casperski

Kaspersky Anti-Virus 6.0 for Windows Servers Enterprise Edition High CPU

91 posts in this topic

Yes, I'm seeing two kavswp processes taking 25% cpu each.

 

Edit: We are starting to see this on multiple servers now.

Edited by hybiepoo

Share this post


Link to post
Share on other sites
Yes, I'm seeing two kavswp processes taking 25% cpu each.

 

Edit: We are starting to see this on multiple servers now.

 

Same issue. Since about 9AM EST 10/23, two errors constantly popping up in event viewer:

 

Event ID 608

 

Unhandled exception occurred.

 

Process: kavfswp.exe [XXXX].

Address: XXXXXXXX.

Exception code: XXXXXXXXX.

 

and

 

Event ID 110 (source: Updates)

 

Serious internal error while performing a task.

 

Task name: Updates distribution.

Error code: 209.

 

Real-time protection flipping on and off, system grinding to a halt.

 

Version: 6.0.2.555

Critical Updates 7 & 11

SBS 2003

 

Applied 2084 fix (http://support.kaspersky.com/win_serv_ee_6mp2/tech?qid=208280105) a long time ago.

 

Deleted contents of bases\current with no luck.

 

Please advise.

 

 

 

Share this post


Link to post
Share on other sites

We had the same problem on a high numnber of Servers. I saw it jesterday an had a chance to roll back to the signature Database of 2010-10-22 ~18:00 Uhr (CET).

 

I tryed today an update to the actual Database, the same problem appeared.

 

Did anyone solved the problem?

 

Share this post


Link to post
Share on other sites
We had the same problem on a high numnber of Servers. I saw it jesterday an had a chance to roll back to the signature Database of 2010-10-22 ~18:00 Uhr (CET).

 

I tryed today an update to the actual Database, the same problem appeared.

 

Did anyone solved the problem?

We had the same problem on a high number of Servers windows 2008. any update about this problem??

 

Share this post


Link to post
Share on other sites

Hi,

 

same problem here.

Running 11x Windows Server 2003 Standard Edition equiped with KAV Enterprise Edition.

Since 23.10. 15:30 (GMT+1) all these Servers have these strange 25% CPU Load and two kavfswp.exe Processes.

 

The EventLog says ID 6080:ut

 

Nicht bearbeitete Ausnahme ist aufgetreten.

 

Prozess: kavfswp.exe [4512].

Adresse: 0x01FDB93E.

Ausschlusscode: 0xc0000005.

 

I´ve tried to manually remove the old bases and update to the latest but the problem persists.

 

Funny to say that my other Servers ( Windows Server 2008 R2 with KAV for Windows Servers 6.0.1424 ) are working normally.

 

I´ve contacted German Kaspersky Business Support via eMail but haven´t received an answer yet.

 

Regards

 

Buxus

Edited by Buxus

Share this post


Link to post
Share on other sites

we have tried to contact kaspersky support but he told us that there are no problem in update,we think this is bad support and the problem occurred one or more times before this problem,

we rolled back the database of Kasper to 22/10/2010 (in all our 30 servers windows 2008 and 2003) and every things working fine after that,we think that this is not good solution

because we have very critical services ,and we faced this problem two times: (31/12/2009) and today (24/10/2010) so we have internal discussion to take decision to change the Kasper product as anti virus solution for our company

 

 

osaid suliebi

 

 

Share this post


Link to post
Share on other sites

I called yesterday the support in russia. They say, that some customers experienced this Problem and that I should open a Call over the website and so i done.

 

Today they told me, that they can help me, and that the german support only avyilable at busines times.

 

We now have over 300 Servers with an old signature Database (2010-10-22, 20:37)!!

 

Its not a great support!!!

Share this post


Link to post
Share on other sites

We experiencing the same problems here. But a rollback of the signatures don't work for us.

The main problem is, that our whole citrix farm is affected with this problem. If kaspersky won't fix the signatures till monday, all our employees will not be able to work.

 

Regards, WeeZel

Share this post


Link to post
Share on other sites
We experiencing the same problems here. But a rollback of the signatures don't work for us.

The main problem is, that our whole citrix farm is affected with this problem. If kaspersky won't fix the signatures till monday, all our employees will not be able to work.

 

Regards, WeeZel

you can rollback every server to last database signature (befor 24/10/2010) and stop the update from kasper(directly and from admin kit) we tried that and all our servers working ok now

Share this post


Link to post
Share on other sites

We got the confirmed problem as well on Citrix platforms only, running Windows Server for Enterprise Edition - with CF7 and CF11 applied. Anyone heard from Kaspersky Support lately?

