Jump to content
Peter222

KES10SP1 MR3 - Netmotion still not supported - marked as incompatible software now and is uninstalled [In progress]

Recommended Posts

Installed KES 10 SP1 MR3 and now found that my NetMotion Mobility Client 10.72.56065 is on the incompatible software list and gets uninstalled automatically when MR3 is installed. This was suppose to be supported with MR3, see: https://forum.kaspersky.com/index.php?s=&am...t&p=2606118

 

Had to locate a bootable USB copy of Win10 to edit the registry hive to add the Netmotion fix manually, before restarting the PC. Unfortunately, you still have to install the registry file that Netmotion Wireless provides to not hook the avp.exe DLL to get it working on MR3. MOST law enforcement agencies use the Netmotion VPN client in their environments to support their typically roaming behavior across various types of networks without loosing session connectivity to applications. This begs the questions, how many law enforcement agencies are using Kaspersky?

 

Highly disappointed with Kaspersky. Great product, but patches and version releases are way behind the industry norm.

 

And yes, I've reported the issue with Netmotion early on when KES10 SP1 MR2 was released and from the forum I see several folks have incidents submitted.

 

 

Share this post


Link to post
Installed KES 10 SP1 MR3 and now found that my NetMotion Mobility Client 10.72.56065 is on the incompatible software list and gets uninstalled automatically when MR3 is installed. This was suppose to be supported with MR3, see: https://forum.kaspersky.com/index.php?s=&am...t&p=2606118

 

Had to locate a bootable USB copy of Win10 to edit the registry hive to add the Netmotion fix manually, before restarting the PC. Unfortunately, you still have to install the registry file that Netmotion Wireless provides to not hook the avp.exe DLL to get it working on MR3. MOST law enforcement agencies use the Netmotion VPN client in their environments to support their typically roaming behavior across various types of networks without loosing session connectivity to applications. This begs the questions, how many law enforcement agencies are using Kaspersky?

 

Highly disappointed with Kaspersky. Great product, but patches and version releases are way behind the industry norm.

 

And yes, I've reported the issue with Netmotion early on when KES10 SP1 MR2 was released and from the forum I see several folks have incidents submitted.

Hi,

 

What issue you reported earlier? Could you please provide this numbers?

 

Thank you!

Share this post


Link to post
Hi,

 

What issue you reported earlier? Could you please provide this numbers?

 

Thank you!

 

The issue was and is still that the PC will lock up/freeze after logging in when the KES10 SP1 MR2 (and now still MR3 client) and the Netmotion VPN client is installed. Here is my incident number from 1/29/2016: INC000005714545

 

Konstantin, you were the one who indicated in the referenced post (https://forum.kaspersky.com/index.php?s=&showtopic=345867&view=findpost&p=2606118) that "Netmotion support will be released in next builds of MR3 beta."

 

Share this post


Link to post
The issue was and is still that the PC will lock up/freeze after logging in when the KES10 SP1 MR2 (and now still MR3 client) and the Netmotion VPN client is installed. Here is my incident number from 1/29/2016: INC000005714545

 

Konstantin, you were the one who indicated in the referenced post (https://forum.kaspersky.com/index.php?s=&showtopic=345867&view=findpost&p=2606118) that "Netmotion support will be released in next builds of MR3 beta."

Unfortunately, at this moment Netmotion software are incompatible with KES MR3, to continue investigation of this problem you need to create incident through the CompanyAccount and provide this number to us.

 

Thank you!

Share this post


Link to post

So what are we supposed to do for our devices that are running Netmotion? All of the companies that use it were being told here and by Kaspersky support to wait for the new release of KES MR3 for months and that it would resolve the issue. We had been waiting for MR3 with hopes that it would resolve the issue. Then when specifically asked about it (which that was me that had asked in the other thread) we were told that the issue has been resolved.

 

Now we are finding out that it hasn't been resolved and may in fact be worse? If it is set as incompatible and is marked for uninstallation when MR3 updates we will have to work to prevent it from installing MR3 on the systems that are still working with Netmotion (which may be another support call).

 

Is Kaspersky Lab working on any type of emergency fix for this compatibility issue with Netmotion? Without a solution we will have to look elsewhere for our antivirus software since we can't leave a large number of devices unprotected. And it will only get worse as Windows 10 is deployed since that is where the issue first cropped up from here.

Share this post


Link to post
So what are we supposed to do for our devices that are running Netmotion? All of the companies that use it were being told here and by Kaspersky support to wait for the new release of KES MR3 for months and that it would resolve the issue. We had been waiting for MR3 with hopes that it would resolve the issue. Then when specifically asked about it (which that was me that had asked in the other thread) we were told that the issue has been resolved.

