Jump to content
mikeymitch

KES10 Web-Antivirus Malfunction [In Progress]

Recommended Posts

Anyone ever get a fix for this? Even after upgrading our KSC server to 10.1.249 and several clients to 10.2.1.23 with new 10.1 policies, we still have this problem. Apparently it wasn't fixed in mr1. Very quickly losing faith in Kaspersky.

 

Yeah, I havent' had this one pop up yet (only installed MR1 on my PC so far) but I've got two 'This will be fixed in MR1' deals that are not fixed.....so, with this we are up to 3. :bravo: Good Job Kaspersky!

Share this post


Link to post
Anyone ever get a fix for this? Even after upgrading our KSC server to 10.1.249 and several clients to 10.2.1.23 with new 10.1 policies, we still have this problem. Apparently it wasn't fixed in mr1. Very quickly losing faith in Kaspersky.

Hello!

Probably you are facing another issue than described in this thread, at least it has different root cause.

May I please kindly ask you to provide us with GSI and event logs from one of the affected hosts? Also please kindly try to move one of the affected hosts out of the policy and reset WebAV settings to default in local interface and report back if it helps.

Thank you!

Share this post


Link to post

When you say "remove it out of the policy" do you mean to a different policy? If so, I've tried several of our policies and also created a brand new one. The service still won't start. How do I reset WebAV settings to the default? I have tried changing almost all of the settings for WebAV in the policy but that didn't help either. Can you point me to where this was discussed before? This error was the main reason we didn't upgrade to v10.x before and I was wating for mr1 in hopes it would be fixed and I could then upgrade to v10. So for now, we are stuck on v9 until this is fixed as there is no way management will allow me to install any antivirus without the WebAV piece working.

http://www.getsysteminfo.com/read.php?file...f5984d49761cb89

John

 

Hello!

Probably you are facing another issue than described in this thread, at least it has different root cause.

May I please kindly ask you to provide us with GSI and event logs from one of the affected hosts? Also please kindly try to move one of the affected hosts out of the policy and reset WebAV settings to default in local interface and report back if it helps.

Thank you!

 

Share this post


Link to post
When you say "remove it out of the policy" do you mean to a different policy? If so, I've tried several of our policies and also created a brand new one. The service still won't start. How do I reset WebAV settings to the default? I have tried changing almost all of the settings for WebAV in the policy but that didn't help either. Can you point me to where this was discussed before? This error was the main reason we didn't upgrade to v10.x before and I was wating for mr1 in hopes it would be fixed and I could then upgrade to v10. So for now, we are stuck on v9 until this is fixed as there is no way management will allow me to install any antivirus without the WebAV piece working.

http://www.getsysteminfo.com/read.php?file...f5984d49761cb89

John

I actually meant 'disable the policy completely.'

May I please kindly ask you to provide us with event logs from the problematic host?

Thank you!

Share this post


Link to post

See attached for the kaspersky event log from one of the failing workstations. Do you mean make the policy inactive? How do I disable a policy for an existing workstation/server if it is currently being managed by KSC? The only way I can think to do that is uninstall the product completely. Even if I make the active policy inactive, the settings stay the same on the workstation side or am I missing something obvious here?

 

I actually meant 'disable the policy completely.'

May I please kindly ask you to provide us with event logs from the problematic host?

Thank you!

kas_evt.zip

Edited by jcdinpgh

Share this post


Link to post

Thank you for your swift reply. However, .txt export contains almost no useful info, so please export the eventlog in .evt(x) format, as described in the article.

Thank you!

Share this post


Link to post
Sorry. Try this one.

I see no errors in your event log. May I please kindly ask you to provide us with some screenshots illustrating your problem as well?

Thank you!

Share this post


Link to post

In the policy, the WebAV piece is enabled and the task should be running but if you hover over the "K" icon, it says "Failed to enable some protection components" and if I try to start the task from the KSC for the failing workstation, it says ""Completed with error". Attached are the exported Results from within KSC which don't help much I know. If I bring up the interface for KES, and look under protection, the "Web Anti-Virus" part says "Malfunction" and "start" is grayed out. I had to do a uninstall on another workstation that was having the same problem, and then installed 10.2.1.23 and then the WebAV piece was working correctly so it seems to only happen when upgrading. This was the same problem we had in the previous v10 before mr1. I know the recommended method to upgrade to v10 is to uninstall any previous version,reboot, and then install v10 but that will involve alot of micromanagment on our part since we have 1000s of workstations.

