Hi all,
I hope you can help me!
So... here, at my work, we use the KAV6 (KBSS), and since we installed it on all machines through Administration Kit deployment the problems started.
Before KAV we had used the Symantec solution for medium businesses.
Well, actually our problem is a program that close unexpectedly without any trace log to analize.
We tested the program on a machine without KAV and the program runs normaly. But when the KAV is installed the program start to be killed.
So, after, I created a group to host all machines with that killed program and disable the ProActive Defense. The problem persisted. I made this because the messages logged in the Administration Kit.
We suspect that is a program problem executing a forbidden instruction to KAV.
I would like to find a way to trace or debug this problem so I can justify the program problem. I alread tried the verbose log but it didn't help.
Thks in advance.
Marcus Leal
Full Version: KAV6 close program
Could you please specify the exact version of KAV and the name of that software which is closed?
QUOTE(Marcus Leal @ 28.04.2009 17:04) 
Hi all,
I hope you can help me!
So... here, at my work, we use the KAV6 (KBSS), and since we installed it on all machines through Administration Kit deployment the problems started.
Before KAV we had used the Symantec solution for medium businesses.
Well, actually our problem is a program that close unexpectedly without any trace log to analize.
We tested the program on a machine without KAV and the program runs normaly. But when the KAV is installed the program start to be killed.
So, after, I created a group to host all machines with that killed program and disable the ProActive Defense. The problem persisted. I made this because the messages logged in the Administration Kit.
We suspect that is a program problem executing a forbidden instruction to KAV.
I would like to find a way to trace or debug this problem so I can justify the program problem. I alread tried the verbose log but it didn't help.
Thks in advance.
Marcus Leal
I hope you can help me!
So... here, at my work, we use the KAV6 (KBSS), and since we installed it on all machines through Administration Kit deployment the problems started.
Before KAV we had used the Symantec solution for medium businesses.
Well, actually our problem is a program that close unexpectedly without any trace log to analize.
We tested the program on a machine without KAV and the program runs normaly. But when the KAV is installed the program start to be killed.
So, after, I created a group to host all machines with that killed program and disable the ProActive Defense. The problem persisted. I made this because the messages logged in the Administration Kit.
We suspect that is a program problem executing a forbidden instruction to KAV.
I would like to find a way to trace or debug this problem so I can justify the program problem. I alread tried the verbose log but it didn't help.
Thks in advance.
Marcus Leal
Traces can be done via Kavlog. Also please provide actual sysinfo.
Please specify as requested by phr3nic what program you are talking about.
QUOTE(dawinci @ 29.04.2009 12:18)
Traces can be done via Kavlog. Also please provide actual sysinfo.
Please specify as requested by phr3nic what program you are talking about.
Please specify as requested by phr3nic what program you are talking about.
Hi dawinci and phr3nic!
Sorry my mistake!
I attached the sysinfo from one problematic computer. If you need I can get others.
The KAV version we're using is:
Product version: 6.0.3.837
Product hotfix: c.d.e.f.g.h.i
Latest signature: 04/30/2009 04:39:11
Signature numbers: 2110379
I already started kavlog to trace in notify level (500).
I talked to user, right now, and he told me that yesterday he hadn't any problem. This is awful because I don't know what is the action that trigger the problem.
Thks in advance.
Marcus Leal.
Sorry.
Only completing the answer.
The software we had problem is an Human resource management system sold by TOTVS S/A. More specifically the "RM Labore" and "RM Chronus" modules from this system.
Srs. please, forgive me my english.
Thks.
Marcus Leal
Only completing the answer.
The software we had problem is an Human resource management system sold by TOTVS S/A. More specifically the "RM Labore" and "RM Chronus" modules from this system.
Srs. please, forgive me my english.
Thks.
Marcus Leal
QUOTE(Marcus Leal @ 30.04.2009 15:37)
Hi dawinci and phr3nic!
Sorry my mistake!
I attached the sysinfo from one problematic computer. If you need I can get others.
The KAV version we're using is:
Product version: 6.0.3.837
Product hotfix: c.d.e.f.g.h.i
Latest signature: 04/30/2009 04:39:11
Signature numbers: 2110379
I already started kavlog to trace in notify level (500).
I talked to user, right now, and he told me that yesterday he hadn't any problem. This is awful because I don't know what is the action that trigger the problem.
Thks in advance.
Marcus Leal.
Sorry my mistake!
I attached the sysinfo from one problematic computer. If you need I can get others.
The KAV version we're using is:
Product version: 6.0.3.837
Product hotfix: c.d.e.f.g.h.i
Latest signature: 04/30/2009 04:39:11
Signature numbers: 2110379
I already started kavlog to trace in notify level (500).
