Jump to content

richardstevenhack

Members
  • Content Count

    32
  • Joined

  • Last visited

About richardstevenhack

  • Rank
    Candidate
  1. OK, so I uninstalled KAV 2009 Wednesday and ran the removal tool. And I still can't download anything from either Adobe or Sun, while still being able to download anything from any other site. So apparently it is not KAV doing the blocking, assuming the removal tool really does get rid of everything. I'll have to look elsewhere for the solution to that problem. I went ahead and updated the client's Adobe Reader and Flash Player and Java with offline downloads I did on my machine the day before. That all went fine. I just don't know if she'll be able to apply any further updates. It's not clear whether the download blocking problem actually affects the updater for Reader and Java or just direct downloads from those sites. I did run Reader's update checker and it naturally reported no updates since it was the latest version, so I have no way of determining if a download from within the program would be blocked. I installed KAV 2010 with her 2009 license okay. I started the first update and as others have reported it obviously was going to take a very long time - 14% when I left after half an hour. KAV REALLY needs to do something about its pitiful update speed. At one of my other clients - whom I have subsequently switched to Avast - I had constant problems with corrupt Black.lst and 15 minute incremental updates which was just ridiculous. She hasn't called today so I assume the update completed and KAV is running all right. Her subscription expires in November and I told her not to renew but call me for advice. I also told her never to renew AV subscriptions for multiple years because every year one of the companies get worse and some other company gets better, so it's better to switch rather than try to save money by locking oneself into one AV. Anyway, that's the more or less adequate resolution to this problem.
  2. I should note that if you read my original post, I can't download ANYTHING from either Adobe or Sun. Something is blocking the sites completely. Those are the links I tried as well as the main links.
  3. Yes, I figured Filehippo had to have it somewhere. I've got them anyway. I also downloaded KAV 2010 along with 2011, so I can put either on. I'll probably replace 2009 with 2010 once I determine the problem. Thanks for your assistance. I'll update this thread with today's results.
  4. I tried Filehippo for the Adobe Flash Player, but all they seem to have available is the latest beta, not the latest stable. At least I couldn't find it. Anyway I downloaded it using my Linux box at home. So I can update her to current along with Java and Reader, but I need to solve this problem. As I indicated, I don't think it would be a good idea to upgrade her to 2011 until she gets another 1GB of RAM installed in the machine. Her machine is not that fast to begin with and I think 2011 would just cause it to grind to a halt. Once I uninstall KAV 2009 and run the removal tool, I'll see if that fixes the problem. If not, then we know it's something else. I just can't imagine what unless Windows Firewall has gone berserk (and I did disable that at one point with no change). I even checked the Hosts file and reset Internet Options security in IE to default. What else could be selectively blocking just two Web site downloads? This is happening in IE and Firefox. I could try disabling the add-ons in IE and Firefox, too, I suppose, since that's another possibility. If worse comes to worst, I'll leave KAV uninstalled and put Avast commercial version in demo mode on - she can run that for up to two months free while I sort it out. I've never seen this situation before. Usually if the IP stack is messed up, everything is messed up - not just downloads from just two sites. One thing she did do on March 3 is install a financial planning software. It generated a ton of errors in the Event Logs. She says the program reported it installed successfully, but the Event Log errors indicated to me it did not install properly. I may pull that back out and reinstall to see if that had any effect. The reason I'm suspicious of KAV is the fact that it has a Web scanning component. I don't know how or why it would behave like this, but it just seems like a likely culprit. If I had KIS or another firewall on there, I would be suspicious of firewall rules, but we just have Windows Firewall in this case and no suspicious settings in it.
  5. I have a client with a weird problem. She's running KAV 2009 on Windows XP Home, SP3 on a P4 with 512MB RAM. She had a problem last week with KAV hanging on its update at 45% or so and never finishing. But sometimes the updates work. So I came in and uninstalled it and reinstalled it. However, I did NOT run the Removal Tool, which was probably my big mistake. I reinstalled from the CD Kaspersky sent her with the install program and the license key in a text file. It seemed to work for a little while, but today she calls me and says she has the same problem, plus KAV is reporting vulnerabilities and she tried to run a scan and it failed. I came in and looked at it - the "vulnerabilities" were merely older versions of Firefox, Adobe Flash, Adobe Reader, Java, and WebEx. So I decided to download updates for all those. Now comes the weird part. I cannot download anything from either Adobe or Oracle/Sun Java. I can't download Flash Player, Adobe Reader, or Java. When I try, the download starts for a few seconds, then freezes and nothing happens. I uninstalled all the Java versions using Add/Remove programs, and ran CCleaner afterward. I tried downloading the Adobe Flash Player uninstaller but can't do it. I also uninstalled Adobe Reader 9 preparatory to trying to download Reader 10, but can't do it. However, I CAN download anything I want, other programs for instance, from other Web sites with no problems! At first, I thought this was a network problem. I rebooted the router, cleaned out the IE and Firefox caches, reset IE's security settings to default, cleaned out Windows temp directories, repaired the network connection (there was an issue flushing the DNS cache, but that was fixed), and finally reset the IP stack. No change in the behavior. I can access Web sites