 

I see no errors in your event log. May I please kindly ask you to provide us with some screenshots illustrating your problem as well?

Thank you!

ksc_exp.txt

Edited by jcdinpgh

Share this post


Link to post

What even odder is that it doesn't happen on all upgrades which made me think the policy on the failed ones was causing the problem so I tried moving the workstation in a group with a different policy where those workstations didn't have the problem in hopes that that policy would somehow fix it but that didn't help either. It's a very inconsistent problem.

 

In the policy, the WebAV piece is enabled and the task should be running but if you hover over the "K" icon, it says "Failed to enable some protection components" and if I try to start the task from the KSC for the failing workstation, it says ""Completed with error". Attached are the exported Results from within KSC which don't help much I know. If I bring up the interface for KES, and look under protection, the "Web Anti-Virus" part says "Malfunction" and "start" is grayed out. I had to do a uninstall on another workstation that was having the same problem, and then installed 10.2.1.23 and then the WebAV piece was working correctly so it seems to only happen when upgrading. This was the same problem we had in the previous v10 before mr1. I know the recommended method to upgrade to v10 is to uninstall any previous version,reboot, and then install v10 but that will involve alot of micromanagment on our part since we have 1000s of workstations.

 

Share this post


Link to post
What even odder is that it doesn't happen on all upgrades which made me think the policy on the failed ones was causing the problem so I tried moving the workstation in a group with a different policy where those workstations didn't have the problem in hopes that that policy would somehow fix it but that didn't help either. It's a very inconsistent problem.

May I please kindly ask you to create an incident in your CompanyAccount and attach there the info you've already collected plus installation logs?

Also, please kindly try what I've asked you earlier - disable the policy on one of the affected hosts and try to launch WebAV from the local interface.

Please kindly also enable KES traces, try to launch WebAV, wait for the error to appear, disable traces and attach the result to your incident.

Please post INC number in this topic.

Thank you!

Share this post


Link to post

I will get all of that info as soon as possible. How do I disable the policy on just one workstation?

 

May I please kindly ask you to create an incident in your CompanyAccount and attach there the info you've already collected plus installation logs?

Also, please kindly try what I've asked you earlier - disable the policy on one of the affected hosts and try to launch WebAV from the local interface.

Please kindly also enable KES traces, try to launch WebAV, wait for the error to appear, disable traces and attach the result to your incident.

Please post INC number in this topic.

Thank you!

 

Share this post


Link to post

I created a new incident. I was unable to attach the output because of a java certificate error with your app used to upload files. Where can I send the output?

INC000002617393

I will get all of that info as soon as possible. How do I disable the policy on just one workstation?

 

Share this post


Link to post

Hi jcdinpgh,

 

That problem should be fixed right now and you can upload all necessary data.

If this problem reoccurs, please let us know.

 

Thank you for cooperation.

Share this post


Link to post

This fixed it for me. (This was still an issue on the latest Endpoint 10.2)

 

KES10 [bug ID 216509] - WEB-AV malfunction status when a policy is applied

Product version: KSC / KES 10

Problem summary: When a policy is applied to KES10 machines, WEB-AV malfunctions

Overview: Client has machines running KES10. When those machines take the EP10 Policy, they WEB-AV switch to a malfunction state. Only resolution is fresh install but once the policy is applied, it will return to a malfunction state.

 

Root cause: Web Av ScriptChecker

 

Troubleshooting steps: Attempted to stop and start the web av component after removing the client from policy. Attempted to disable and re-enabled the web av. Created a new policy, did a fresh install and the issue persisted. Fresh install is the only resolution

 

Please try this option first(run the single wks solution first to confirm the fix):

 On a single workstation:

 Stop KES self-defense

 Open registry branch

x64 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

 

x86

HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

Set parameter UseScriptChecker=0

 

Share this post


Link to post
This fixed it for me. (This was still an issue on the latest Endpoint 10.2)

 

KES10 [bug ID 216509] - WEB-AV malfunction status when a policy is applied

Product version: KSC / KES 10

Problem summary: When a policy is applied to KES10 machines, WEB-AV malfunctions

Overview: Client has machines running KES10. When those machines take the EP10 Policy, they WEB-AV switch to a malfunction state. Only resolution is fresh install but once the policy is applied, it will return to a malfunction state.

