14 Replies Latest reply on Sep 16, 2013 9:32 AM by ezio.pillan

    LANDesk 9.5 - Kaspersky Antivirus 10

    RogerHolmes Rookie

      I've ran into an issue after deploying the new client, the agent itself seems to be working ok, however AV is running every 3-4 hours on the clients. I was going on the fact that according to this document http://community.landesk.com/support/docs/DOC-27009 that none of the AV settings will show within the GUI - we have chosen not to give the users the "Settings" tab within the AV software, and have a scheduled task that runs under LocalSch.exe

       

      3: C:\Program Files\LANDesk\LDClient\antivirus\ldav.exe /update

          handle    : 893748

          start     : Tue Jul 16 19:09:54 2013

          frequency : 86400

       

      That should have scheduled it to run once a week, the original schedule doesn't seem to be folllowing the task set out for it when it was installed. I attached a screen shot from the LocalSch.exe | more output

       

      Any suggestions?

        • 1. Re: LANDesk 9.5 - Kaspersky Antivirus 10
          RogerHolmes Rookie

           

          That should read LANDesk 9.5 SP1 with the vulscan patch applied, not just 9.5



           

           

           

           

           

          Also I just double checked and according to the registry it's using the correct number policy to scan once a week at noon, I'd started it on Saturday



           

          •Key: HKLM\Software\LANDesk\ManagementSuite\WinClient\Vulscan



           

          •DWORD Value: KLBehavior



           

           

          I can find no XML file on XP in the location specified in the allusers folder defining behaviour.



           

          Wrong area for help? Sorry if I posed in the wrong forum or thread. !http://community.landesk.com/support/images/emoticons/confused.gif|___jive_emoticon_name=confused|jivemacro=emoticon|class=jive_macro jive_emote|src=http://community.landesk.com/support/images/emoticons/confused.gif!

           

          Ok so I found the KLbehaviour_vXXX.XML on the machine, as well as others, and they refer back to the set behaviour built to scan once a week that "did" work perfectly well before going to 9.5....this gets more confusing all the time.


          At the same time I had deployed to a few machines that were chosen to not ever run a scan and the machine I checked seemed to be working fine, it wasn't running the scan repeatedly, and in the about it stated a scan was not scheduled (as it should) and it's updating daily as defined.

           

          My bad - I now noiticed I pasted the wrong job (buit it was in the original attachment)

           

            2: C:\Program Files\LANDesk\LDClient\antivirus\ldav.exe /scancomputer /AVSche

          uledScanType=1

               handle    : 893747

               start     : Tue Jul 16 19:09:54 2013

               frequency : 604800                                     <-- 1 week

          • 2. Re: LANDesk 9.5 - Kaspersky Antivirus 10
            RogerHolmes Rookie

            Thanks for everyones assistance!

            • 3. Re: LANDesk 9.5 - Kaspersky Antivirus 10
              Rookie

              Hey RogerHolmes have you had any luck working this out?

               

              I am experiencing the same problem but only on servers - on one has reported slow workstations at this stage.

               

              The scan was running again as soon as it stopped before applying SP1.

               

              Odd thing is it doesn't affect all servers - but it does bring them to a grinding halt on the ones it does.

              • 4. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                RogerHolmes Rookie

                The only luck I ever had was to change the schedule to no scanning (and even at that it still does a critical scan once in a while - it would be nice if LANDesk would communicate with the third party they get their AV from to find these solutions).. After having the PC's scanned many many times over several days I'm going with real time protection until some sort of a solution can be found. I plan on testing the import of schedules from settings on a PC I have set up to have the settings tab available, but for the general user I don't have this available.

                 

                I have one other issue where if I leave Update Program Modules enabled the program takes an update and the license goes bad and the AV shuts down on a reboot. The solution from LANDesk is to disable the Update Program Modules - and yes, it does stop the problem but it's not a fix and according to what I was told a "hotfix" was being worked on to resolve this.

                 

                The servers are running different AV software and that's not my department but thank goodness we aren't having that issue with the servers also!

