buckZor

KAVFSWP.EXE pegging system and crashing

29 posts in this topic

All of our KAV WSEE v6 MP2 installs are freaking out this morning. KAVFSWP.exe process is pegging the processor, then crashing out, then relaunching to do it all over again. Was on hold for KAV support for almost 20 minutes, they are aware of the problem its apparently with a bad App Definitions Database update. They had me STOP real-time protection, disable Application Database Update via the Schedule tab on properties, then run the Database Update Rollback task, which brings the Database State (in Statitistics) to:

 

Database release date: 12/30/2009 7:31:55AM (UTC)

Databases records count: 3415713

 

Once the Database is to that release, you can then resume Real-time, but they instructed me to not resume any Database updates until they call me back. They took my contact information. I have just finished making the rounds on my 25 installs. Ugh. This stinks. :angry:

 

They are apparently receiving many calls on this issue this morning. Enjoy!

Share this post


Link to post
Share on other sites
Same issue here...What a nightmare!

 

Thanks for passing on the instructions.

I'm having trouple getting into the console to stop real-time protection. It just freezes up.

 

Some machines also error out during the rollback saying "database backup not found".

Edited by MrRAlan

Share this post


Link to post
Share on other sites

You can stop it in services.msc (Kaspersky Antivirus and Kaspersky Script Interceptor)

This will kill off the kavfswp.exe processes.

 

This is only affecting

 

6.0.2.555 CF7

6.0.2.555 CF11

6.0.2.555 CF7 + CF11

6.0.2.555 No CFs

6.0.2.551 all CFs

Share this post


Link to post
Share on other sites
You can stop it in services.msc (Kaspersky Antivirus and Kaspersky Script Interceptor)

This will kill off the kavfswp.exe processes.

 

This is only affecting

 

6.0.2.555 CF7

6.0.2.555 CF11

6.0.2.555 CF7 + CF11

6.0.2.555 No CFs

6.0.2.551 all CFs

But then you can't rollback the update.

Share this post


Link to post
Share on other sites

This is in the event rollback tasks do not bring your updates back far enough to mitigate the problem

Share this post


Link to post
Share on other sites

When I try to rollback it comes back with completed with an error (and obviously does not roll back...), only option is to disable the antivirus and hope and pray that our users won't fill the servers with viruses until Kaspersky Lab sends us a fix :-(

 

This is really bad...

Share this post


Link to post
Share on other sites
When I try to rollback it comes back with completed with an error (and obviously does not roll back...), only option is to disable the antivirus and hope and pray that our users won't fill the servers with viruses until Kaspersky Lab sends us a fix :-(

 

This is really bad...

 

Could someone from Kaspersky comment on this??????

Share this post


Link to post
Share on other sites
All of our KAV WSEE v6 MP2 installs are freaking out this morning. KAVFSWP.exe process is pegging the processor, then crashing out, then relaunching to do it all over again. Was on hold for KAV support for almost 20 minutes, they are aware of the problem its apparently with a bad App Definitions Database update. They had me STOP real-time protection, disable Application Database Update via the Schedule tab on properties, then run the Database Update Rollback task, which brings the Database State (in Statitistics) to:

 

Database release date: 12/30/2009 7:31:55AM (UTC)

Databases records count: 3415713

 

Once the Database is to that release, you can then resume Real-time, but they instructed me to not resume any Database updates until they call me back. They took my contact information. I have just finished making the rounds on my 25 installs. Ugh. This stinks. :angry:

 

They are apparently receiving many calls on this issue this morning. Enjoy!

 

 

Same here. Can't Roll Back. Real-Time protection must stay off for now until a fix is found.

Share this post


Link to post
Share on other sites
Same here. Can't Roll Back. Real-Time protection must stay off for now until a fix is found.

 

 

Yup couldn't roll back far enough. The initial rollback worked after stopping the real-time file protection, however it did not roll back far enough. I hope they are working on this as we speak.

Share this post


Link to post
Share on other sites

Same issue here, My network just started crashing and I am currently on freefall from Kaspersky HELL!!

Share this post


Link to post
Share on other sites

It's a shame there's no official voice in this thread.

 

It seems like the solution for those of us stranded at the moment would be to repackage the 7am database and push it out again with new dates. That would get us all to a point where we could update to the new-old data and reactivate our realtime until a proper resolution can be found.

 

Share this post


Link to post
Share on other sites

Same here brought my network and servers to a crawl, wouldn’t even allow me to connect to 2 of them all together. Took almost 2 hours to get find out the culprit and get production back online. Where is Kaspersky response…….

