Databases are outdated

[DanLavely]

Hi. I have a Kaspersky Security Center 14 server, and about 30 Windows server clients running Kaspersky Endpoint Security, mostly version 11.7.0.669, and some running 11.11.0.452. I know they are older versions but I cannot upgrade them or apply any patches to the clients because this causes a problem with our production application.

Most of the servers are showing red icons with the message "Databases are outdated." On the client itself, the message says "Databases are extremely out of date." 

I have update tasks in the KSC console scheduled to run every 24 hours. Viewing results of the tasks, they show "completed successfully" with "no updates available." There are no errors.

On the clients the update task shows that it just ran. If I run it manually, either from the KSC console/Tasks, the server properties in the KSC console, or on the client server itself, it runs successfully. Yet the "databases are out of date" message persists.

I have 5 or 6 servers that are up to date. I've exhaustively compared all settings side by side and I can find no differences. They are different Windows versions - 2012R2, 2016, and 2022, but some are up to date and some are not from each version. 

I have tested all the correct ports are open between the KES clients and the KSC server. Network Agent is running on all the clients.

This was all working fine until recently. Any help in getting these databases up to date would be greatly appreciated!

[KarDip]

Hello @DanLavely

It sounds like you’re encountering a tricky issue with your Kaspersky Security Center (KSC) and Endpoint Security (KES) setup. Despite successful task execution, the databases on some clients remain outdated. Below are several troubleshooting steps to help resolve this issue, focusing on your setup and possible root causes.

---

1. Confirm Licensing and Support for Older Versions

• Licensing check: Ensure your Kaspersky licenses are valid and that they cover the KES versions you're using. Sometimes, expired licenses prevent the databases from updating correctly.
• Support lifecycle: Kaspersky may no longer support certain features for older versions, like KES 11.7.0.669 or 11.11.0.452. Verify if these versions can still receive updates via your KSC 14.

---

2. Database Signatures vs. Program Modules

• Sometimes Kaspersky’s status messages distinguish between:
  • Database signatures (threat updates).
  • Program modules (software components).
• Check if these clients need module updates, which are different from signature updates. Disable module updates in the policies temporarily, as they may be blocked due to compatibility with your application.

---

3. Update Source Configuration

• Repositories: Double-check that the update task is pulling from the correct repository. KSC can either download updates from:
  • Kaspersky’s servers directly, or
  • A local repository (if you’ve set one up).
• If using a local repository, ensure it is synchronized correctly. If not, try switching the affected clients to download updates directly from Kaspersky’s servers.

To confirm repository usage:

1. Go to KSC Console → Update task → Properties.
2. Check if "Download updates from Administration Server" is enabled. If so, ensure that KSC itself is up to date with the latest databases.

---

4. Force Database Synchronization on Clients

Sometimes, cached data causes database update statuses to get "stuck."

1. Clear KES cache:

   • Stop the Kaspersky Endpoint Security service on the affected client.
   • Delete the contents of the folder:
     C:\ProgramData\Kaspersky Lab\KES\Bases
   • Restart the service and run the update task again.

2. Reset Network Agent:

   • On the client, stop the Kaspersky Network Agent service.
   • Navigate to:
     C:\ProgramData\Kaspersky Lab\NetworkAgent
     Delete the updcache folder.
   • Restart the service.

3. Manual database update:
   Try downloading the latest update packages manually from Kaspersky’s website and apply them to a client server to check if it resolves the issue.

---

5. Policy and Task Inheritance Issues

Some clients might be inheriting settings that prevent updates from applying correctly. Verify the following:

1. In the KSC Console, go to the Policies tab.
2. Ensure there are no conflicting policies or older policies overriding the update task.
3. Check the Tasks tab to see if any legacy tasks are interfering with the newer update tasks.

---

6. Compare Logs of Working vs. Non-Working Clients

Since a few servers are up to date, comparing the logs could provide insight.

• On the affected client:

  • Open KES → Support Tools → Application Logs.
  • Look for update-related errors or discrepancies.

• In the KSC Console, go to:

  • Tasks → Select the Update Task → Details → Results.
  • Compare these logs with those from a working client. Look for any subtle differences in the paths or repositories.

---

7. Network and Proxy Issues

Since network connections can sometimes behave inconsistently:

• Verify proxies or firewalls: Ensure no recent changes were made to the network or proxy settings that could interfere with update downloads.
• DNS settings: Use public DNS servers (like Google DNS or Cloudflare) temporarily to see if it resolves the issue.

---

8. Update Kaspersky Network Agent

Even if you cannot update KES versions, try updating the Kaspersky Network Agent on these clients to the latest version compatible with KSC 14. This agent manages communication between the KSC server and clients, and updating it might resolve the issue.

---

9. Diagnostic Tool (GSI)

Run the Kaspersky GetSystemInfo (GSI) Tool on one of the problematic clients. The GSI tool analyzes the system and identifies potential misconfigurations, network issues, or interference from third-party software.

---

10. Reinstallation as Last Resort

If the issue persists after these steps, consider:

1. Uninstalling and reinstalling Kaspersky Endpoint Security on one affected client.
2. Reconnect it to the KSC server and verify if it resolves the issue.

---

Conclusion

This issue seems to point towards either cache corruption, policy conflicts, or a network/communication glitch. By clearing caches, comparing working vs. non-working logs, and ensuring correct repository settings, you should be able to narrow down the problem. Let me know if these steps resolve the issue or if any further assistance is needed!

Some clients might be inheriting settings that prevent updates from applying correctly. Verify the following:

1. In the KSC Console, go to the Policies tab.
2. Ensure there are no conflicting policies or older policies overriding the update task.
3. Check the Tasks tab to see if any legacy tasks are interfering with the newer update tasks.

Thank you

[DanLavely]

Thank you for the thorough reply! I'm sure I'll find the issue with one of these steps. I will post back here when I do.