Jump to content
TheTeek

KES 8 KAVremove, result no USB and network

Recommended Posts

We are still having some troubles with KES 8 removal because of problems related to an earlier patch or signature release which Kaspersky released.

Some machines are unresponsive and removal of KES is really difficult, in some cases it is impossible to remove Kaspersky with add/remove programs.

Then the only way to remove Kaspersky is with the KAVremove tool, provided by Kaspersky.

 

But this has resulted in some mayor problems on systems, systems lost network connections and USB after successfull removal of Kaspersky KES 8 with this tool.

The only way to solve this was to go back to an earlier system state in Windows (7).

 

These problems really aren't helping to keep our employees happy with Kaspersky, they just need their work done, and we need to keep them up to date.

But it is really annoying, this isn't the first time Kaspersky released a wrong update.

 

We have spend hours of troubleshooting allready...

Share this post


Link to post
Did you install all patches?

 

thanks for the reply!

 

No but that was the intention, the problem is that Kaspersky ruined the machine before i was able to install the patches which solve these problems.

These systems are not manageable from the security center because they are constantly crashing the agent.

 

After a successfull removal, when an uninstall of the product works, the new kes 8 client was allready preinstalled with all patches, which was done in the security center repository.

Share this post


Link to post
We are still having some troubles with KES 8 removal because of problems related to an earlier patch or signature release which Kaspersky released.

Some machines are unresponsive and removal of KES is really difficult, in some cases it is impossible to remove Kaspersky with add/remove programs.

Then the only way to remove Kaspersky is with the KAVremove tool, provided by Kaspersky.

 

But this has resulted in some mayor problems on systems, systems lost network connections and USB after successfull removal of Kaspersky KES 8 with this tool.

The only way to solve this was to go back to an earlier system state in Windows (7).

 

These problems really aren't helping to keep our employees happy with Kaspersky, they just need their work done, and we need to keep them up to date.

But it is really annoying, this isn't the first time Kaspersky released a wrong update.

 

We have spend hours of troubleshooting allready...

 

This happened to me as well on a few systems that had no restore points set up. The only solution was to restore backup registry hives from %windir%\system32\config\regback. This is really an unbelievable issue, kind of ridiculous that the KAVremover tool (which is supposed to *solve* problems created by Kaspersky), makes workstations completely unusable.

 

Share this post


Link to post

I too have ran into this issue more frequently as well. I have had to manually go into the registry, find the hardware guid's for the bad USB, Network adapters, and delete the upperFilters registy key.

It seems like the Windows OS uses a Kaspersky driver (KLFLTDEV) for the USB connections and network connections. The kavremover tool must not reset these drivers or something, because deleting the key, then rebooting fixes the driver issues. Then we have to re-install Kaspersky.

The machines that this has happened to for us have all been patch a,b.

 

This whole process has been an administrative nightmare! I have touched more PC's with anti-virus issues in the 2 months we have had Kaspersky, then I did for the 8 years we used another vendor.

 

Does anyone from KL know why these drivers get screwed up after running kavremover in safe mode?

Share this post


Link to post

Dear TheTeek, vm7118, jmort84,

trust you are well.

 

Thank you all for your feedback, we really appreciate it. May I ask you if you did create incidents, concerning this issue, in the CompanyAccount, and if you did - may I ask you to kindly provide me with the numbers for these incidents either in Private Messages or here?

 

Please kindly accept apologies for any inconvenience caused.

 

Thank you for co-operation.

 

Best regards,

Igor Akhmetov.

Share this post


Link to post

No I did not, but I will tomorrow.

These incidents cost us a lot of trouble and to be honest, the most problems we managed to solve our own, I know you should know of this, and that we needed to create an incident call.

But in an hasty environment, where time is short I did not create the ticket.

 

Thanks for your reaction, It gives me trust. someone does seem to care about issues.

Edited by TheTeek

Share this post


Link to post
I too have ran into this issue more frequently as well. I have had to manually go into the registry, find the hardware guid's for the bad USB, Network adapters, and delete the upperFilters registy key.

It seems like the Windows OS uses a Kaspersky driver (KLFLTDEV) for the USB connections and network connections. The kavremover tool must not reset these drivers or something, because deleting the key, then rebooting fixes the driver issues. Then we have to re-install Kaspersky.

The machines that this has happened to for us have all been patch a,b.

 

This whole process has been an administrative nightmare! I have touched more PC's with anti-virus issues in the 2 months we have had Kaspersky, then I did for the 8 years we used another vendor.

 

Does anyone from KL know why these drivers get screwed up after running kavremover in safe mode?

 

It's not just in safe mode. I ran KAVremover in a normal boot environment when this happened. I had never seen it before last Friday, and then it happened on 3 machines at once while I was trying to "upgrade" to KES10.

 

Would you mind breaking down the USB/LAN GUID solution in more detail? This way, if it happens again, I won't have to restore the entire registry from backup. Thanks in advance.

 

Dear TheTeek, vm7118, jmort84,

trust you are well.

