IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> KAVFSWP.EXE pegging system and crashing
buckZor
post 30.12.2009 22:36
Post #1


Member
**

Group: Members
Posts: 25
Joined: 17.11.2005




All of our KAV WSEE v6 MP2 installs are freaking out this morning. KAVFSWP.exe process is pegging the processor, then crashing out, then relaunching to do it all over again. Was on hold for KAV support for almost 20 minutes, they are aware of the problem its apparently with a bad App Definitions Database update. They had me STOP real-time protection, disable Application Database Update via the Schedule tab on properties, then run the Database Update Rollback task, which brings the Database State (in Statitistics) to:

Database release date: 12/30/2009 7:31:55AM (UTC)
Databases records count: 3415713

Once the Database is to that release, you can then resume Real-time, but they instructed me to not resume any Database updates until they call me back. They took my contact information. I have just finished making the rounds on my 25 installs. Ugh. This stinks. mad.gif

They are apparently receiving many calls on this issue this morning. Enjoy!
Go to the top of the page
 
+Quote Post
grafikal
post 30.12.2009 23:31
Post #2


Member
**

Group: Members
Posts: 49
Joined: 25.07.2009




Same issue here...What a nightmare!

Thanks for passing on the instructions.
Go to the top of the page
 
+Quote Post
MrRAlan
post 30.12.2009 23:56
Post #3


Advanced Member II
****

Group: Members
Posts: 285
Joined: 28.05.2008




QUOTE(grafikal @ 30.12.2009 16:31) *
Same issue here...What a nightmare!

Thanks for passing on the instructions.

I'm having trouple getting into the console to stop real-time protection. It just freezes up.

Some machines also error out during the rollback saying "database backup not found".

This post has been edited by MrRAlan: 31.12.2009 00:04
Go to the top of the page
 
+Quote Post
Syn
post 31.12.2009 00:11
Post #4


Advanced Member I
***

Group: Members
Posts: 188
Joined: 7.08.2008
From: 1810




You can stop it in services.msc (Kaspersky Antivirus and Kaspersky Script Interceptor)
This will kill off the kavfswp.exe processes.

This is only affecting

6.0.2.555 CF7
6.0.2.555 CF11
6.0.2.555 CF7 + CF11
6.0.2.555 No CFs
6.0.2.551 all CFs


--------------------
KL-PSP
KL-DST LAN Windows
KL-DSP Windows
A+, Linux+, Net+, Sec+
(ICS)2 CISSP
MCP
Go to the top of the page
 
+Quote Post
MrRAlan
post 31.12.2009 00:16
Post #5


Advanced Member II
****

Group: Members
Posts: 285
Joined: 28.05.2008




QUOTE(Syn @ 30.12.2009 17:11) *
You can stop it in services.msc (Kaspersky Antivirus and Kaspersky Script Interceptor)
This will kill off the kavfswp.exe processes.

This is only affecting

6.0.2.555 CF7
6.0.2.555 CF11
6.0.2.555 CF7 + CF11
6.0.2.555 No CFs
6.0.2.551 all CFs

But then you can't rollback the update.
Go to the top of the page
 
+Quote Post
Syn
post 31.12.2009 00:26
Post #6


Advanced Member I
***

Group: Members
Posts: 188
Joined: 7.08.2008
From: 1810




This is in the event rollback tasks do not bring your updates back far enough to mitigate the problem


--------------------
KL-PSP
KL-DST LAN Windows
KL-DSP Windows
A+, Linux+, Net+, Sec+
(ICS)2 CISSP
MCP
Go to the top of the page
 
+Quote Post
ixtab
post 31.12.2009 00:26
Post #7


Newbie
*

Group: Members
Posts: 1
Joined: 13.08.2009




When I try to rollback it comes back with completed with an error (and obviously does not roll back...), only option is to disable the antivirus and hope and pray that our users won't fill the servers with viruses until Kaspersky Lab sends us a fix :-(

This is really bad...
Go to the top of the page
 
+Quote Post
MrRAlan
post 31.12.2009 00:39
Post #8


Advanced Member II
****

Group: Members
Posts: 285
Joined: 28.05.2008




QUOTE(ixtab @ 30.12.2009 17:26) *
When I try to rollback it comes back with completed with an error (and obviously does not roll back...), only option is to disable the antivirus and hope and pray that our users won't fill the servers with viruses until Kaspersky Lab sends us a fix :-(

This is really bad...


Could someone from Kaspersky comment on this??????
Go to the top of the page
 
+Quote Post
foxbat77
post 31.12.2009 00:53
Post #9


Newbie
*

Group: Members
Posts: 6
Joined: 21.12.2009




QUOTE(buckZor @ 30.12.2009 13:36) *
All of our KAV WSEE v6 MP2 installs are freaking out this morning. KAVFSWP.exe process is pegging the processor, then crashing out, then relaunching to do it all over again. Was on hold for KAV support for almost 20 minutes, they are aware of the problem its apparently with a bad App Definitions Database update. They had me STOP real-time protection, disable Application Database Update via the Schedule tab on properties, then run the Database Update Rollback task, which brings the Database State (in Statitistics) to:

Database release date: 12/30/2009 7:31:55AM (UTC)
Databases records count: 3415713

Once the Database is to that release, you can then resume Real-time, but they instructed me to not resume any Database updates until they call me back. They took my contact information. I have just finished making the rounds on my 25 installs. Ugh. This stinks. mad.gif

They are apparently receiving many calls on this issue this morning. Enjoy!



