Jump to content
george.h

KES 10 Install Updates Default Task [In progress]

Recommended Posts

Hi,

 

Since upgrading our network from KSC9/KES8 upto KSC/KES10 (and yes "Unprocessed Objects" DOES work MUCH MUCH better in 10) I've noticed some interesting behaviour from the default Install Updates task.

 

Under KSC9/KES 8, when operating under a policy, if an endpoint was not connected to the network (switched off etc) at the scheduled update task time it did't get the updates (database updates etc). It either had to wait until the next scheduled update time or I had to use KSC to manually start the update.

 

Under KSC/KES 10 I've noticed that when I do a remote wake up of endpoints that were switched off at the time the "Install Updates" task was scheduled to run (currently 11am and 11pm), the first thing they seem to do is run the update task. At the moment there is just a single global Install Updates task for all managed endpoints and a single policy for all managed endpoints.

 

I'm wondering if someone could clarify if:

 

1. Is this a new default behaviour?

2. If so what are the parameters for this? i.e. does it always happen or is there a time "window" in which it will happen etc?

3. Are there any options to control this in KSC? I happen to like it but some control over it would be nice.

4. If there are option in KSC to control this behaviour where can I find them? I've looked but can't find anything in either the Policy settings or the Install Updates task settings. Of course I could be being blind LOL!

 

Much appreciated.

George

Edited by george.h

Share this post


Link to post

Can you post the exact version of KSC10. There are 3 versions released.

Share this post


Link to post
Can you post the exact version of KSC10. There are 3 versions released.

 

Hi Helmut,

 

KSC10 is 10.2.434 and the endpoints are all running 10.2.2.10535 mr1

 

Regards

George

Share this post


Link to post
Hi,

 

Since upgrading our network from KSC9/KES8 upto KSC/KES10 (and yes "Unprocessed Objects" DOES work MUCH MUCH better in 10) I've noticed some interesting behaviour from the default Install Updates task.

 

Under KSC9/KES 8, when operating under a policy, if an endpoint was not connected to the network (switched off etc) at the scheduled update task time it did't get the updates (database updates etc). It either had to wait until the next scheduled update time or I had to use KSC to manually start the update.

 

Under KSC/KES 10 I've noticed that when I do a remote wake up of endpoints that were switched off at the time the "Install Updates" task was scheduled to run (currently 11am and 11pm), the first thing they seem to do is run the update task. At the moment there is just a single global Install Updates task for all managed endpoints and a single policy for all managed endpoints.

 

I'm wondering if someone could clarify if:

 

1. Is this a new default behaviour?

2. If so what are the parameters for this? i.e. does it always happen or is there a time "window" in which it will happen etc?

3. Are there any options to control this in KSC? I happen to like it but some control over it would be nice.

4. If there are option in KSC to control this behaviour where can I find them? I've looked but can't find anything in either the Policy settings or the Install Updates task settings. Of course I could be being blind LOL!

 

Much appreciated.

George

 

Hello.

 

From your description, it would appear that "Run missed tasks" option ("Schedule" tab) was previously cleared, and now it is checked. Please see if that is the case.

 

Thank you.

Share this post


Link to post
Hello.

 

From your description, it would appear that "Run missed tasks" option ("Schedule" tab) was previously cleared, and now it is checked. Please see if that is the case.

 

Thank you.

 

Hi Kirill,

 

Yes it was ticked! I obviously missed it. ;)

 

Presumably if multiple "schedule slots" for a single task are missed, because it has been off several days, only a single instance of the task is queued for execution when the endpoint does get switched on?

 

I've seen other anti-virus software (not Kaspersky) that appears to queue an instance of a missed task for every schedule slot that is missed! So if it missed 4 scheduled executions it attempts to run 4 instances when it is switched on, which can cripple the PC.

Edited by george.h

Share this post


Link to post
Hi Kirill,

 

Yes it was ticked! I obviously missed it. ;)

 

Presumably if multiple "schedule slots" for a single task are missed, because it has been off several days, only a single instance of the task is queued for execution when the endpoint does get switched on?

 

I've seen other anti-virus software (not Kaspersky) that appears to queue an instance of a missed task for every schedule slot that is missed! So if it missed 4 scheduled executions it attempts to run 4 instances when it is switched on, which can cripple the PC.

 

Hi,

 

Please clarify what do you mean exactly by multiple "schedule slots"? Please provide us illustrating screenshots if possible.

