Jump to content
vincenzo.bonomo

KES 10 keep crashing and create enc1 files

Recommended Posts

In our company we have a problem with our Kaspersky. KES often crashes in some PCs but it works fine in other PCS that have the same configuration and programs installed (and also the same policy).

We use:

Kaspersky security center 10.4.343

Kaspersky Endpoint security versions 10.3.0.6294 and 10.2.5.3201 (the problem seems not to be related to the version).

We can't see anything wrong from the event viewer, Kaspersky just show a warning "Protection components are disabled" without information on what happened. 

Every time KES crashes create an event in the Kernel event tracing:
Session "{CA94B94F-2F92-4D13-9653-129FD79B271A}" failed to start with the following error: 0xC0000035

The problem is annoying because every time KES crashes it creates dump files (with enc1 extension) filling up the hard drive.

Any suggestions? Thank you

Share this post


Link to post

In my case, sometimes the Update task stops to work (the event section on KSC shows something like "not all components can be updated"), the task starts but does not finish for some reason. After some time (after several task executions which all fail), KES crashes, creates the mentioned dump files and after that crash, KES works again (the update task finishes successfully every time). In my case, this happens only on three computers where a special software is installed and which do not get rebooted for a few weeks. This problem happens on all of the latest KES10 versions.

You can disable the creation of these dumps in the policy (so that it does not fill up the hard drive).

Share this post


Link to post
27 minutes ago, ak01 said:

In my case, sometimes the Update task stops to work (the event section on KSC shows something like "not all components can be updated"), the task starts but does not finish for some reason. After some time (after several task executions which all fail), KES crashes, creates the mentioned dump files and after that crash, KES works again (the update task finishes successfully every time). In my case, this happens only on three computers where a special software is installed and which do not get rebooted for a few weeks. This problem happens on all of the latest KES10 versions.

You can disable the creation of these dumps in the policy (so that it does not fill up the hard drive).

I have already disabled the dump writing thank you.

In my situation in the event for a machine with the problem does't show anything that could indicate what the problem is. For example in one case I just have a running and then complete scan message and then the error. In another case I have a running and complete update message and then the error

Edited by vincenzo.bonomo

Share this post


Link to post
19 hours ago, Nikolay Arinchev said:

Hi,

Could you please provide us with GSI log from one of affected PCs?

Thank you!

Hi, 

how can I send it to you? Thank you

Share this post


Link to post
On 9/6/2017 at 1:07 PM, vincenzo.bonomo said:

In our company we have a problem with our Kaspersky. KES often crashes in some PCs but it works fine in other PCS that have the same configuration and programs installed (and also the same policy).

We use:

Kaspersky security center 10.4.343

Kaspersky Endpoint security versions 10.3.0.6294 and 10.2.5.3201 (the problem seems not to be related to the version).

We can't see anything wrong from the event viewer, Kaspersky just show a warning "Protection components are disabled" without information on what happened. 

Every time KES crashes create an event in the Kernel event tracing:
Session "{CA94B94F-2F92-4D13-9653-129FD79B271A}" failed to start with the following error: 0xC0000035

The problem is annoying because every time KES crashes it creates dump files (with enc1 extension) filling up the hard drive.

Any suggestions? Thank you

Hello,

please disable traces - https://support.kaspersky.com/9343#howto

Thank you.

 

Share this post


Link to post
On 9/6/2017 at 1:07 PM, vincenzo.bonomo said:

The problem is annoying because every time KES crashes it creates dump files (with enc1 extension) filling up the hard drive.

Please give us a screenshot of folder contents with these files.

Thank you.

 

Share this post


Link to post
15 minutes ago, Dmitry Eremeev said:

Please give us a screenshot of folder contents with these files.

Thank you.

 

There are much more files. The folder is about 35gb. I know that I can delete those files and I've already disable the dump writing  but I would like to know why Kaspersky keep crashing in some pcs

KES.JPG

Share this post


Link to post
1 hour ago, vincenzo.bonomo said:

There are much more files. The folder is about 35gb. I know that I can delete those files and I've already disable the dump writing  but I would like to know why Kaspersky keep crashing in some pcs

KES.JPG

Please send us one dump collection - http://support.kaspersky.com/9349

and full GSI with event logs included.

Thank you.

 

Share this post


Link to post
45 minutes ago, Ivan.Ponomarev said:

Hello!

You can upload the dumps to any file sharing ressources you like. 

Thanks!

I've sent everything via PM, thank you

Share this post


Link to post

Many thanks for the info!

Could you please collect the full GSI Report?

To collect the full one please choose the checkbox "include Windows Eventlogs"

Thanks!

Share this post


Link to post
1 hour ago, Ivan.Ponomarev said:

Many thanks for the info!

Could you please collect the full GSI Report?

To collect the full one please choose the checkbox "include Windows Eventlogs"

Thanks!

Sent, thank you

Share this post


Link to post
59 minutes ago, Nikolay Arinchev said:

Please disable self-defence, end avp process, add avp to appviewer and start avp proces back.

Thank you!

I disabled self-defence, when I try to end avp process it gives an error "access denied". I also tried to close Kaspersky and then use appviewer but same result, it crashes.

 

Edit: I've tried in Safe Mode and I could put avp on appverifier. Then I restarted the pc but, despite I can see the avp.exe in the task manager, I can't open Kasperky. Appverifier created 2 .dat file

Edited by vincenzo.bonomo

Share this post


Link to post
26 minutes ago, Nikolay Arinchev said:

Please disable self defence, reboot PC, make sure that self-defence is down and add avp.exe to appviewer.

Thank you!

What I did:

- disable self defence, triy to add avp.exe in appverifier (not appviewer) -> appverfier crashes

- disable self defence, reboot, check if self defence is still disabled, try to add avp.exe in appverifier -> appverifier crashes

I can add avp.exe in appverifier only in Safe Mode and I did it and appverifier creates some log files without any error.

If I restart from the safe mode, avp.exe is still in appverifier and it collects data but I can't open KES.

A part from that, now I got malfunction in KES as you can see in the attached image (even if I reboot and remove it from appverifier).

Capture.JPG

 

EDIT: now Kaspersky is working again

Edited by vincenzo.bonomo

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.