with no problem and download anything as long as it's not from Adobe or Sun. I am operating on the theory that somehow KAV 2009 - either from the current install or a leftover from the previous install - is blocking the Adobe and Sun Web sites, but I didn't recall seeing anything like that when I examined the settings. I may have missed something, though. Where can I check to make absolutely sure that KAV is not blocking a download from a Web site? Also, the system was running fairly slow, but I determined that I had installed Auslogics defragger last week, and in researching the KAV issue this morning, I learned I should place any defrag program in the Trusted Application set, so I did that. So my main problem now is to determine if it is KAV which is blocking the Adobe and Sun downloads. I have gone ahead and downloaded the updates on my Linux machine at home, but I want to be sure she can download from her machine in the future. So where can I check to make absolutely sure that KAV is not blocking a download from a Web site? I will be going back to her Wednesday at 4PM to try another full uninstall, removal tool run, and reinstall of 2009. She has only 512MB of RAM, so until she gets some more RAM, I think I'll hold off upgrading her to KAV 2011.
  6. I am REALLY getting tired of this nonsense. I rebooted a machine, KAV comes up with a dialog that says "License reminder" in the title (which is nonsense because licenses are up to date), and the message "Black.lst is corrupted. Run updater". Except you CAN'T run the Updater or even get KAV to respond because it's frozen. And you can't EXIT the program via Task Manager because of the system protection. When in HELL is KAV going to fix this Black.lst issue. This has been going on for MONTHS! If this issue is not fixed shortly, I will recommend to all my clients to dump KAV and switch to another AV solution. There is no excuse for this kind of shoddy coding.
  7. Well, here we are with another week, another reinstalled Windows XP box (thank you, Bill Gates!) and another FRESH KAV install which when updating on reboot says "Not All Components Were Updated" and on a second Update it proceeded to take at LEAST fifteen minutes to update AFTER downloading the updates during which time the machine was completely FROZEN. Once the update was done, it asked to reboot to update some components. This update nonsense has to be fixed, Kaspersky. It has to. It's totally unacceptable. You could install Linux in the time it takes to do an AV update. If this continues, I'm switching my clients out of KAV.
  8. I have to agree. This evening one of the 23 boxes at my client's managed to hose Kaspersky completely so the databases were corrupted and KAV wouldn't even run properly, so I uninstalled it, then pushed out a new install from the Admin Kit. That went fine, but when I ran the update from the box, it downloaded hundreds of the usual tiny updates, which as usual took ten minutes or so, then proceeded to say the Blacklist was corrupted - again. This on a clean new install! So I run the Update again, and it downloaded another 1.2MB of updates, then sits there for nine minutes and 35 seconds doing the update! Why does it take so painfully long to finish the update process? I mean, only Norton is this bad at updating! One of the reasons I promote KAV over Norton for my clients is that Norton is known for screwing up its own updates. Now it seems KAV is on the same bad track.
  9. I also have this problem. I uninstalled and reinstalled KAV on the affected machine - no change in behavior. It seems KAV has as many problems doing its updates as Norton or, for that matter, Windows itself has...:-) What further irritates me is that KAV reports that the machine is protected! Really? With corrupted updates? That says major security flaw to me. I've also noticed that updates are taking many minutes to be applied even after they've been downloaded. The update bar is fully green, but nothing happens for five minutes or more. These problems need to be resolved or I'll have to direct my clients to another solution. Update: Now it's affected two more machines. A third machine is running its update at - are you ready for this? - 5K bytes per second (over a GigE network!)... Something is seriously wrong.
  10. OK, I went into the policy being applied and into the Proactive Defense and into the Application Activity Analyzer and turned off the Quarantine action on "Suspicious Registry Access" and set it to "Allow". I also changed the action for "Suspicious System Activity" and "Intrusion Into Process" to "Prompt for Action". Hopefully that will stop it. I think the default for suspicious registry access should be to ask the user, not quarantine! Especially if KAV doesn't understand that many programs do in fact write and clear lists of modules during startup.
  11. Oh, this gets better! Not only did it quarantine the scanner driver on suspicion alone, it actually labeled it on the client as "not infected (false alarm)"!!! So I go to the client and try to do a restore. It tells me it can't restore it because it's blocked! What the hell is "restore" for if you can't restore a file that's been blocked! I even scanned the file right there and it says it's clean!!!
  12. I have KAV for Windows Workstations 6.0.4.1212 installed on 22 or so computers. Today my client calls me to say that on two machines Adobe Premiere has been deleted from the system and that on two other machines with recently installed Canon scanners that their drivers have been deleted from the system. I go to the Admin Kit, and look for a virus report. There has been NO viruses detected since I upgraded the KAV two weeks ago. I go to the Quarantine section. Sure enough, two machines had their Adobe Premiere main executables quarantined "for suspicious action". The suspicious action is described as "suspicious registry value". But there is NO report anywhere in the reporting system that this action was taken! WTF? Looking over the critical event reports I see numerous versions of this: Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Registry monitoring Computer: P Group: Managed computers Time: Friday, November 06, 2009 4:51:01 PM Description: Process C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (PID: 3152): suspicious action. Process is trying to delete list of modules executed during system startup (key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{70FFD7F4-4560-4114-1AB3-080C4A73D82E}, value: , data: ). Not only is the Adobe License Manager service being targeted, but even Windows Explorer is complained about! Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Registry monitoring Computer: H Group: Managed computers Time: Friday, November 13, 2009 10:12:35 PM Description: Process C:\WINDOWS\Explorer.EXE (PID: 864): suspicious action. Process is trying to delete list of modules executed during system startup (key: HKEY_USERS\S-1-5-21-2656281415-2894812375-2010654484-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce, value: RunCanonMsetUp, data: C:NOSCAN\MCDCHK2.EXE). The users on two other machines also had their Canon scanner executables deleted, although I can't find any evidence that they were quarantined except for this one: Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Computer: H Group: Managed computers Time: Thursday, November 12, 2009 12:39:20 PM Description: Process C:\PROGRAM FILES\CANON\MP NAVIGATOR EX 1.0\MPNEX10.EXE (PID: 3444): Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader) The rest of the problems again appear to be because of "suspicious behavior": Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Registry monitoring Computer: H Group: Managed computers Time: Thursday, November 12, 2009 1:00:26 PM Description: Process C:\Program Files\Canon\SolutionMenu\uninst.exe (PID: 1676): suspicious action. Process is trying to delete list of modules executed during system startup (key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: CanonSolutionMenu, data: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon). Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Registry monitoring Computer: H Group: Managed computers Time: Thursday, November 12, 2009 1:00:28 PM Description: Process D:\WIN\SBOX\English\SETUP.EXE (PID: 2064): suspicious action. Process is trying to write list of modules executed during system startup (key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: CanonSolutionMenu, data: C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon). Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Registry monitoring Computer: H Group: Managed computers Time: Thursday, November 12, 2009 1:01:52 PM Description: Process D:\WIN\MSETUP4.EXE (PID: 764): suspicious action. Process is trying to write list of modules executed during system startup (key: HKEY_USERS\S-1-5-21-2656281415-2894812375-2010654484-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce, value: RunCanonMsetUp, data: C:\DOCUME~1\DIGITA~1\LOCALS~1\Temp\MasterReboot\CANOSCAN\MCDCHK2.EXE). Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Registry monitoring Computer: H Group: Managed computers Time: Thursday, November 12, 2009 1:08:56 PM Description: Process C:\Program Files\NewSoft\Presto! PageManager 7.15\PDFDrvSetup\setup.exe (PID: 268): suspicious action. Process is trying to write list of modules executed during system startup (key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: WrtMon.exe, data: C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe). It also is treating the Windows installer as suspicious! But it has not taken any action (yet). Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Registry monitoring Computer: P Group: Managed computers Time: Monday, November 09, 2009 8:34:41 PM Description: Process C:\WINDOWS\system32\MsiExec.exe (PID: 3016): suspicious action. Process is trying to delete list of modules executed during system startup (key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, value: SunJavaUpdateSched, data: "C:\Program Files\Java\jre6\bin\jusched.exe"). Also treating services.exe as suspicious: Suspicious object detected Severity: Critical event Application: Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 Version number: 6.0.4.1212 Task name: Proactive Defense Registry monitoring Computer: P Group: Managed computers Time: Tuesday, November 10, 2009 11:56:00 AM Description: Process C:\WINDOWS\system32\services.exe (PID: 1548): suspicious action. Process is trying to delete list of modules executed during system startup (key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32, value: wavemapper, data: msacm32.drv). Now I have several problems here: 1) KAV is treating what appears to me to be normal system activity as suspicious. 2) KAV is guarantining files on the basis of "suspicion". 3) KAV is NOT reporting the actual quarantining in any of the Critical Events reports. My question is: how can I stop this from happening? Can I turn off reporting on that sort of suspicious event, and can I prevent KAV from quarantining on the basis of "suspicion" - especially the "suspicious activity" which appears to me to be completely normal?
  13. Well, I may or may not have been that dumb, but rebuilding the package using the wizard seems to have worked this time. KAV and the agent have installed on that machine. Now I need to figure out why it doesn't seem to apply the imported firewall rules that are in the policy on installation...I had to import them manually on that workstation. Well, progress...
  14. So the GSI thinks I'm trying to install the Server product? But I'm not! But on the off chance something is screwy and somehow I did that, I will recreate the deployment package using the Wizard again and try again. But I'm pretty sure I'm not that dumb.
  15. OK, so I created a standalone installation package from the AV package and told the wizard to add the Network Agent to the package it created. Then I uninstalled the KAV on the machine, and the Network Agent, and ran the setup.exe the Admin Kit Wizard created. Same problem: it installs the Network Agent, verified the connection to the Admin Server, then the AV install fails with OS not supported message. It's 1AM in the morning here. I give up. That machine is one of the two that gets the most viruses in this office and it's going to be unprotected until I can get back here maybe tomorrow evening. This is just ridiculous. Tomorrow night I'm going to rip out the entire KAV system - again - and start all over with fresh downloads of everything. Or maybe I'll switch to Comodo.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.