 

Thank You!

Share this post


Link to post
Hi,

 

Please clarify what do you mean exactly by multiple "schedule slots"? Please provide us illustrating screenshots if possible.

 

Thank You!

 

Hi apologies for the late reply. I'll try to explain using the following example.

 

At present I have updates configured to run every 12 hours at 11:00am and 11:00pm. If the user is not in for a couple of days and his laptop remains switched off, it could miss four "schedule slots" for:

 

Day1: 11pm update (1 slot missed)

Day2: 11am update and 11pm Update (a further 2 slots missed)

Day3: 11am update - user gets in 11:45am (the further and final slot missed)

 

I've seen some anti-virus software which when the machine IS switched on would then attempt to run FOUR updates either simultaneously or FOUR one immediately after the other, one update for each scheduled update it has "missed". This can obviously create resource problems on the laptop. However I have NOT seen this behaviour with Kaspersky.

 

What I am seeing however is not always running the missed task. I'm currently trying to figure out why, if it a network connection issue or something else

 

 

 

 

Share this post


Link to post
Hi apologies for the late reply. I'll try to explain using the following example.

 

At present I have updates configured to run every 12 hours at 11:00am and 11:00pm. If the user is not in for a couple of days and his laptop remains switched off, it could miss four "schedule slots" for:

 

Day1: 11pm update (1 slot missed)

Day2: 11am update and 11pm Update (a further 2 slots missed)

Day3: 11am update - user gets in 11:45am (the further and final slot missed)

 

I've seen some anti-virus software which when the machine IS switched on would then attempt to run FOUR updates either simultaneously or FOUR one immediately after the other, one update for each scheduled update it has "missed". This can obviously create resource problems on the laptop. However I have NOT seen this behaviour with Kaspersky.

 

What I am seeing however is not always running the missed task. I'm currently trying to figure out why, if it a network connection issue or something else

 

Hello,

no, KL products do not have such behavior.

Thank you.

Share this post


Link to post
Hello,

no, KL products do not have such behavior.

Thank you.

 

Thanks for confirming that Dmitry. Some of your competitors products are a real pain because the DO have such behaviour LOL!

 

What I am finding though is because the machines that "miss" the scheduled updates are all laptops, when they do get switched on they generally connect via WiFi. What I think I'm seeing, and am trying to confirm, is that because it takes a little time for the WiFi connection to come up and get established, the "run missed update task" fails because the network connection is not ready when it runs.

 

If this happens, how many times (or for how long) does the update task attempt to connect to the update servers (either KSC or Kaspersky's own) before it gives up?

 

Also, how soon after the machine starts up does Kaspersky attempt to run any "missed tasks"?

 

Is there any way of incorporating a delay to allow time for a WiFi connection to become established before running a missed update task?

 

Best regards

George

Share this post


Link to post
Thanks for confirming that Dmitry. Some of your competitors products are a real pain because the DO have such behaviour LOL!

 

What I am finding though is because the machines that "miss" the scheduled updates are all laptops, when they do get switched on they generally connect via WiFi. What I think I'm seeing, and am trying to confirm, is that because it takes a little time for the WiFi connection to come up and get established, the "run missed update task" fails because the network connection is not ready when it runs.

 

If this happens, how many times (or for how long) does the update task attempt to connect to the update servers (either KSC or Kaspersky's own) before it gives up?

 

Also, how soon after the machine starts up does Kaspersky attempt to run any "missed tasks"?

 

Is there any way of incorporating a delay to allow time for a WiFi connection to become established before running a missed update task?

 

Best regards

George

 

Hi,

 

Unfortunately there is no such option to delay starting missed tasks, but as workaround you can use randomization time for missed tasks, for example 5 min.

It should solve this problem.

 

BR

Share this post


Link to post
Hi,

 

Unfortunately there is no such option to delay starting missed tasks, but as workaround you can use randomization time for missed tasks, for example 5 min.

It should solve this problem.

 

BR

 

Thanks Artem.

 

I've now checked this on two of our laptops. Both were switched on at about 10:30am. Neither attempted to run the missed "install update" task. In addition BOTH machines were on and connected to the network at the normal 11:00am time for the scheduled update task to run. Neither of these machines ran it, yet all of our other machines did. I've looked in the Kaspersky event logs and there are no errors showing. The time and date on both laptops is correct (picked up from the domain controller).

