IPB

Welcome Guest ( Log In | Register )

6 Pages V   1 2 3 > »   
Reply to this topicStart new topic
> Problems with Patch C, Cannot fully correct Kaspersky issues on network
rgcowie4D
post 10.02.2013 03:32
Post #1


Member
**

Group: Members
Posts: 45
Joined: 5.01.2012





Trying to get network corrected after patch B. Tried to install patch C with the following results:

1. For clients that had the "protection is off with no user logged in" behavior from patch B, I cannot deploy patch C unless a user is logged in. Have to address each client machine individually or wait until business hours when users are logged in.

2. For clients that had more serious issues from patch B (slowdown, hang, components unable to start), installation of patch C hangs and does not complete, even through several attempts and reboots. KES reports "Application privelege malfunction". I updated the KES installation package in KSC then did a Modify/Repair install of KES using that package. This successfully re-installs KES with patch A & B, but not C. Then allowed it to update from KSC, after which it still does not have patch C. Then allowed to update from Kaspersky Lab servers, still no patch C. Then logged off and confirmed that patch B problems remain. Then tried pushing an update task from KSC. Still no patch C.

Reviewing all computers on the network, it appears that deployment of patch C from KSC is random. Some clients receive it and some do not. I saw this also with patch B, the roll-out was not uniform.

I verified that KSC did receive the patch C from Kaspersky, it is present in the repository, and did deploy to some computers. Also verified that settings are to allow application module updates. Again this worked with some clients.

So now I have a partially corrected network, but still about a third of the clients with problems and no patch C. The debacle continues.

Kaspersky, the ball is in your court again. Solutions?



Go to the top of the page
 
+Quote Post
rgcowie4D
post 10.02.2013 05:42
Post #2


Member
**

Group: Members
Posts: 45
Joined: 5.01.2012




FYI, I no longer believe that the installed version and patch status reported by Kaspersky is correct in the short term, for either the "About" feature of KES, or in the KSC software version report. Possibly there is a significant time lag before the true version & patch are reported.

I now have 13 clients that show patch A only, but in the last 4 hours as I applied updates, have begun to exhibit the behavior of patch B (protection off until user logged in). I also have several which report patch A & B, but now exhibit the repaired behavior of patch C (no loss of protection on log-out).

It seems as though patch B is being pushed out ahead of patch C, for those clients that did not already receive it before I began working on things today.

About 70% now show patch A, B, & C. So I'm going to leave it overnight and check the status in the morning.
Go to the top of the page
 
+Quote Post
SmackIT
post 10.02.2013 09:02
Post #3


Advanced Member II
****

Group: Members
Posts: 256
Joined: 11.10.2012




QUOTE(rgcowie4D @ 10.02.2013 04:32) *
Trying to get network corrected after patch B. Tried to install patch C with the following results:

1. For clients that had the "protection is off with no user logged in" behavior from patch B, I cannot deploy patch C unless a user is logged in. Have to address each client machine individually or wait until business hours when users are logged in.

2. For clients that had more serious issues from patch B (slowdown, hang, components unable to start), installation of patch C hangs and does not complete, even through several attempts and reboots. KES reports "Application privelege malfunction". I updated the KES installation package in KSC then did a Modify/Repair install of KES using that package. This successfully re-installs KES with patch A & B, but not C. Then allowed it to update from KSC, after which it still does not have patch C. Then allowed to update from Kaspersky Lab servers, still no patch C. Then logged off and confirmed that patch B problems remain. Then tried pushing an update task from KSC. Still no patch C.

Reviewing all computers on the network, it appears that deployment of patch C from KSC is random. Some clients receive it and some do not. I saw this also with patch B, the roll-out was not uniform.

I verified that KSC did receive the patch C from Kaspersky, it is present in the repository, and did deploy to some computers. Also verified that settings are to allow application module updates. Again this worked with some clients.

So now I have a partially corrected network, but still about a third of the clients with problems and no patch C. The debacle continues.

Kaspersky, the ball is in your court again. Solutions?