 

Now we are finding out that it hasn't been resolved and may in fact be worse? If it is set as incompatible and is marked for uninstallation when MR3 updates we will have to work to prevent it from installing MR3 on the systems that are still working with Netmotion (which may be another support call).

 

Is Kaspersky Lab working on any type of emergency fix for this compatibility issue with Netmotion? Without a solution we will have to look elsewhere for our antivirus software since we can't leave a large number of devices unprotected. And it will only get worse as Windows 10 is deployed since that is where the issue first cropped up from here.

 

Please collect full GSI report and specify a download link for Netmotion exe.

Thank you.

Share this post


Link to post
Please collect full GSI report and specify a download link for Netmotion exe.

Thank you.

 

I've have done both of these in my previous incident. Also, I have FTP'd the executables twice to Kaspersky R & D.

Share this post


Link to post
I've have done both of these in my previous incident. Also, I have FTP'd the executables twice to Kaspersky R & D.

 

 

Sorry that we ask information twice, but we need diagnostic information for the new KES version.

Thank you.

Share this post


Link to post
Sorry that we ask information twice, but we need diagnostic information for the new KES version.

Thank you.

 

I cannot produce a GSI report since I cannot login to the desktop because of the freeze/lock up issue. The only way to get this working is to add the Netmotion reg key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NMDRV\Params\Mobility Client\NoDllHookProcesses]

"KasperskyAvp"="avp.exe"

 

I don't know if this will hamper troubleshooting, but I will go ahead and create a new company incident and post the number here.

Share this post


Link to post
I cannot produce a GSI report since I cannot login to the desktop because of the freeze/lock up issue. The only way to get this working is to add the Netmotion reg key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NMDRV\Params\Mobility Client\NoDllHookProcesses]

"KasperskyAvp"="avp.exe"

 

I don't know if this will hamper troubleshooting, but I will go ahead and create a new company incident and post the number here.

 

If you have precious case numbers from earlier KES versions with this issue, please state them in the incident as well.

From there, a support specialist should assist you within the incident.

 

Thank you.

Share this post


Link to post
I cannot produce a GSI report since I cannot login to the desktop because of the freeze/lock up issue. The only way to get this working is to add the Netmotion reg key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NMDRV\Params\Mobility Client\NoDllHookProcesses]

"KasperskyAvp"="avp.exe"

 

I don't know if this will hamper troubleshooting, but I will go ahead and create a new company incident and post the number here.

 

 

Created new incident INC000006577341 and attached the requested files. Added previous incident number INC000005714545 (1/29/2016) to the case for reference.

Edited by Peter222

Share this post


Link to post
Created new incident INC000006577341 and attached the requested files. Added previous incident number INC000005714545 (1/29/2016) to the case for reference.

 

We have clarified the situation.

Netmotion has actually been added as incompatible software, as its driver nmdrv.sys interferes with KES operation.

Unfortunately, this is expected behavior. Simultaneous existence of KES and Netmotion on one host is unsupported.

 

Thank you.

Share this post


Link to post

Does this mean that the Netmotion compatibility issue is closed permanently or is active work happening to allow it and KES to run simultaneously?

 

What happened that caused this issue since when we first started using KES 1.5 years ago it was compatible and functioning alongside Netmotion and then these issues began to show up first from Windows 10 and then back on previous versions of Windows?

 

We unfortunately will have to find another protection product if KES is incompatible with Netmotion since those devices are currently unprotected and now we're worried that we will loose our VPN connectivity when MR3 is released and it may uninstall Netmotion during the upgrade (this is what the forum posts make it sound like will happen).

 

EDIT:

Looking at the incompatible software list has 4 entries for Netmotion Mobility Client 10.72.56065 Is it possible that it could be make it work with later versions if Kaspersky Lab engineers work with Netmotion Engineers (if that is possible)?

Edited by ICG

Share this post


Link to post

I feel for both sides in this issue. You are always going to have potential compatibility issues when you have two applications hooking into the network stack, such as VPN client and an endpoint security product like KES.

 

 

Serious suggestion: is there any reason you cannot move, in the longer term, to using IKEv2/MOBIKE with the client built in to Windows? MOBIKE addresses the major problem with IPsec identified in NetMotion's own white paper - without MOBIKE, a disconnect occurs when an endpoint changes IP address. Compression is possible using IPsec.

