AntiVirus installation fails

Version 1

    Verified Product Versions

    LANDESK Management Suite 2016.xLANDESK Endpoint Manager 2017.x

    Environment:

    Tested on IEM2017.1, but probably valid for 9.6 and higher LDMS versions

     

    Issue:.

    This mostly occurs when trying to upgrade the Agent with AV to a higher version. When trying to install the newer version the local InstallAV logfile in %Programdata%\landesk\log keeps returning error 80004005; A reboot is needed to continue the installation. After a reboot however, the same error still occurs.

     

    Solution:

    There can be different reasons for this error:

     

    1.) The uninstall couldn't remove some hidden services

    Check the registry. Look at HKLM\System\CurrentControlSet\Services. Under this key, you will find several KL* keys all related to Kaspersky drivers. When you try to delete them manually, you will get an access denied failure. To resolve this, boot the device in Safe Mode. Now you will be able to delete the keys. Be careful to only delete Kaspersky services! After a reboot back into normal mode, the AV installation will continue.

     

    2.) A Pending filename reboot that can't complete

    Navigate to HKLM\System\CurrentControlSet\Control\Session Manager. Look at the content of the FileRenameOperations or PendingFileRenameOperations key (depending OS). Delete anything related to AV.

     

    3.) There is an installation stuck in progress

    Navigate to HKLM\Software\Microsoft\Windows\CurrentVersion\Installer. Delete any InProgress values. Repeat for  HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Installer

     

    4.) Remove the automatic starts of the AV Installer after reboot

    Navigate to HKLM\Software\WOW6432Node\Landesk\ManagementSuite\Winclient\Vulscan Remove any values related to InstallAV

    Open in notepad the C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\actions.ini (remove (x86) on 32-bit system). Remove any lines related to InstallAV

     

    5. An orphaned UpdateExeVolatile registry value

    Navigate to HKLM\Software\Microsoft\Updates. Reset any 'UpdateExeVolatile' values to '0'. Repeat for  HKLM\Software\WOW6432Node\Microsoft\Updates