive Defense. The problem persisted. I made this because the messages logged in the Administration Kit.

We suspect that is a program problem executing a forbidden instruction to KAV.
I would like to find a way to trace or debug this problem so I can justify the program problem. I alread tried the verbose log but it didn't help.

Thks in advance.

Marcus Leal

Traces can be done via Kavlog. Also please provide actual sysinfo.

Please specify as requested by phr3nic what program you are talking about.

[Marcus Leal]

Traces can be done via Kavlog. Also please provide actual sysinfo.

Please specify as requested by phr3nic what program you are talking about.

Hi dawinci and phr3nic!

Sorry my mistake!

I attached the sysinfo from one problematic computer. If you need I can get others.

The KAV version we're using is:
Product version: 6.0.3.837
Product hotfix: c.d.e.f.g.h.i
Latest signature: 04/30/2009 04:39:11
Signature numbers: 2110379

I already started kavlog to trace in notify level (500).

I talked to user, right now, and he told me that yesterday he hadn't any problem. This is awful because I don't know what is the action that trigger the problem.

Thks in advance.

Marcus Leal.

Attached File(s)

 sysinfo_clali.zip ( 157.11K ) Number of downloads: 5

 

[Marcus Leal]

Sorry.

Only completing the answer.
The software we had problem is an Human resource management system sold by TOTVS S/A. More specifically the "RM Labore" and "RM Chronus" modules from this system.
Srs. please, forgive me my english.

Thks.
Marcus Leal

Hi dawinci and phr3nic!

Sorry my mistake!

I attached the sysinfo from one problematic computer. If you need I can get others.

The KAV version we're using is:
Product version: 6.0.3.837
Product hotfix: c.d.e.f.g.h.i
Latest signature: 04/30/2009 04:39:11
Signature numbers: 2110379

I already started kavlog to trace in notify level (500).

I talked to user, right now, and he told me that yesterday he hadn't any problem. This is awful because I don't know what is the action that trigger the problem.

Thks in advance.

Marcus Leal.

[Marcus Leal]

Hi all,

As sugested, I turn on the KAV trace utility with Notify(500) level.
I took the answer because I had to wait for the problem happens again.
Then it happened, and according to the logs, I could not clearly identify what may have occurred.
I would be grateful if someone can help find the cause.
Log attached.

Regards,
Marcus Leal

Attached File(s)

 rmchronus_20090508.zip ( 12.26K ) Number of downloads: 3

 

[Olesya Golubkova]

Hi all,

As sugested, I turn on the KAV trace utility with Notify(500) level.
I took the answer because I had to wait for the problem happens again.
Then it happened, and according to the logs, I could not clearly identify what may have occurred.
I would be grateful if someone can help find the cause.
Log attached.

Regards,
Marcus Leal

Hello.

Unfortunately I don't know the reason of this behavior.
But please try to make the following steps:
1. Disable Self-Defense of Kaspersky product (open KAV - Service tab - Settings - switch off the option "Enable Self-Defense" - Apply - OK.
2. Enable the option "Compatibility mode for programs using self-protection methods" - Apply - OK - restart computer.
3. Run your programs.

Inform about result. Thanks.

[gcarey]

We are experiencing the same issues for 2 months now:
Ref this thread:
http://forum.kaspersky.com/index.php?showt...mp;#entry976754

This post has been edited by gcarey: 15.05.2009 16:53

[Marcus Leal]

Hey Olesya,

Thanks for your tip.
I applied it through the Administration Kit.
I need to wait, at least two weeks, to make sure the problem stopped.
But I'm really curious why this is happening.

Hello gcarey,
I read your thread.
I will try the Olesya tips before.
Thank you very much for our information.

Regards.

[Marcus Leal]

Hi staff,

Unfortunately the Olesya solution didn't solve the problem.

I waited a long time to see if the program really close with Kaspersky enable and I confirmed this.

So I don't have any other idea to what to do.

I attached the log file from the time when the program were closed.

Do you have any sugestion?

I appreciate very much your help.

Thanks in advance.
Marcus Leal

Attached File(s)

 AVP.6.851_06.04_09.10_134.txt ( 103.36K ) Number of downloads: 7

 

[Tybilly]

Hello,

This error is displayed several times in the log :

Code

CreateFile failed (0x00000002) - "\\?\C:\CorporeRM\RMChronus\Del2.MB"

You can try to add a new exclusion rule to prevent all files stored in this folder from being scanned, by all protection components. Or you can exclude all files having the extension *.MB which seems to belong to the software your are using.

[Marcus Leal]

Hello Tybilly,

Sorry for the delay to answer.

The software developer company answer us telling that we should compact the executable "RMLabore.EXE" with the ASPACK or UPX programs and execute the RMLabore normally. So, with this, the problem will finish.

We did this but can't confirme if it will work. We will wait 1 month, more or less, to validated this information.

Anyway, thanks for your tip. I'll try it if the above doesn't work.


Thanks.