KAVFSWP.EXE pegging system and crashing Options

[buckZor]

All of our KAV WSEE v6 MP2 installs are freaking out this morning. KAVFSWP.exe process is pegging the processor, then crashing out, then relaunching to do it all over again. Was on hold for KAV support for almost 20 minutes, they are aware of the problem its apparently with a bad App Definitions Database update. They had me STOP real-time protection, disable Application Database Update via the Schedule tab on properties, then run the Database Update Rollback task, which brings the Database State (in Statitistics) to:

Database release date: 12/30/2009 7:31:55AM (UTC)
Databases records count: 3415713

Once the Database is to that release, you can then resume Real-time, but they instructed me to not resume any Database updates until they call me back. They took my contact information. I have just finished making the rounds on my 25 installs. Ugh. This stinks.

They are apparently receiving many calls on this issue this morning. Enjoy!

[grafikal]

Same issue here...What a nightmare!

Thanks for passing on the instructions.

[MrRAlan]

Same issue here...What a nightmare!

Thanks for passing on the instructions.

I'm having trouple getting into the console to stop real-time protection. It just freezes up.

Some machines also error out during the rollback saying "database backup not found".

This post has been edited by MrRAlan: 31.12.2009 00:04

[Syn]

You can stop it in services.msc (Kaspersky Antivirus and Kaspersky Script Interceptor)
This will kill off the kavfswp.exe processes.

This is only affecting

6.0.2.555 CF7
6.0.2.555 CF11
6.0.2.555 CF7 + CF11
6.0.2.555 No CFs
6.0.2.551 all CFs

[MrRAlan]

You can stop it in services.msc (Kaspersky Antivirus and Kaspersky Script Interceptor)
This will kill off the kavfswp.exe processes.

This is only affecting

6.0.2.555 CF7
6.0.2.555 CF11
6.0.2.555 CF7 + CF11
6.0.2.555 No CFs
6.0.2.551 all CFs

But then you can't rollback the update.

[Syn]

This is in the event rollback tasks do not bring your updates back far enough to mitigate the problem

[ixtab]

When I try to rollback it comes back with completed with an error (and obviously does not roll back...), only option is to disable the antivirus and hope and pray that our users won't fill the servers with viruses until Kaspersky Lab sends us a fix :-(

This is really bad...

[MrRAlan]

When I try to rollback it comes back with completed with an error (and obviously does not roll back...), only option is to disable the antivirus and hope and pray that our users won't fill the servers with viruses until Kaspersky Lab sends us a fix :-(

This is really bad...

Could someone from Kaspersky comment on this??????

[foxbat77]

All of our KAV WSEE v6 MP2 installs are freaking out this morning. KAVFSWP.exe process is pegging the processor, then crashing out, then relaunching to do it all over again. Was on hold for KAV support for almost 20 minutes, they are aware of the problem its apparently with a bad App Definitions Database update. They had me STOP real-time protection, disable Application Database Update via the Schedule tab on properties, then run the Database Update Rollback task, which brings the Database State (in Statitistics) to:

Database release date: 12/30/2009 7:31:55AM (UTC)
Databases records count: 3415713

Once the Database is to that release, you can then resume Real-time, but they instructed me to not resume any Database updates until they call me back. They took my contact information. I have just finished making the rounds on my 25 installs. Ugh. This stinks.

They are apparently receiving many calls on this issue this morning. Enjoy!

Same here. Can't Roll Back. Real-Time protection must stay off for now until a fix is found.

[adamrippon]

Same for me to here. 43 servers effected with this issue. I am hoping a fix is super fast.

[grafikal]

Same here. Can't Roll Back. Real-Time protection must stay off for now until a fix is found.

Yup couldn't roll back far enough. The initial rollback worked after stopping the real-time file protection, however it did not roll back far enough. I hope they are working on this as we speak.

[robertp223]

Same issue here, My network just started crashing and I am currently on freefall from Kaspersky HELL!!

[Daniel Gwozdz]

It's a shame there's no official voice in this thread.

It seems like the solution for those of us stranded at the moment would be to repackage the 7am database and push it out again with new dates. That would get us all to a point where we could update to the new-old data and reactivate our realtime until a proper resolution can be found.

[Jimmbo]

Same here brought my network and servers to a crawl, wouldn’t even allow me to connect to 2 of them all together. Took almost 2 hours to get find out the culprit and get production back online. Where is Kaspersky response…….

[Nerdcentric]

We are seeing the issue as well across all of our EE clients. For me disabling the Real-time File Protection task in the policy for the systems did not correct the issue. Even though the systems showed as enforced (having the policy update) the CPU utilization continued to peg. So after disabling the Real-Time File Protection I used the following script (requires PSTools) to restart the network agent and AV on each station.

restartKaspProcs.cmd

psservice \\%1 -u AdminUName -p AdminPwd restart klnagent
psservice \\%1 -u AdminUName -p AdminPwd restart kavfs
timeout 15
pslist \\%1 -s 15 kavfswp

Once you copy the above into a "restartKaspProcs.cmd" file you can run it against a server using "restartKaspProcs ServerHostName". Be sure to update the admin username and password to something valid. Also, the first time you run PSTools it will prompt you to except a EULA, be sure to click ok.

Hope this helps someone out there... This has been quite the mess on our network.

[beaumoi]

Any word on this from Kaspersky besides stopping teh process? Their phone lines and live chat appear to be tied up

[Duderino]

Any word on this from Kaspersky besides stopping teh process? Their phone lines and live chat appear to be tied up :)

I got through to support in USA. Best thing to do if you can't rollback whilst still being protected is to do the following:

1) Disable the update schedule for the affected server in Tasks - Application database update
2) Stop AV, AV Script, and Network Agent in Services.
3) Move today's database files to another folder. Go to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current. Create new folder called Bad_301209. Move all files in current with 301209 date to this new folder. On Windows 2008 this folder is located in C:\ProgramData\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current.
4) Restart services.
5) CPU usage should be back to normal after startup.

It's worked for me after trying everything else.

[Digian]

Our enterprise terminal servers have been really slow today but we didnt notice this so called cpu spike, we had symptoms of apps freezing though, we disabled KAV and it certainly fixed our problems, im glad its new years eve fast approaching here in australia so most of our users have already logged off !

This post has been edited by Digian: 31.12.2009 07:13

[goolb78]

It is really "morning"mare for us as we are in UTC+8 time zone,when we just go work as usual, a lot of users complaint about server performance issue and it tooks us to fire-fighting to solve this issue for 4-5hours to manually update the old definition to each server.

I hope the KAV antivirus team can do very thorough test before distribute any updates as it really affected our IT Administrator workload when we have to solve for the mission critical servers such as SQL server issue in a very urgent manner.

I hope KAV team will take serious on this issue and don't let it happen again in future.

This post has been edited by goolb78: 31.12.2009 09:44

[Olesya Golubkova]

Hello!
Kaspersky Lab confirms that there was an error with updates (as of 30.12.09).
We express our deepest apologies for the committed error.
The problem has been solved.
You should run an update task in order to solve the problem.