You do know that after a patch deployment you need to restart the endpoints to make it effective?
Go to the top of the page
 
+Quote Post
george.h
post 10.02.2013 14:07
Post #4


Advanced Member I
***

Group: Members
Posts: 104
Joined: 16.09.2011




QUOTE(SmackIT @ 10.02.2013 06:02) *
You do know that after a patch deployment you need to restart the endpoints to make it effective?


How about Kaspersky get off their backsides and provide an executable that we can force to install remotely on machines without having to depend on machines which are alrady crippled by their useless update to use their crappy crippled software to fix itself?
Go to the top of the page
 
+Quote Post
SmackIT
post 10.02.2013 15:48
Post #5


Advanced Member II
****

Group: Members
Posts: 256
Joined: 11.10.2012




QUOTE(george.h @ 10.02.2013 15:07) *
How about Kaspersky get off their backsides and provide an executable that we can force to install remotely on machines without having to depend on machines which are alrady crippled by their useless update to use their crappy crippled software to fix itself?


If the machines are crippled then how would you be able to install an executable on them? I don't think updating from KSC or KL Update Servers directly or installing an executable to make your life easy is any different.

Have you tried updating with a safe-boot?
Go to the top of the page
 
+Quote Post
george.h
post 10.02.2013 16:29
Post #6


Advanced Member I
***

Group: Members
Posts: 104
Joined: 16.09.2011




QUOTE(SmackIT @ 10.02.2013 12:48) *
If the machines are crippled then how would you be able to install an executable on them? I don't think updating from KSC or KL Update Servers directly or installing an executable to make your life easy is any different.

Have you tried updating with a safe-boot?


We still have some connectivity - but not much. Can't do a safe-boot as they are on a remote site with no-one there at the moment. Can't even get them to do a remote shutdown/restart.

I've also tried logging on to several machines remotely so that KSC sees KES as running. Then forced an update (after forcing an update 40 or so mins ago of the repositories and checking Patch C is in there), checked in the RDP session that a reboot is required and done one (and watched to check it was running shutdown scripts).

I've then logged back on remotely (after the reboot), this is to check on the machine that KES *IS* running and the update applied, then logged off again. Lo and behold, KSC *STILL* thinks protection is off or KES isn't running (some machiens have one sympton, some the other and it can change after a reboot from one sympton to the other).

So, either Patch C is not being applied or just plain doesn't work properly.

And for good measuere, KSC only reports a single machine has having patch C - and that seemed to happen (as it is supposed to) automatically.

Basically all I can caonclue are Kaspersky or making a dog's dinner of this and the lack of communication from them says they don't give a flying ****.

The one *good* point for me is that I'm not one of the poor buggers that has 1000's of machines affected by this - we only have a handful of PCs and almost all have been hit by this crap.
Go to the top of the page
 
+Quote Post
rgcowie4D
post 10.02.2013 18:10
Post #7


Member
**

Group: Members
Posts: 45
Joined: 5.01.2012





This morning I found that 2 more of the clients have their versions reporting patch C.

I also have at least 1 client that reports patch C but still has the behavior of patch B.

For now my strategy is:

1. Remote login to client with patch B behavior (allows Kaspersky to start).

2. Allow update to run along with any scans that have been deferred while off-line.

3. After idle period, run update manually again.

4. Disconnect remote session from client (leave user logged-in so Kaspersky will run).

5. After cycling through all problem machines this way, issue master reboot command from KSC.

6. Go to step 1 and repeat until no clients show patch B behavior.

This does seem to work over time and multiple cycles. But it's a major PITA. At least I can do some other stuff while waiting.

The number of cycles required seems to vary. Some clients worked after the first cycle, some are up to 5 or more cycles with no improvement..
My guess is this process might occur anyway over the course of several days, without my intervention. But I need to know things will function on Monday morning.

I've also had 1 more client develop the full-blown symptoms of patch B during this process (fail to launch, hang and error messages), and had to re-install Kaspersky to recover. Had to do that on 5% of machines so far.
Go to the top of the page
 
+Quote Post
Don Pelotas
post 10.02.2013 23:57
Post #8


Global Moderator
****************

Group: Global moderators

Posts: 28845
Joined: 7.04.2005




One rant removed.