I talked to user, right now, and he told me that yesterday he hadn't any problem. This is awful because I don't know what is the action that trigger the problem.
Thks in advance.
Marcus Leal.
Hi all,
As sugested, I turn on the KAV trace utility with Notify(500) level.
I took the answer because I had to wait for the problem happens again.
Then it happened, and according to the logs, I could not clearly identify what may have occurred.
I would be grateful if someone can help find the cause.
Log attached.
Regards,
Marcus Leal
As sugested, I turn on the KAV trace utility with Notify(500) level.
I took the answer because I had to wait for the problem happens again.
Then it happened, and according to the logs, I could not clearly identify what may have occurred.
I would be grateful if someone can help find the cause.
Log attached.
Regards,
Marcus Leal
QUOTE(Marcus Leal @ 14.05.2009 19:32)
Hi all,
As sugested, I turn on the KAV trace utility with Notify(500) level.
I took the answer because I had to wait for the problem happens again.
Then it happened, and according to the logs, I could not clearly identify what may have occurred.
I would be grateful if someone can help find the cause.
Log attached.
Regards,
Marcus Leal
As sugested, I turn on the KAV trace utility with Notify(500) level.
I took the answer because I had to wait for the problem happens again.
Then it happened, and according to the logs, I could not clearly identify what may have occurred.
I would be grateful if someone can help find the cause.
Log attached.
Regards,
Marcus Leal
Hello.
Unfortunately I don't know the reason of this behavior.
But please try to make the following steps:
1. Disable Self-Defense of Kaspersky product (open KAV - Service tab - Settings - switch off the option "Enable Self-Defense" - Apply - OK.
2. Enable the option "Compatibility mode for programs using self-protection methods" - Apply - OK - restart computer.
3. Run your programs.
Inform about result. Thanks.
We are experiencing the same issues for 2 months now:
Ref this thread:
http://forum.kaspersky.com/index.php?showt...mp;#entry976754
Ref this thread:
http://forum.kaspersky.com/index.php?showt...mp;#entry976754
Hey Olesya,
Thanks for your tip.
I applied it through the Administration Kit.
I need to wait, at least two weeks, to make sure the problem stopped.
But I'm really curious why this is happening.
Hello gcarey,
I read your thread.
I will try the Olesya tips before.
Thank you very much for our information.
Regards.
Thanks for your tip.
I applied it through the Administration Kit.
I need to wait, at least two weeks, to make sure the problem stopped.
But I'm really curious why this is happening.
Hello gcarey,
I read your thread.
I will try the Olesya tips before.
Thank you very much for our information.
Regards.
Hi staff,
Unfortunately the Olesya solution didn't solve the problem.
I waited a long time to see if the program really close with Kaspersky enable and I confirmed this.
So I don't have any other idea to what to do.
I attached the log file from the time when the program were closed.
Do you have any sugestion?
I appreciate very much your help.
Thanks in advance.
Marcus Leal
Unfortunately the Olesya solution didn't solve the problem.
I waited a long time to see if the program really close with Kaspersky enable and I confirmed this.
So I don't have any other idea to what to do.
I attached the log file from the time when the program were closed.
Do you have any sugestion?
I appreciate very much your help.
Thanks in advance.
Marcus Leal
Hello,
This error is displayed several times in the log :
You can try to add a new exclusion rule to prevent all files stored in this folder from being scanned, by all protection components. Or you can exclude all files having the extension *.MB which seems to belong to the software your are using.
This error is displayed several times in the log :
Code
CreateFile failed (0x00000002) - "\\?\C:\CorporeRM\RMChronus\Del2.MB"
You can try to add a new exclusion rule to prevent all files stored in this folder from being scanned, by all protection components. Or you can exclude all files having the extension *.MB which seems to belong to the software your are using.
Hello Tybilly,
Sorry for the delay to answer.
The software developer company answer us telling that we should compact the executable "RMLabore.EXE" with the ASPACK or UPX programs and execute the RMLabore normally. So, with this, the problem will finish.
We did this but can't confirme if it will work. We will wait 1 month, more or less, to validated this information.
Anyway, thanks for your tip. I'll try it if the above doesn't work.
Thanks.
Sorry for the delay to answer.
The software developer company answer us telling that we should compact the executable "RMLabore.EXE" with the ASPACK or UPX programs and execute the RMLabore normally. So, with this, the problem will finish.
We did this but can't confirme if it will work. We will wait 1 month, more or less, to validated this information.
Anyway, thanks for your tip. I'll try it if the above doesn't work.
Thanks.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.