Jump to content
mikeymitch

KES10 Web-Antivirus Malfunction [In Progress]

Recommended Posts

I created incident INC000002617393 in relation to this problem. Can you point me to the patch please?

as I see, your INC is already closed.

Could you please re-open it or create a new one?

Thank you!

Share this post


Link to post

I contacted support and they opened yet another INC (INC000002796964) instead of just reopening INC000002617393 like I had asked but then uploaded patch_pf370. There are no instructions or details as to what it is supposed to fix so I installed it anyways on a workstation with v10.2.1.23 that is having the issue with web antivirus not working, and it fixed nothing. Web antivirus is still not working.

Is this the correct patch to fix web antivirus not starting?

Are there instructions somewhere describing what is (supposedly) fixed?

Has anyone else tried Patch_pf370 and had it fix this issue?

 

 

 

as I see, your INC is already closed.

Could you please re-open it or create a new one?

Thank you!

 

Share this post


Link to post

And to add insult to injury, I just spoke with online chat support, and since patch pf_370 didn't work, they want me to collect all of the log information again, that I had already sent in the first time and essentially start all over. It sure feels like they are guessing at a solution here since they want me to collect all of the information on the workstation that pf_370 failed on. I just don't have the time to go through this all over again so I will wait and see if any of you have any info on patch pf370 or if you found any other solutions.

 

I contacted support and they opened yet another INC (INC000002796964) instead of just reopening INC000002617393 like I had asked but then uploaded patch_pf370. There are no instructions or details as to what it is supposed to fix so I installed it anyways on a workstation with v10.2.1.23 that is having the issue with web antivirus not working, and it fixed nothing. Web antivirus is still not working.

Is this the correct patch to fix web antivirus not starting?

Are there instructions somewhere describing what is (supposedly) fixed?

Has anyone else tried Patch_pf370 and had it fix this issue?

 

Share this post


Link to post

I had this issue occur in my environment today on one W7 64bit machine running KES 10.2.1.23 and Agent 10.1.249.

 

I was able to solve it by doing the following:

1. Locally booting the computer in Safe Mode

2. Run the kavremover.exe tool and removed KES 10.2.1.23 (leaving the agent)

3. Reboot

4. Reinstall KES 10.2.1.23

 

 

Share this post


Link to post
I had this issue occur in my environment today on one W7 64bit machine running KES 10.2.1.23 and Agent 10.1.249.

 

I was able to solve it by doing the following:

1. Locally booting the computer in Safe Mode

2. Run the kavremover.exe tool and removed KES 10.2.1.23 (leaving the agent)

3. Reboot

4. Reinstall KES 10.2.1.23

Thank you for this info!

Share this post


Link to post

Kaspersky support sent me Private Fix 430 which fixes the problem on existing machines. The agent said it was created for my support case.

 

Now, to prevent the problem in the first place, when upgrading from KAV 6.0.4.1611 to KES 10.2.1.23, which is what I'm doing, I did the following:

 

1. Create a new group in KSC (call it something like Deploy KES10)

2. Copy your existing KAV6 & KES10 policies to that new group.

3. Make sure parent policy inheritance is turned off; disable self defense in both policies <--- THIS IS THE KEY STEP

4. Drag computer(s) to be upgraded into the Deploy KES10 group. This disables self defense on KAV6 and also on KES10 once it's installed

5. Deploy installation package to clients (or assign automatic installation)

 

After the clients restarts, it comes up fine with no malfunctions. Then you can drag it back into whatever management group it should be in (with self defense enabled) and everything is hunky dory.

Share this post


Link to post
Kaspersky support sent me Private Fix 430 which fixes the problem on existing machines. The agent said it was created for my support case.

 

Now, to prevent the problem in the first place, when upgrading from KAV 6.0.4.1611 to KES 10.2.1.23, which is what I'm doing, I did the following:

 

1. Create a new group in KSC (call it something like Deploy KES10)

2. Copy your existing KAV6 & KES10 policies to that new group.

3. Make sure parent policy inheritance is turned off; disable self defense in both policies <--- THIS IS THE KEY STEP

4. Drag computer(s) to be upgraded into the Deploy KES10 group. This disables self defense on KAV6 and also on KES10 once it's installed

5. Deploy installation package to clients (or assign automatic installation)

 

After the clients restarts, it comes up fine with no malfunctions. Then you can drag it back into whatever management group it should be in (with self defense enabled) and everything is hunky dory.