 

Thank you all for your feedback, we really appreciate it. May I ask you if you did create incidents, concerning this issue, in the CompanyAccount, and if you did - may I ask you to kindly provide me with the numbers for these incidents either in Private Messages or here?

 

Please kindly accept apologies for any inconvenience caused.

 

Thank you for co-operation.

 

Best regards,

Igor Akhmetov.

 

I did not create a case. The turnaround time after creating a case in CompanyAccount is massive, and the wait time when calling in is massive, despite our purchase of Gold Support.

Edited by vm7118

Share this post


Link to post

Here's is what I have done: (this worked for me, but be careful with the registy!)

 

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class

 

Expand Class by click the + or >, You should see a long list of subkeys open up under Class that look something like this: {4D36E965-E325-11CE-BFC1-08002BE10318}.

 

In Device Manager, right click on the USB device with the ! and choose Properties. You should see in the Device Status box an error code 19 and something like this "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged."

 

Now click on the Details tab. The Property should have a drop down arrow, click that arrow and choose Device class guid.

Now in the Value box, you should see something like this {4D36E965-E325-11CE-BFC1-08002BE10318}.

 

Go back to the registy editor and find this string in the Class folder and click on it.

 

In the results that appear on the window on the right, locate the UpperFilters and LowerFilters values. If you only see one or the other value, that's fine.

 

NOTE: If you don't see either registry values listed, this solution isn't for you. Double check that you're looking at the correct device class but if you're sure you are, this will not work and you may need to find another way to fix.

 

Right-click on UpperFilters and choose Delete. Choose Yes to the "Deleting certain registry values could cause system instability. Are you sure you want to permanently delete this value?" question

 

Do the same for the LowerFilters if you have them (I never saw a LowerFilters value on the machines here, only UpperFilters)

 

Close registry editor and restart. You can do this for multiple devices at once.

I also found out that with the USB's, after I did this the first time, then it recognized the keyboard and mouse and those had !, so I had to find those guid's and repeat this process and restart again.

 

If you've completed these steps due to a Device Manager error code, you can view the device's status in Device Manager to see if the error code is gone.

Share this post


Link to post
Here's is what I have done: (this worked for me, but be careful with the registy!)

 

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class

 

Expand Class by click the + or >, You should see a long list of subkeys open up under Class that look something like this: {4D36E965-E325-11CE-BFC1-08002BE10318}.

 

In Device Manager, right click on the USB device with the ! and choose Properties. You should see in the Device Status box an error code 19 and something like this "Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged."

 

Now click on the Details tab. The Property should have a drop down arrow, click that arrow and choose Device class guid.

Now in the Value box, you should see something like this {4D36E965-E325-11CE-BFC1-08002BE10318}.

 

Go back to the registy editor and find this string in the Class folder and click on it.

 

In the results that appear on the window on the right, locate the UpperFilters and LowerFilters values. If you only see one or the other value, that's fine.

 

NOTE: If you don't see either registry values listed, this solution isn't for you. Double check that you're looking at the correct device class but if you're sure you are, this will not work and you may need to find another way to fix.

 

Right-click on UpperFilters and choose Delete. Choose Yes to the "Deleting certain registry values could cause system instability. Are you sure you want to permanently delete this value?" question

 

Do the same for the LowerFilters if you have them (I never saw a LowerFilters value on the machines here, only UpperFilters)

 

Close registry editor and restart. You can do this for multiple devices at once.

I also found out that with the USB's, after I did this the first time, then it recognized the keyboard and mouse and those had !, so I had to find those guid's and repeat this process and restart again.

 

If you've completed these steps due to a Device Manager error code, you can view the device's status in Device Manager to see if the error code is gone.

 

Thank you for this breakdown. Unfortunately, one of the machines on which this problem appeared has no PS/2 ports... so I had no way of controlling the machine in person (or remotely, due to no network connection) after Windows had started up. This is why I ended up booting into recovery mode and copying %windir%\system32\config\regback into its parent folder. Seemed to have done the trick. But this is obviously a less desirable solution, since the registry backup can be a month old or more.

Share this post


Link to post
Thank you for this breakdown. Unfortunately, one of the machines on which this problem appeared has no PS/2 ports... so I had no way of controlling the machine in person (or remotely, due to no network connection) after Windows had started up. This is why I ended up booting into recovery mode and copying %windir%\system32\config\regback into its parent folder. Seemed to have done the trick. But this is obviously a less desirable solution, since the registry backup can be a month old or more.

 

We had the same problem with a machine with no PS/2 port, the only way to solve this was to start from an USB stick with windows, start the recovery and returned to a system restore point.

This was all done on windows 7 machines.

Share this post


Link to post
We had the same problem with a machine with no PS/2 port, the only way to solve this was to start from an USB stick with windows, start the recovery and returned to a system restore point.

This was all done on windows 7 machines.

Right, accomplishes the same thing. I went with registry restore because 1) it's obviously some kind of driver issue, and 2) the system had no restore points :(

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.