Jump to content
Kavuser10

Self-Defnece blocking Endpoint Protection itself

Recommended Posts

Hello,

About 15 minutes ago Kav 11.1 started to turn itself off and on by itself. Looking at logs I see that avp.exe process is blocked by Self-Defence module.

I will upload GSI asap.

2018-12-11_15-19-55.gif

avp_2018-12-11_15-16-36.png

Edited by Kavuser10

Share this post


Link to post

I can further add that this is happening on all test machines where I have v11.1 beta installed. 

Edited by Kavuser10

Share this post


Link to post

On a another machine I see from System Audit log that Self-Defense is blocking all kinds of stuff like Windows Explorer and VirtualBox Guest Additions.

Share this post


Link to post
7 hours ago, Nikolay Arinchev said:

Hi,

Is it possible to collect KES logs while this behaviour reoccurs?

Thank you!

Hello,

The first set of traces were created while the problem occurred. I have collected additional set of traces and logs from a different machine. Sent to KLCentralSupport

Share this post


Link to post
В 12.12.2018 в 13:48, Kavuser10 сказал:

Hello,

The first set of traces were created while the problem occurred. I have collected additional set of traces and logs from a different machine. Sent to KLCentralSupport

Hello!

Does this behavior reproduce with default settings and right after the installation.

Please provide us with export of KES settings.

Thank you!

Share this post


Link to post

Settings sent to KLCentralSupport

On this particular machine from which I exported the settings the File and Web Threat Protection heuristics is set to maximum, other settings are default. But the similar behavior manifests on other machines too with default settings.

Share this post


Link to post

The behavior manifest on a clean install as soon as I hit the  Start button to begin downloading updates. After that Kaspersky keeps unloading and blocking itself as well as other various processes. As this began spontaneously out of the blue, I would think that something broke with some module or signature update.

Edited by Kavuser10

Share this post


Link to post
18 hours ago, Ivan.Ponomarev said:

Hello!

Could you please provide a fresh GSI after you have updated your KES? 

Thanks!

Hello,

I have created a new GSI report and collected a new set of traces while the  problem occurs with the newer beta version. Sent to KLCentralSupport

Share this post


Link to post
4 minutes ago, Nikolay Arinchev said:

Hi,

Unfortunately, the link that was sent to KLcentral Support does not contain anything.

Could you please correct it?

Thank you!

Hello,

Strange. I have created a new link and posted it in reply to my original message.

Share this post


Link to post

Any update on this? Since this started happening KES 11.1 has been completely unusable on most machines I run it. Constantly turning itself on and off and being completely unstable. On some machines I actually had to remove it as it started to cause system instability, block all web traffic and generate ARP attack false positives.

Share this post


Link to post

Hi,

Unfortunately, there is no new info yet.

We will inform you as soon as we receive any response from RnD team.

Thank you!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.