So in the never-ending saga of KAV functionality, we discovered that after the 9.2.13 patch, many (about 15%)of our endpoints didn’t seem to be getting updated virus definitions. We have sadly gotten used to the mismatch between the console and the agent, but in the past, it was always the console that was wrong, the agent was just fine, so we have been ignoring the warnings.
First the backstory… In the 9.2.10 patch, Kaseya released Kaspersky 10 SP1 (10.2.4.674). During this release some changes were made on how definitions were updated, and those changes seemed to have broken some (many) of the Kaspersky 10 (10.2.1.23) version agents. What they weren’t clear about is that you needed to re-apply your Profile.
STEP 1 – Re-apply your profile to all KAV machines (new and old)!
We did that, and it helped, but we still had many that didn’t seem to be updating, so I remembered a script and KB article that was published by Kaseya back in December , so I downloaded and ran that script, but sadly it only worked for the 10.2.1.23 version, and didn’t work on the SP1 version, and certainly not any old V6 (yikes!). So we went back to the drawing board.
The Solution: We “pimped that script”, and now have a good way to tell us which machines are actually out of date. Here is how to use it:
STEP 2 – Create a custom field called “KAVDefinitionsOutOfDate”. If you are on our Hosted servers (K2, VA4), you can skip this step, we have already done it for you. (if you aren’t sure how to do this, click the Kaseya link above, Gonzalo does a good job of showing you)
STEP 3 – Download our “Check KAV Definition Date” script and import it. Hosted partners will find it under “_VA Scripts, AntiVIrus, KAV”, everyone else can find it on our ClubMSP site (login required).
STEP 4 – Schedule the script to run once or so times a day on all of your KAV-loaded workstations (you can use a view for this).
STEP 5 – Create a view to help you filter out only the machines with old definitions:
PS. you can also use the $KAV$ and/or the $OOD$ (out of date) tags to run reports on the results of this script.
So now what?
So the next steps get complicated, and in our testing, NOTHING is 100%
- Re-apply your profile (as mentioned above) to ALL KAV machines.
- Make sure your Agent is up to date.
- Reboot the agent
- Schedule our “Push KAV / Kaspersky Definitions” (login required) script every 3-4 hours on these machines.
- Upgrade to SP1 (requires a reboot, so do it after hours!) (and re-apply profile)
If those steps don’t work if may come down to an full uninstall / reinstall of KAV.
We are hoping to see a re-write of the KAV in the April/May release, so we anticipate that this will run much more smoothly in the future, but for the next 2 months or so, it is going to be a challenge. Be sure to open tickets with us, and also review the Kaseya KB for more information.
https://helpdesk.kaseya.com/entries/104212683–KAV-Master-General-Definitions-Detection-Issues
https://helpdesk.kaseya.com/entries/98844897-KAV-Kaspersky-definition-files-failing-to-update
Good luck!