 

I restarted both laptops at around 11:45am and again NEITHER ran the missed update task. The Install Update task itself is deployed from the top level Managed Computers container and was successfully deployed to all machines.

 

Any ideas why these two machines are neither running missed tasks NOR running the scheduled update task at the scheduled time.

 

One is running Windows 7 Pro 32 bit and shows it last running the update task 4 days ago, the other is XP Pro (SP3) and both show the "Install Update" task next due to run on 03/09/2015 at 11:00am, even though it is 08/09/2015 today!

 

All machines are running KES 10.2.2.10535 (mr1).

 

KSC is 10.2.434.

 

Interestingly the XP machine began to run the update task at 12:01!

Both also appear to have an issue with the Virus Scan task as well.

Edited by george.h

Share this post


Link to post

Could you clarify, All these computers (with XP, with 7 and KSC) have the same time and data?

These laptops and computer that have successful task run. Are they working under one policy? Could you provide us this policy?

Also we need GSI report from the problem laptop.

 

What about the first problem, did workaround help?

 

BR

Share this post


Link to post
Could you clarify, All these computers (with XP, with 7 and KSC) have the same time and data?

These laptops and computer that have successful task run. Are they working under one policy? Could you provide us this policy?

Also we need GSI report from the problem laptop.

 

What about the first problem, did workaround help?

 

BR

 

Hi Artem,

 

Yes both of the laptops, along with all of our other PCs, have the correct time and date. This is obtained from our domain controller (configured as the authoritative network time source) following DHCP which itself gets the time from the UK NTP pool.

 

All of the machines are running under a single policy in the root "Managed Computers" container. The machines themselves are in two sub-containers for our two locations. The two laptops in question are in the same container as eight other machines which all appear to work fine.

 

I've attached both the top level default policy and "Install Update" task.

 

Regards

George

Colour_Holographic.zip

Share this post


Link to post
Could you provide us GSI report from one of the problem laptop?

 

BR

 

Hi Artem,

 

No problem. I'll run the GSI tool on both machines for you when I get into the office in a couple of hours and upload them both (if possible).

 

One quick thought, which may be relevant, because we had run out of Kaspersky licenses both of these machines had been running AVG Free. When we renewed our licenses in August this year we increased our license count from 14 to 21, then uninstalled AVG Free before installing KES/KNA 10.

 

Regards

George

Edited by george.h

Share this post


Link to post
Hi Artem,

 

No problem. I'll run the GSI tool on both machines for you when I get into the office in a couple of hours and upload them both (if possible).

 

One quick thought, which may be relevant, because we had run out of Kaspersky licenses both of these machines had been running AVG Free. When we renewed our licenses in August this year we increased our license count from 14 to 21, then uninstalled AVG Free before installing KES/KNA 10.

 

Regards

George

 

Hi Artem,

 

Erm, how do I upload even one GSI report? Even WIHOUT the Windows Event Logs it is almost 2MB in size and the very miserly upload limit here is a fraction of that?

 

George

 

Share this post


Link to post
Hi Artem,

 

Erm, how do I upload even one GSI report? Even WIHOUT the Windows Event Logs it is almost 2MB in size and the very miserly upload limit here is a fraction of that?

 

George

 

I may have found the problem.... Crappy AVG didn't remove itself completely! I'll try again after I've purged every last trace of that garbage...

 

Share this post


Link to post
Hi,

 

Thank you for that info.

 

We will be waiting for your reply!

 

I Nikolay,

 

Removing the last traces of AVG Free made no difference. I've now created the two GSI reports (one from each machine). I've also created a Company Account to submit a support request so that I can upload to two GSI reports (since I can't upload them here).

 

I've FINALLY managed to get the incident created - INC000005040905 - and attached the two GSI reports.

 

I have to say your incident reporting system is pure garbage! That is one of the worst, most unfriendly, and clunky systems I've ever encountered. It took me nearly 20 mins to figure out how to attach files. Much of that because it took SO LONG before the Java applet finally started (on a 3.3GHz iCore 5!!!). You should also be aware that we like a lot of companies are on the verge of ditching Java on client machines. Partly because of Oracle's policy of pushing crappy Yahoo out with updates, partly because it is frankly a waste of time and a bigger security risk than it is useful.

 

Seriously, that system is a BIG disincentive to reporting issues that way..... You can't even copy and paste the damned incident number from it easily! I had to wait for the confirmation email to do that.

 

Stupid stupid system....

Edited by george.h

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.