Jump to content
mikeymitch

KES10 Web-Antivirus Malfunction [In Progress]

Recommended Posts

Hello.

 

The patch has been sent to you.

 

Please check your email.

 

Hello,

 

The email did not arrive. I believe that the email service does not allow the sending of the executable. Could you send through company account or compressed executable with password?

Share this post


Link to post
Hello,

 

The email did not arrive. I believe that the email service does not allow the sending of the executable. Could you send through company account or compressed executable with password?

 

The file has been sent in an archive with a password to the address you stated while registering in CompanyAccount. If your actual address is different from that, please send me a PM.

Share this post


Link to post
The file has been sent in an archive with a password to the address you stated while registering in CompanyAccount. If your actual address is different from that, please send me a PM.

 

Hi,

 

patch pf430 installed. Problem solved.

Share this post


Link to post
Hi,

 

patch pf430 installed. Problem solved.

 

Hi,

 

Thank You for letting us know!

Share this post


Link to post
This fixed it for me. (This was still an issue on the latest Endpoint 10.2)

 

KES10 [bug ID 216509] - WEB-AV malfunction status when a policy is applied

Product version: KSC / KES 10

Problem summary: When a policy is applied to KES10 machines, WEB-AV malfunctions

Overview: Client has machines running KES10. When those machines take the EP10 Policy, they WEB-AV switch to a malfunction state. Only resolution is fresh install but once the policy is applied, it will return to a malfunction state.

 

Root cause: Web Av ScriptChecker

 

Troubleshooting steps: Attempted to stop and start the web av component after removing the client from policy. Attempted to disable and re-enabled the web av. Created a new policy, did a fresh install and the issue persisted. Fresh install is the only resolution

 

Please try this option first(run the single wks solution first to confirm the fix):

 On a single workstation:

 Stop KES self-defense

 Open registry branch

x64 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

 

x86

HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings

Set parameter UseScriptChecker=0

 

 

i am unable to set value of script checker.. why ?

 

Share this post


Link to post
i am unable to set value of script checker.. why ?

 

Please clarify what seems to be the problem with the described fix.

Thank you.

Share this post


Link to post
Submitted incident INC000003322493 for patch.

 

Thank you,

Ben

Hello!

 

The patch was sent.

Please kindly check your e-mail.

 

Thank You!

Share this post


Link to post
Hello!

 

The patch was sent.

Please kindly check your e-mail.

 

Thank You!

 

Success!

 

Thank you.

Share this post


Link to post
Success!

 

Thank you.

Hello!

 

In that case you can deploy the patch to the other hosts.

 

Thank You for provided information!

Do not hesitate to contact us if you are having any issues with Kaspersky products.

 

Best Regards,

Vitaly Kravtsov.

 

 

Share this post


Link to post
Dear Kaspersky lab

 

Patch 430 and registry not fix issue for me

 

You have any idea??

 

Hi,

 

In this situation please provide in the submitted case detailed issue description and patch installation logs. Let us know the case number.

 

Thank You!

Share this post


Link to post

I continue to have this issue today. Sometimes importing the registry entry fixes it, sometimes it doesn't. Sometimes reinstalling KES 10.2.1.23 fixes it and sometimes it doesn't. I currently have 12 identical machines machines that were all built the same way and all had KES 10.2.1.23 installed the exact same way now one is having the issue where the WEBAV task won't start. None of my workarounds listed above will fix it this time though. If you scroll back through this thread, you see I have opened two incidents to try and solve this although I only sent in logs once as I am way to busy to keep sending in logs every time there is a new attempt at a fix. Is this issue fixed in an official update that I can instal in KSC to make it go away for good? or only via a patch that must be installed on every failing endpoint? I get calls from our end users several times a day with this exact issue and I need the most recent fix (assuming it isn't just a registry entry). Can you send it to me please?

 

Share this post


Link to post
I continue to have this issue today. Sometimes importing the registry entry fixes it, sometimes it doesn't. Sometimes reinstalling KES 10.2.1.23 fixes it and sometimes it doesn't. I currently have 12 identical machines machines that were all built the same way and all had KES 10.2.1.23 installed the exact same way now one is having the issue where the WEBAV task won't start. None of my workarounds listed above will fix it this time though. If you scroll back through this thread, you see I have opened two incidents to try and solve this although I only sent in logs once as I am way to busy to keep sending in logs every time there is a new attempt at a fix. Is this issue fixed in an official update that I can instal in KSC to make it go away for good? or only via a patch that must be installed on every failing endpoint? I get calls from our end users several times a day with this exact issue and I need the most recent fix (assuming it isn't just a registry entry). Can you send it to me please?

 

Hello.

 

Please clarify whether this happens on more clients, in a different version or on the same computers where you already applied that patch?

Also, please let us know numbers of the incidents.

 

Thank you.