Thank you for sharing the info!

However, I suppose you haven't been using the PF at all?

Thank you!

Share this post


Link to post
Thank you for sharing the info!

However, I suppose you haven't been using the PF at all?

Thank you!

 

Update, it seems that it doesn't always work to turn off self defense on both policies. I updated 5 clients today and all had Web Malfunction. However, using PF 430 always fixes the problem. And maybe you can verify something for me. Can you confirm that using PF 430 in no way reduces the level of client protection? Does it turn anything off, such as script checking? Thanks!

Share this post


Link to post
Update, it seems that it doesn't always work to turn off self defense on both policies. I updated 5 clients today and all had Web Malfunction. However, using PF 430 always fixes the problem. And maybe you can verify something for me. Can you confirm that using PF 430 in no way reduces the level of client protection? Does it turn anything off, such as script checking? Thanks!

 

Hi,

 

WebAV fails to start because ScriptChecker component is missing and the patch fixes it.

 

Thank You!

Share this post


Link to post
Hi,

 

I guess we're facing the same issue with our 64bit clients.

How to retrieve PF 430?

 

Best regards,

Oliver

 

Hello.

 

Please submit a request to CompanyAccount and tell us its number for the patch to be provided. Please make sure to state the actual version of the product you are using.

Thank you!

Share this post


Link to post
Hi,

 

I guess we're facing the same issue with our 64bit clients.

How to retrieve PF 430?

 

Best regards,

Oliver

Hello!

 

You must submit the request for the Technical Support - https://companyaccount.kaspersky.com

Then tell us the number of submitted request, and then we will be able to provide you with patch.

 

Thank You!

Share this post


Link to post

Hi,

where to upload the log?

To this thread or the ticket at CompanyAccount?

Btw, installation of patch was successful.

Best regards,

Olly

Share this post


Link to post
Hi,

where to upload the log?

To this thread or the ticket at CompanyAccount?

Btw, installation of patch was successful.

Best regards,

Olly

Hello!

 

Please upload both - here and to the request.

 

Thank You!

Share this post


Link to post

Hello!

 

Did you try that solution that was posted previously?

 

This fixed it for me. (This was still an issue on the latest Endpoint 10.2)

 

KES10 [bug ID 216509] - WEB-AV malfunction status when a policy is applied

Product version: KSC / KES 10

Problem summary: When a policy is applied to KES10 machines, WEB-AV malfunctions

Overview: Client has machines running KES10. When those machines take the EP10 Policy, they WEB-AV switch to a malfunction state. Only resolution is fresh install but once the policy is applied, it will return to a malfunction state.

 

Root cause: Web Av ScriptChecker

 

Troubleshooting steps: Attempted to stop and start the web av component after removing the client from policy. Attempted to disable and re-enabled the web av. Created a new policy, did a fresh install and the issue persisted. Fresh install is the only resolution

 

Please try this option first(run the single wks solution first to confirm the fix):

 On a single workstation:

 Stop KES self-defense

 Open registry branch

x64 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

 

x86

HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

Set parameter UseScriptChecker=0

 

Did it help?

 

Thank You!

 

Share this post


Link to post

Hi Vitaly,

what exactly do you mean?

Fresh installation or Registry hack?

If you mean Regsitry Hack: wouldn't the security level be lowered due to Script Checker turned off?

Just checked Registry: UseScriptChecker is already set to 0.

Best regards,

Oliver

Edited by Oliver Schoenwaelder

Share this post


Link to post

Hello!

 

I just have asked if it helped your for diagnostics reasons.

We will continue investigation in the request.

 

Thank You!

Share this post


Link to post
Hello!

 

You must submit the request for the Technical Support - https://companyaccount.kaspersky.com

Then tell us the number of submitted request, and then we will be able to provide you with patch.

 

Thank You!

 

Hi @Vitaly

 

I have the same problem. Could you send me the patch?

 

INC000003013204

 

Endpoint 10.2.1.23

Systems Affected: Windows Seven Enterprise and Windows 8.1

Share this post


Link to post
Hi @Vitaly

 

I have the same problem. Could you send me the patch?

 

INC000003013204

 

Endpoint 10.2.1.23

Systems Affected: Windows Seven Enterprise and Windows 8.1

 

Hello.

 

The patch has been sent to you.

 

Please check your email.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.