Kaseya releases Kaseya AV 1.2 (KAV)

We have updated our K2 server to the KAV 1.2, and expect that the SaaS servers should also be upgraded towards the end of December, so I wanted to share with you a few new things in KAV 1.2.

First, this release ONLY affects the Kaseya server, no updates need to be pushed out to the clients.

Server AV support–   finally!    The primary reason for the release of KAV 1.2 was to provide Windows Server support that has been missing from previous releases.   This version will now allow you to install Kaspersky Anti-Virus 6 for File Servers.   All configuration, deployment, and reporting is managed from the Kaseya console.

The File Server module includes a new antivirus engine that dramatically increases system scanning speed, with minimum impact on other programs.

Alerts –  Key events are now logged in the Windows Application log for easy monitoring and alerting.    Kaseya has released a series of Event Log monitor sets to accomplish this.    These alerts cover Error, Warning and Informational Event categories, however we only “listen” to the Error and Warnings.

Here is a Summary of the new Event Sets:

  • § ZC-KAV-CL1-W Client Install Reboot Required
  • § ZC-KAV-DF0-EWI Definitions
  • § ZC-KAV-DF1-W Definitions Not Updated in 2 Days
  • § ZC-KAV-DF2-E Definition Update Failed
  • § ZC-KAV-FS0-EWI Full Scans
  • § ZC-KAV-FS1-I Full Scan Started
  • § ZC-KAV-FS2-I Full Scan Completed
  • § ZC-KAV-FS3-E Full Scan Failed to Complete
  • § ZC-KAV-QS0-EWI Quick Scans
  • § ZC-KAV-QS1-I Quick Scan Started
  • § ZC-KAV-QS2-I Quick Scan Completed
  • § ZC-KAV-QS3-E Quick Scan Failed to Complete
  • § ZC-KAV-TH0-EWI Threats
  • § ZC-KAV-TH1-W Threat Detected
  • § ZC-KAV-TH2-I Threat Remediated

Note that there are 5 types of events, and they are designated by the 8th and 9th letters of the event set as follows:

  • § CLx – Client related alerts
  • § DFx – Anti-Virus Definition related alerts
  • § FSx – Anti-Virus Full Scan related alerts
  • § QSx – Anti-Virus Quick Scan related alerts
  • § THx – Anti-Virus Threat related alerts

The “x” number designates the whether the event is a “roll-up” event, or an individual event.  A “0” means that that event set contains ALL the associated events for that type.    A “1,2, or 3” means it is an individual event set, only focused on specific errors.

The last designator after the event type is the Event category (W –Warning, E- Error, and I – Informational).

Best Practice – Assign the following events (Application Log, Errors and Warnings) to each of the computers that have Kaspersky running:

  1. ZC-KAV-DF0-EWI Definitions
  2. ZC-KAV-TH0-EWI Threats

Please note that the “ignore additional alarms” should be set fairly low, or you are not going to get alerted properly.

Windows Security Center –  Kaseya 6.2 started collecting the Windows Security Center information, showing what AV is installed, whether it was enabled, and if it was up-to-date.    KAV 1.2 now shows which AntiVirus is installed as part of two column sets (Installation and Windows Security Center).  Note: On our server it seems as if there are a great deal of “Data not Reported” showing up.   I have a ticket open with Kaseya to find out how/when this is updated.

Those are the highlights.   For full release announcement visit http://www.kaseya.fr/download/en-us/Files/Kaseya_Antivirus_1_2_Release_Announcement.pdf