--------------------
Go to the top of the page
 
+Quote Post
george.h
post 11.02.2013 11:43
Post #9


Advanced Member I
***

Group: Members
Posts: 104
Joined: 16.09.2011




Finally seem to be making some progress.

Now down to 3 machines which are totally crippled and the rest now up to date with Patch C and (so far!) behaving normally. However, when you consider that I'm only looking at 9 machines in total that is a pretty awful statistic! All of them were hit with the problem and 1/3 crippled by it to the point they need physically touching to fix.

The process was also damned painful. The only way I found to reliably force Patch C out was to update the install package for KES 831 to ensure it had the patch in it, then re-install on every damned machine. Then of course, despite KSC reporting each had a valid license key file, I had to re-install that as well.... Done remotely that took all of Sunday. Thanks Kaspersky mad.gif mad.gif mad.gif

Whatever Kaspersky say, there seems to be no logic to the way application module updates (i.e. "patches") are deployed. They seem to get pushed out as and when it feels like it.

God help you guys with 1,000's of machines to fix!

Only six more months of license left then good riddence to this rubbish.

Go to the top of the page
 
+Quote Post
george.h
post 11.02.2013 12:46
Post #10


Advanced Member I
***

Group: Members
Posts: 104
Joined: 16.09.2011




QUOTE(george.h @ 11.02.2013 08:43) *
Finally seem to be making some progress.


mad.gif Spoke too soon. All of the machines which had been ok first of all almost simultaneously logged an "License Agreement Violated" event and disabled the protection. Re-install the license key (again!) and they returned to "green" status. Just checked (50 mins later) and they are all showing "Protection Off" AGAIN!!!!! This time no events logged to explain why.

So - problem STILL not fixed! What next Kaspersky? And don't say log a ticket because you won't deal with UK support, just direct me to Wick Hill who are just as bad. I logged a ticket with them over the remote deployment stopping at 51%, had one phone call to the effect of "don't know" then heard nothing more from them. Utter waste of time.
Go to the top of the page
 
+Quote Post
rgcowie4D
post 11.02.2013 14:09
Post #11


Member
**

Group: Members
Posts: 45
Joined: 5.01.2012




George, I agree with you that the Kaspersky update process is mysterious at best. It does always seem to work eventually, but for an admin, eventually can be painful. I consider this to be a weakness of Kaspersky. If the problem is not serious, I let it work itself out and accept that I can't control it. In the case of patch B, though, I had to know that the problem was fixed.

So after a weekend spent working on around 100 machines, I'm down to 3 now that have patch C but still exhibit patch B behavior, and about 8 that still do not show patch C, but do not exhibit patch B behavior either. Perhaps that is still to come. I trust the behavior as a more reliable indicator than the reported patch status. KSC did roll out patch B ahead of patch C, so the patch B problem spread throughout the network as I tried to correct things. That was disconcerting but as it was the weekend, no users and no complaints.

Each update-and-wait-and-reboot cycle gets me farther along. As I mentioned, I could just leave it alone and let this happen naturally. I believe that it would self-resolve in time, but I would rather not risk the more crippling issues of patch B (beyond loss of protection with no user).

I did get several database corrupt/invalid license errors along the way, but a manual update from KES fixed those. Also my crippled machine rate (requiring re-install of KES) after patch B has been steady at about 5%.

I hope that as Kaspersky tech support reviews this forum, they realize the time and money that have been consumed by what was essentially lack of quality control on their part. I'm sure that it's been very significant around the world, probably a multi-million dollar event. Can't have very many of those without alienating customers. I came to Kaspersky after the equivalent Bitdefender product pushed an update that knocked down our servers. This wasn't quite as bad, but close.
Go to the top of the page
 
+Quote Post
george.h
post 11.02.2013 14:49
Post #12


Advanced Member I
***

Group: Members
Posts: 104
Joined: 16.09.2011




I know what you mean about the invalid key file and data base corrupt issue AFTER pushing out Patch C - even had that on our Admin server.