Same here. Can't Roll Back. Real-Time protection must stay off for now until a fix is found.
Go to the top of the page
 
+Quote Post
adamrippon
post 31.12.2009 00:59
Post #10


Member
**

Group: Members
Posts: 24
Joined: 13.02.2009




Same for me to here. 43 servers effected with this issue. I am hoping a fix is super fast.
Go to the top of the page
 
+Quote Post
grafikal
post 31.12.2009 01:01
Post #11


Member
**

Group: Members
Posts: 49
Joined: 25.07.2009




QUOTE(foxbat77 @ 30.12.2009 13:53) *
Same here. Can't Roll Back. Real-Time protection must stay off for now until a fix is found.



Yup couldn't roll back far enough. The initial rollback worked after stopping the real-time file protection, however it did not roll back far enough. I hope they are working on this as we speak.
Go to the top of the page
 
+Quote Post
robertp223
post 31.12.2009 01:02
Post #12


Member
**

Group: Members
Posts: 11
Joined: 6.09.2009
From: Washington DC




Same issue here, My network just started crashing and I am currently on freefall from Kaspersky HELL!!
Go to the top of the page
 
+Quote Post
Daniel Gwozdz
post 31.12.2009 01:12
Post #13


Newbie
*

Group: Members
Posts: 1
Joined: 31.12.2009




It's a shame there's no official voice in this thread.

It seems like the solution for those of us stranded at the moment would be to repackage the 7am database and push it out again with new dates. That would get us all to a point where we could update to the new-old data and reactivate our realtime until a proper resolution can be found.


--------------------
Daniel Gwozdz
Senior Field Support Technician
HowardCenter
Go to the top of the page
 
+Quote Post
Jimmbo
post 31.12.2009 01:25
Post #14


Newbie
*

Group: Members
Posts: 1
Joined: 1.12.2009




Same here brought my network and servers to a crawl, wouldn’t even allow me to connect to 2 of them all together. Took almost 2 hours to get find out the culprit and get production back online. Where is Kaspersky response…….
Go to the top of the page
 
+Quote Post
Nerdcentric
post 31.12.2009 01:40
Post #15


Newbie
*

Group: Members
Posts: 1
Joined: 31.12.2009




We are seeing the issue as well across all of our EE clients. For me disabling the Real-time File Protection task in the policy for the systems did not correct the issue. Even though the systems showed as enforced (having the policy update) the CPU utilization continued to peg. So after disabling the Real-Time File Protection I used the following script (requires PSTools) to restart the network agent and AV on each station.

restartKaspProcs.cmd
psservice \\%1 -u AdminUName -p AdminPwd restart klnagent
psservice \\%1 -u AdminUName -p AdminPwd restart kavfs
timeout 15
pslist \\%1 -s 15 kavfswp


Once you copy the above into a "restartKaspProcs.cmd" file you can run it against a server using "restartKaspProcs ServerHostName". Be sure to update the admin username and password to something valid. Also, the first time you run PSTools it will prompt you to except a EULA, be sure to click ok.

Hope this helps someone out there... This has been quite the mess on our network.

Go to the top of the page
 
+Quote Post
beaumoi
post 31.12.2009 02:25
Post #16


Newbie
*

Group: Members
Posts: 1
Joined: 8.10.2008




Any word on this from Kaspersky besides stopping teh process? Their phone lines and live chat appear to be tied up smile.gif
Go to the top of the page
 
+Quote Post
Duderino
post 31.12.2009 04:24
Post #17


Newbie
*

Group: Members
Posts: 2
Joined: 31.12.2009




QUOTE(beaumoi @ 30.12.2009 22:25) *
Any word on this from Kaspersky besides stopping teh process? Their phone lines and live chat appear to be tied up :)


I got through to support in USA. Best thing to do if you can't rollback whilst still being protected is to do the following:

1) Disable the update schedule for the affected server in Tasks - Application database update
2) Stop AV, AV Script, and Network Agent in Services.
3) Move today's database files to another folder. Go to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current. Create new folder called Bad_301209. Move all files in current with 301209 date to this new folder. On Windows 2008 this folder is located in C:\ProgramData\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current.
4) Restart services.
5) CPU usage should be back to normal after startup.

It's worked for me after trying everything else.
Go to the top of the page
 
+Quote Post
Digian
post 31.12.2009 07:09
Post #18


Member
**

Group: Members
Posts: 43
Joined: 23.06.2009




Our enterprise terminal servers have been really slow today but we didnt notice this so called cpu spike, we had symptoms of apps freezing though, we disabled KAV and it certainly fixed our problems, im glad its new years eve fast approaching here in australia so most of our users have already logged off !

This post has been edited by Digian: 31.12.2009 07:13
Go to the top of the page
 
+Quote Post
goolb78
post 31.12.2009 09:41
Post #19


Newbie
*

Group: Members
Posts: 5
Joined: 31.12.2009
From: Kuala Lumpur




It is really "morning"mare for us as we are in UTC+8 time zone,when we just go work as usual, a lot of users complaint about server performance issue and it tooks us to fire-fighting to solve this issue for 4-5hours to manually update the old definition to each server.

I hope the KAV antivirus team can do very thorough test before distribute any updates as it really affected our IT Administrator workload when we have to solve for the mission critical servers such as SQL server issue in a very urgent manner.

I hope KAV team will take serious on this issue and don't let it happen again in future.

This post has been edited by goolb78: 31.12.2009 09:44
Go to the top of the page
 
+Quote Post
Olesya Golubkova
post 31.12.2009 12:11
Post #20


Advanced Member I
***

Group: KL Russia
Posts: 195
Joined: 1.03.2006
From: Moscow, Russia




Hello!
Kaspersky Lab confirms that there was an error with updates (as of 30.12.09).
We express our deepest apologies for the committed error.
The problem has been solved.
You should run an update task in order to solve the problem.
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 23.10.2014 21:49