 

Root cause: Web Av ScriptChecker

 

Troubleshooting steps: Attempted to stop and start the web av component after removing the client from policy. Attempted to disable and re-enabled the web av. Created a new policy, did a fresh install and the issue persisted. Fresh install is the only resolution

 

Please try this option first(run the single wks solution first to confirm the fix):

 On a single workstation:

 Stop KES self-defense

 Open registry branch

x64 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

 

x86

HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

Set parameter UseScriptChecker=0

Thank you for the info!

Share this post


Link to post

I fixed the "Web-Antivirus Malfunction" error by resetting the Internet Explorer settings & checking the "Delete personal settings" box. Warning: you should backup before your "Favorites".

 

Tested on Windows 7 Pro x64 with Internet Explorer 11.

Share this post


Link to post
This fixed it for me. (This was still an issue on the latest Endpoint 10.2)

 

KES10 [bug ID 216509] - WEB-AV malfunction status when a policy is applied

Product version: KSC / KES 10

Problem summary: When a policy is applied to KES10 machines, WEB-AV malfunctions

Overview: Client has machines running KES10. When those machines take the EP10 Policy, they WEB-AV switch to a malfunction state. Only resolution is fresh install but once the policy is applied, it will return to a malfunction state.

 

Root cause: Web Av ScriptChecker

 

Troubleshooting steps: Attempted to stop and start the web av component after removing the client from policy. Attempted to disable and re-enabled the web av. Created a new policy, did a fresh install and the issue persisted. Fresh install is the only resolution

 

Please try this option first(run the single wks solution first to confirm the fix):

 On a single workstation:

 Stop KES self-defense

 Open registry branch

x64 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

 

x86

HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

Set parameter UseScriptChecker=0

 

 

Good info, Ben, but this didn't solve my issue.

 

C'mon Kaspersky! Pull your socks up and fix this already!

Share this post


Link to post
Good info, Ben, but this didn't solve my issue.

 

C'mon Kaspersky! Pull your socks up and fix this already!

Hello!

 

Please kindly inform us if you are having the same issue?

What versions of the product do You use?

 

Thank You!

Share this post


Link to post

The solutions recommended above didn't work for us with KES 10.2 (MR1). We have found that disabling the UseScriptChecker regkey didn't fix the problem (also, it is not a feasible solution for our network of 6000+ computers).

 

However, we have found that changing the policy in the KSC for KES 10 MR1 in order to put the Web Antivirus Security Level to High in its main settings window makes it work again (changing it into deep heuristic into the secondary level dialog window doesn't work, however).

Share this post


Link to post
The solutions recommended above didn't work for us with KES 10.2 (MR1). We have found that disabling the UseScriptChecker regkey didn't fix the problem (also, it is not a feasible solution for our network of 6000+ computers).

 

However, we have found that changing the policy in the KSC for KES 10 MR1 in order to put the Web Antivirus Security Level to High in its main settings window makes it work again (changing it into deep heuristic into the secondary level dialog window doesn't work, however).

Hello!

 

Have you already submitted the request for the Technical Support?

Please do that and tell us the number - we will provide you with the patch which should solve that issue.

 

Thank You!

Share this post


Link to post

Hello :)

 

No, I just found the problem 2 hours ago and after checking this thread just changed the interface in the way I explained above while trying variations and it got fixed. I was just notifying the thread readers about the solution, but a patch is surely a better way to do it for small networks.

 

Will this be a patch that will be autodownloaded and applied with the standard update procedure in each client or will this be implemented in a future release (MR2)?

 

If it is a manually applied patch we will stick to the policy bar change as it is not viable for 6000+ computers and I prefer to enforce higher security settings over the network (using this workaround as a justification for the users) ;)

 

Thank you!

Share this post


Link to post
Hello :)

 

No, I just found the problem 2 hours ago and after checking this thread just changed the interface in the way I explained above while trying variations and it got fixed. I was just notifying the thread readers about the solution, but a patch is surely a better way to do it for small networks.

 

Will this be a patch that will be autodownloaded and applied with the standard update procedure in each client or will this be implemented in a future release (MR2)?

 

If it is a manually applied patch we will stick to the policy bar change as it is not viable for 6000+ computers and I prefer to enforce higher security settings over the network (using this workaround as a justification for the users) ;)

 

Thank you!

Hello!

 

No, it is not an autopatch.

 

Here is standard installation instruction:

http://support.kaspersky.com/8755

 

Thank You!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.