Share this post


Link to post
Share on other sites

We are seeing the issue as well across all of our EE clients. For me disabling the Real-time File Protection task in the policy for the systems did not correct the issue. Even though the systems showed as enforced (having the policy update) the CPU utilization continued to peg. So after disabling the Real-Time File Protection I used the following script (requires PSTools) to restart the network agent and AV on each station.

 

restartKaspProcs.cmd

psservice \\%1 -u AdminUName -p AdminPwd restart klnagent

psservice \\%1 -u AdminUName -p AdminPwd restart kavfs

timeout 15

pslist \\%1 -s 15 kavfswp

 

Once you copy the above into a "restartKaspProcs.cmd" file you can run it against a server using "restartKaspProcs ServerHostName". Be sure to update the admin username and password to something valid. Also, the first time you run PSTools it will prompt you to except a EULA, be sure to click ok.

 

Hope this helps someone out there... This has been quite the mess on our network.

 

 

Share this post


Link to post
Share on other sites

Any word on this from Kaspersky besides stopping teh process? Their phone lines and live chat appear to be tied up :)

Share this post


Link to post
Share on other sites
Any word on this from Kaspersky besides stopping teh process? Their phone lines and live chat appear to be tied up :)

 

I got through to support in USA. Best thing to do if you can't rollback whilst still being protected is to do the following:

 

1) Disable the update schedule for the affected server in Tasks - Application database update

2) Stop AV, AV Script, and Network Agent in Services.

3) Move today's database files to another folder. Go to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current. Create new folder called Bad_301209. Move all files in current with 301209 date to this new folder. On Windows 2008 this folder is located in C:\ProgramData\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current.

4) Restart services.

5) CPU usage should be back to normal after startup.

 

It's worked for me after trying everything else.

Share this post


Link to post
Share on other sites

Our enterprise terminal servers have been really slow today but we didnt notice this so called cpu spike, we had symptoms of apps freezing though, we disabled KAV and it certainly fixed our problems, im glad its new years eve fast approaching here in australia so most of our users have already logged off !

Edited by Digian

Share this post


Link to post
Share on other sites

It is really "morning"mare for us as we are in UTC+8 time zone,when we just go work as usual, a lot of users complaint about server performance issue and it tooks us to fire-fighting to solve this issue for 4-5hours to manually update the old definition to each server.

 

I hope the KAV antivirus team can do very thorough test before distribute any updates as it really affected our IT Administrator workload when we have to solve for the mission critical servers such as SQL server issue in a very urgent manner.

 

I hope KAV team will take serious on this issue and don't let it happen again in future.

Edited by goolb78

Share this post


Link to post
Share on other sites

Hello!

Kaspersky Lab confirms that there was an error with updates (as of 30.12.09).

We express our deepest apologies for the committed error.

The problem has been solved.

You should run an update task in order to solve the problem.

Share this post


Link to post
Share on other sites
Hello!

Kaspersky Lab confirms that there was an error with updates (as of 30.12.09).

We express our deepest apologies for the committed error.

The problem has been solved.

You should run an update task in order to solve the problem.

 

Beware everyone! If you post something bad about Kaspersky your post gets deleted. There were more replies to this topic before, and this reply is probably gonna get deleted too.

 

It's a bloody shame... Kaspersky has a very good and quick technical support, and everyone makes mistakes, but just take your responsability instead of censuring it.

Share this post


Link to post
Share on other sites
Beware everyone! If you post something bad about Kaspersky your post gets deleted. There were more replies to this topic before, and this reply is probably gonna get deleted too.

 

Yes, posts of mine have been deleted in the past also. I have never seen so many bad updates pushed out by an AntiVirus vendor. I have only used KAV for 2 years but I lost count of the number of bad updates they pushed that cost many man hours to repair. We used Trend Micro at my last location and they never had this problem.

Share this post


Link to post
Share on other sites
Yes, posts of mine have been deleted in the past also. I have never seen so many bad updates pushed out by an AntiVirus vendor. I have only used KAV for 2 years but I lost count of the number of bad updates they pushed that cost many man hours to repair. We used Trend Micro at my last location and they never had this problem.

 

 

Is there any Update file that can be run on the Machines? is a bit tricky to do it via Update Task...

Share this post


Link to post
Share on other sites
Is there any Update file that can be run on the Machines? is a bit tricky to do it via Update Task...

Try deleting all the files in C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current. Then, you should be able to do the update without a problem.

Share this post


Link to post
Share on other sites
Try deleting all the files in C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current. Then, you should be able to do the update without a problem.

 

Oyyy. Those folders don't even exist or anything like them under Users in Windows 2008

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now