 

I have no problems using Windows 10's own VPN client against the IKEv2 endpoint in the open-source pfSense firewall. The total cost of deployment in production was my time plus the hardware that runs pfSense. MOBIKE works well. The only problem I have, which is common to pretty much all non-Windows IKEv2 servers, is that IPv6 routes are not established by the client. This is easily sorted by adding a static route to the connection in Windows using the Add-VpnConnectionRoute PowerShell cmdlet.

 

If you wish to experiment, you can always fire up pfSense in a VM.

 

 

Obviously, if you need FIPS certification or similar, your options for the server end are restricted and you may not be able to use an open source product. Even so, there has to be an alternative to proprietary VPN technologies.

Share this post


Link to post
Does this mean that the Netmotion compatibility issue is closed permanently or is active work happening to allow it and KES to run simultaneously?

 

What happened that caused this issue since when we first started using KES 1.5 years ago it was compatible and functioning alongside Netmotion and then these issues began to show up first from Windows 10 and then back on previous versions of Windows?

 

We unfortunately will have to find another protection product if KES is incompatible with Netmotion since those devices are currently unprotected and now we're worried that we will loose our VPN connectivity when MR3 is released and it may uninstall Netmotion during the upgrade (this is what the forum posts make it sound like will happen).

 

EDIT:

Looking at the incompatible software list has 4 entries for Netmotion Mobility Client 10.72.56065 Is it possible that it could be make it work with later versions if Kaspersky Lab engineers work with Netmotion Engineers (if that is possible)?

 

Apparently, since the cause of the issue was found to be the Netmotion driver (i.e. cannot be solved or worked around by Kaspersky developers), the incompatibility took place beginning with a certain Netmotion version, possibly while dealing with the new OS compatibility issues.

It is possible that future versions will be compatible, but currently no such plans are known.

 

Thank you.

 

DavidW, thank you for your suggestions.

Share this post


Link to post

Are there any steps that can be taken to prevent KSC from automatically updating the clients to MR3? I'm worried that when it upgrades them it may remove Netmotion (if I understand the incompatible software removal behavior correctly).

 

I'm wanting to recall that MR2 showed up as a software update at one point and if MR3 shows up that way then it can be marked as not applicable to prevent the installation. But now I can't find MR2 in the update list as a reference so I was wondering if the procedure may have changed? We are running KSC SP2.

Share this post


Link to post
Are there any steps that can be taken to prevent KSC from automatically updating the clients to MR3? I'm worried that when it upgrades them it may remove Netmotion (if I understand the incompatible software removal behavior correctly).

 

I'm wanting to recall that MR2 showed up as a software update at one point and if MR3 shows up that way then it can be marked as not applicable to prevent the installation. But now I can't find MR2 in the update list as a reference so I was wondering if the procedure may have changed? We are running KSC SP2.

 

If you are managing KES hosts via KSC, you need to approve the MR3 update manually so that it gets deployed to clients. Otherwise it doesn't.

 

Thank you.

Share this post


Link to post

Has anyone tried out Netmotion Mobility version 11.02 released Aug 31, 2016 with MR3? We are curious if the incompatibility may have been resolved with the newer version but didn't see anything specific about it in the release notes.

 

We will test it out here just to check but it will be a few weeks before we are able to check it. We will contact their support to check on the issue too and see if they have any information on the status and see if there are any negative issues with the workaround Peter222 mentioned earlier.

Share this post


Link to post
Has anyone tried out Netmotion Mobility version 11.02 released Aug 31, 2016 with MR3? We are curious if the incompatibility may have been resolved with the newer version but didn't see anything specific about it in the release notes.

 

We will test it out here just to check but it will be a few weeks before we are able to check it. We will contact their support to check on the issue too and see if they have any information on the status and see if there are any negative issues with the workaround Peter222 mentioned earlier.

 

I'm testing with the Mobility version 11.01.15791 and during install I've noticed that it now adds the registry "fix" for the 10.72 version automatically, but under a different string value name, with the same value (avp.exe). I have not tried falling back to MR2 and then updating to MR3 with the Mobility 11.01 client, because I've already updated to the Win10 Anniversary Update (Redstone 1) which is only compatible on MR3.

 

From the incompatibility list text file that accompanies MR3 the Mobility Client versions that will be uninstalled are all 10.72 flavors (Win7 32/64 bit and Win8-10 32/64bit). I don't suspect 11.x would be uninstalled because it's not listed. All existing Mobility 10.72 clients would be your problem child and would need to be upgraded to version 11 prior to installing MR3 or approving it in KSC.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.