Share this post


Link to post

I can't give you a definitive answer as the example I provided is exactly what we just experienced. A group of new computers of the same make and model were built from the same image and then Kaspersky 10.2.1.23 was installed exactly the same way (from a pre built package that was created in KSC. All of them except one worked fine but the last one had the issue where web antivirus would not start. Applying the registry fix did not solve the issue. Uninstalling and reinstalling through KSC solved the issue. I'm a little concerned that the web antivirus not starting issue is much more rampant than most people know since it isn't very obvious from the endpoint and I can't seem to find a way to generate a report of all computers where that task isn't started.

 

 

Hello.

 

Please clarify whether this happens on more clients, in a different version or on the same computers where you already applied that patch?

Also, please let us know numbers of the incidents.

 

Thank you.

 

Share this post


Link to post
I can't give you a definitive answer as the example I provided is exactly what we just experienced. A group of new computers of the same make and model were built from the same image and then Kaspersky 10.2.1.23 was installed exactly the same way (from a pre built package that was created in KSC. All of them except one worked fine but the last one had the issue where web antivirus would not start. Applying the registry fix did not solve the issue. Uninstalling and reinstalling through KSC solved the issue. I'm a little concerned that the web antivirus not starting issue is much more rampant than most people know since it isn't very obvious from the endpoint and I can't seem to find a way to generate a report of all computers where that task isn't started.

 

Hi,

 

As applying the registry fix did not solve the issue for you I would suggest to submit a case and provide the installation logs there for further investigation.

 

Thank You!

Share this post


Link to post

Is the registry fix the only solution you have available to fix this? If you read this thread, I have already opened a total of 2 cases to try and solve this and the only thing I have gotten out of it the registry fix which appears to only work sometimes. I prefer to not open a third case and frankly I just don't have the time to go through all of that for a third time.

Can you provide a way for me to generate a report to look at all of my KES installs to determine which ones have the web antivirus task running or not? I have a feeling this is much more wide spread across my environment but I have no way right now to tell except to logon to each individual endpoint which clearly is not a reasonable option.

 

 

Hi,

 

As applying the registry fix did not solve the issue for you I would suggest to submit a case and provide the installation logs there for further investigation.

 

Thank You!

 

Share this post


Link to post
Is the registry fix the only solution you have available to fix this? If you read this thread, I have already opened a total of 2 cases to try and solve this and the only thing I have gotten out of it the registry fix which appears to only work sometimes. I prefer to not open a third case and frankly I just don't have the time to go through all of that for a third time.

Can you provide a way for me to generate a report to look at all of my KES installs to determine which ones have the web antivirus task running or not? I have a feeling this is much more wide spread across my environment but I have no way right now to tell except to logon to each individual endpoint which clearly is not a reasonable option.

 

These two cases were closed. One of them is mentioning about deploying pf370 so could you please clarify did you try to install pf430 after as well?

 

Thank You!

Share this post


Link to post

I had to open the second case because the first case was closed and I was told it could not be reopened so I had to open a new case. I gave up on the second case also as they wanted me to collect more log information after installing pf370 which did not solve the issue. I didn't have time to keep sending log information for each failed attemp at a patch hence why I am asking now if there was ever an official patch released which it sounds like pf430 is. I was never given pf430 to try.

 

Is there a way to tell what tasks are not running on my endpoints?

 

These two cases were closed. One of them is mentioning about deploying pf370 so could you please clarify did you try to install pf430 after as well?

 

Thank You!

 

Share this post


Link to post
I had to open the second case because the first case was closed and I was told it could not be reopened so I had to open a new case. I gave up on the second case also as they wanted me to collect more log information after installing pf370 which did not solve the issue. I didn't have time to keep sending log information for each failed attemp at a patch hence why I am asking now if there was ever an official patch released which it sounds like pf430 is. I was never given pf430 to try.

 

Is there a way to tell what tasks are not running on my endpoints?

 

The thing is that pf430 is made to fix web-av malfunction as well and I suggest you to apply it. In order to be able to send it to your email please submit a new case and state its number here.

 

Thank You!

Share this post


Link to post

Looks like registry parameter "UseScriptChecker" switches to 1 when Heuristic analysis is disabled in Web Anti-Virus policy on KCS. When I

set in Web Anti-Virus policy to Security Level -> By default and then delete all in [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings]

Web-Antivirus starts to work.

Share this post


Link to post
Looks like registry parameter "UseScriptChecker" switches to 1 when Heuristic analysis is disabled in Web Anti-Virus policy on KCS. When I

set in Web Anti-Virus policy to Security Level -> By default and then delete all in [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES10\profiles\Protection\profiles\Web_Monitoring\profiles\httpscan\settings]

Web-Antivirus starts to work.

 

Hello,

did it fix this issue?

Thanks.

Share this post


Link to post
Hello,

did it fix this issue?

Thanks.

 

Yes. Setting Web Anti-Virus policy Security Level to By default fixes issue. On newly added workstations "UseScriptChecker" is set to 0.

Share this post


Link to post
Yes. Setting Web Anti-Virus policy Security Level to By default fixes issue. On newly added workstations "UseScriptChecker" is set to 0.

 

Hi,

 

Thank You for the information provided!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.