Share this post


Link to post
Share on other sites

Really, I am surprised, a company like Kaspersky which have millions of clients are dealing with this type of urgent issue with a very bad behavior, I believe that Kaspersky will be out of the competition within less than a year.

 

As this is a repeated bug in Kaspersky system and as Kaspersky did not interact positively with it, and as this type of bugs have a very bad consequences on the clients reputation, performance, and services. We believe that Kaspersky should compensate their clients for the losses that happened as a result of this inconvenience bugs and support, and we believe that each client should start searching to find a way to enforce Kaspersky to make the compensation.

 

For the clients who still not faced this issue, I can tell you that you will not wait a long to face this issue, as this will happened soon, so it is better to start thinking on how to avoid it.

Share this post


Link to post
Share on other sites
you can rollback every server to last database signature (befor 24/10/2010) and stop the update from kasper(directly and from admin kit) we tried that and all our servers working ok now

 

This problem happened at out site first yesterday evening. In the meantime admin server took several updates, so going back to older signatures isn't possible.

:dash1:

Share this post


Link to post
Share on other sites
This problem happened at out site first yesterday evening. In the meantime admin server took several updates, so going back to older signatures isn't possible.

:dash1:

 

I'm in the same boat.

 

Also, unless we get a solution today, I've got a pretty major issue facing my users tomorrow.

Share this post


Link to post
Share on other sites
I'm in the same boat.

 

Also, unless we get a solution today, I've got a pretty major issue facing my users tomorrow.

 

...over 500 users here... :aa:

Share this post


Link to post
Share on other sites

Hi All

 

I have the same problem. The workarround to get it working with older signatures than the 23.10.2010:

 

1) Disable Database Updates (Set Schedule to Manual)

2) Rollback to older Version

 

I my case i have now rolled back to signatures from 22.10.2010 22:37 UTC. They working...

 

It's good to have two suppport-phone-numbers in moscow an nobody is answering. :angry: :angry:

 

 

roger

 

 

 

Share this post


Link to post
Share on other sites

FYI all, you are screwed if you try to grab the updates from the index (I.E. old updates). New ones are released every Sunday so those are bad updates as well. Luckily we had some signatures from last year that we are currently using. We had these updates because this happened about a year ago as well. This is getting ridiculous.

 

Share this post


Link to post
Share on other sites
FYI all, you are screwed if you try to grab the updates from the index (I.E. old updates). New ones are released every Sunday so those are bad updates as well. Luckily we had some signatures from last year that we are currently using. We had these updates because this happened about a year ago as well. This is getting ridiculous.

 

we just took sigs from friday-backup and rolled them out.

Using 1 year old sigs -imho- is the same as disable kav, because it wont find any current viruses

Share this post


Link to post
Share on other sites

Ok, after severel hours... our citrix farm works now.

We restored old backup signatures from tape and copied it to the citrix servers. Then we started the rollback from admin kit.

 

I hope kaspersky will fix this problem soon, because the signature update is disabled now... <_<

 

Regards, WeeZel

Share this post


Link to post
Share on other sites
we just took sigs from friday-backup and rolled them out.

Using 1 year old sigs -imho- is the same as disable kav, because it wont find any current viruses

 

Will, would you mind running over the process for this? KAV's not exactly my area of expertise, but I'm the only person around this weekend.

Share this post


Link to post
Share on other sites

For all they havn't working signatures i zipped my "bases" directory from 22.10.2010.

 

You can download my bases.zip from ftp://ftp.cytec.ch/public/temp/bases20101022.zip

 

1. Stop WSEE (net stop kavfs)

2. Remove all files from; C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current\

3. Copy all Files from my bases.zip to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KAV for Windows Servers Enterprise Edition\6.0\Bases\Current\.

4. Start WSEE (net start kavfs)

5. Check on admin snap-In the staticis menuitem if the database release date changed to 22.10.2010 22:37 UTC

 

Don't forget to disable any Database Updates!!!

 

I hope this will also work on your servers guys!

 

Good Luck!

 

Roger

 

Share this post


Link to post
Share on other sites

Well, looks like I'll be spending my afternoon uninstalling Enterprise Edition from all my servers and installing 6.0 MP4 for File Servers... Thanks Kaspersky!

Share this post


Link to post
Share on other sites

We've just used our MSP software to script stopping all Kaspersky Enterprise services on all servers.

Terrible solution, but some of these servers are unusable in their current state, and our clients are feeling the pain.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now