So far ALL of our supposedly "fixed" PCs are still exhibiting the "Protect Off" if a user is not logged on.

Not had pro blems this bad since McAfee did something simlar when I worked for RBS IT (while RBS still had a UK IT dept and before the sh*t hit the fan and they always folded). McAfee lost them as a cumstomer along with their 100,000+ machines.
Go to the top of the page
 
+Quote Post
Mikhail Kolobash...
post 11.02.2013 15:33
Post #13


Web services support engineer
*******

Group: KL Russia
Posts: 1010
Joined: 21.12.2009
From: Москва




Hello
Please

1. Create a ticket to the technical support.
2. Post the number of the ticket in this thread.

3. If possible collect the full memory dump.

http://support.kaspersky.com/490
http://support.kaspersky.com/1771

4. Let us know in this thread if you can provide us with the remote session.

Thank you.
Go to the top of the page
 
+Quote Post
ENTI911
post 11.02.2013 15:36
Post #14


Member
**

Group: Members
Posts: 16
Joined: 8.02.2013




QUOTE(rgcowie4D @ 11.02.2013 10:09) *
I hope that as Kaspersky tech support reviews this forum, they realize the time and money that have been consumed by what was essentially lack of quality control on their part. I'm sure that it's been very significant around the world, probably a multi-million dollar event. Can't have very many of those without alienating customers. I came to Kaspersky after the equivalent Bitdefender product pushed an update that knocked down our servers. This wasn't quite as bad, but close.


Well said Firday and this morning due to patch C over the weekend has given me greif i still have a few machines shutting down awaiting for the patch to be installed.

b_punk.gif Some one should get sacked for releasing that patch B dash1.gif
Go to the top of the page
 
+Quote Post
Testeur09
post 11.02.2013 16:15
Post #15


Advanced Member IV
******

Group: Members
Posts: 713
Joined: 14.10.2009




Oh yeah it's totally Kaspersky's fault if you do not test updates before applying them :/
Go to the top of the page
 
+Quote Post
ENTI911
post 11.02.2013 16:48
Post #16


Member
**

Group: Members
Posts: 16
Joined: 8.02.2013




QUOTE(Testeur09 @ 11.02.2013 12:15) *
Oh yeah it's totally Kaspersky's fault if you do not test updates before applying them :/



AUTO UPDATE KES recommends to be set to AUTO UPDATE!!!!!!!!
Go to the top of the page
 
+Quote Post
Testeur09
post 11.02.2013 16:59
Post #17


Advanced Member IV
******

Group: Members
Posts: 713
Joined: 14.10.2009




So what ? It does not prevent you to test them before deploying them into production.
Don't you do the same with other editors, like Microsoft ? mellow.gif

Go to the top of the page
 
+Quote Post
jmort84
post 11.02.2013 17:54
Post #18


Member
**

Group: Members
Posts: 20
Joined: 3.01.2013




How do you create a new installation package with all patches (a, b, c) in the KSC?

Thanks for any help you can provide.
Go to the top of the page
 
+Quote Post
phileddies
post 11.02.2013 18:35
Post #19


Newbie
*

Group: Members
Posts: 9
Joined: 9.11.2012




Patch b has caused me so many issues with xp machines not loading explorer.exe, running slow and locking up, I have had to manually go into safe mode on each computer run the kaspersky removal tool reboot and reinstall kaspersky and then install patch c. Not my idea of a fun weekend! mad.gif

I have remote laptoop users have not been able to work.

Anyway my question is, are the patches cumulative, does the client need a,b anc c installed or is just installing c enough?


This post has been edited by phileddies: 11.02.2013 18:44
Go to the top of the page
 
+Quote Post
Testeur09
post 11.02.2013 18:45
Post #20


Advanced Member IV
******

Group: Members
Posts: 713
Joined: 14.10.2009




Patches are NOT cumulative. Installing c is NOT enough.

I suggest you recreate aninstallation package with a and b patches then deploy patch c through KSC update tasks
Go to the top of the page
 
+Quote Post

6 Pages V   1 2 3 > » 
Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 1.08.2014 15:50