                 

                Don't get me wrong LANDesk has a great product but having solutions in a timely manner other than turning off features that are supposed to work would be nice - I realize the AV is a third party but it's their choice so it would be nice if they got this sorted with their choice of AV provider.

                • 5. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                  Rookie

                  I have had to revert to the same essentially.

                   

                  I've kept realtime off all along as they are servers so not being able to perform scheduled scans either isn't a good position for us, as we have recently found users with malware in their roaming profiles.

                   

                  I agree it is disappointing this issue hasn't been resolved, it is a big thing for us.

                   

                  Fortunatly I haven't had a single licensing error with LDAV since we implemented it only a short time ago, I hope it stays that way.

                   

                  I have been informed that LANDesk is working on a patch, I have shot an email off to our account manager this evening to find out when to expect the release of the fix; if you haven't done so I might suggest that to you.


                  All the best.

                  • 6. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                    rmeyer SupportEmployee

                    The AV scans running multiple times in a day on the computer is a bug that we are working on a patch for. Open a supprt case with LANDesk to get added to the bug. As a workaround, uncheck the AV scan option in the AV settings and schedule the AV scan through the LANDesk Console.

                    1 of 1 people found this helpful
                    • 7. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                      RogerHolmes Rookie

                      Thanks for that tidbit. How about I just add it to the already open case asking to be advised with THIS patch is done that I get advised as well as the hotfix (or bugfix if you prefer) regarding the AV turning itself off (as a side note I don't recall any Windows XP machine disabling itself, all the ones that took the update that disabled the AV were Windows 7 machines) however after this PC refresh I should no longer have any XP machines on the network.

                       

                      There were no settings in the AV scan option (I assume you were talking PC and I don't give the users the options to change settings, so they don't have the settings tab we want to control them) there was only a policy on the network that the PC's scan once a week via this policy. I made a new policy for no scans and this stopped the multiple scans once the PC took the policy update. The REAL pain was the AV disabling itself as I had it 1/2 deployed when the bug was discovered and once it took the update you had to reinstall and that requires 2 reboots and for many users that's a pain as they have to "open all them windows again"

                      • 8. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                        riccafer Apprentice

                        Did you find some particular conditions when this issue happends? Or it happends on each client with LDAV?

                        • 9. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                          RogerHolmes Rookie

                          For me it happened with each client - I even deleted the LANDesk LocalScheduler job to see if it was an issue. It seemed that the policy that was there and working perfectly before the update to LD9 SP1 was the policy in place and causing the issue as it was not untill I changed the PC's to a "No scan" policy that the issue "pretty much" (the PC's still do occasional Critical area scans) stopped.

                          • 10. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                            rmeyer SupportEmployee

                            The multiple AV scans issue will happen on all agents after the Core Server is upgraded to 9.5 SP1 and that have the AV scan selected in the AV settings.

                            • 11. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                              Rookie

                              There weren't any conditions in my case. It was basically 1 group of servers doing it before SP1, then a different group after. I tried updating the AV and installing the patch as I mentioned earlier but that only seemed to make it worse at my end.

                              • 12. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                                LANDave SupportEmployee

                                Here are the details of the cause of the issue.

                                 

                                The issue is that when Vulcan runs it would check the AV tasks in the Local Scheduler.   There was code that would cause it to delay 2 hours that was meant to be for only during Antivirus install.   However, the bug caused it to re-write the AV tasks for 2 hours later every time Vulscan ran or AV initialized.   This caused the update task or scan task to run every 2 hours on average. 

                                 

                                For example, if Vulscan ran and the AV tasks were scheduled for 2 hours later and then if during those 2 hours vulscan ran again or AV was initialized again it would be pushed out another 2 hours.

                                 

                                A fix has been identified and should be included in the next component patch for LDMS 9.5 SP1.

                                • 13. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                                  RogerHolmes Rookie

                                  So in the meantime we are to not scan PC's or servers on a schedule. What sort of a timeline is there for a fix for this as I'm sure not everyone has time to go to all their PC's or servers and manually scan them.

                                   

                                  Thanks for your help BTW - I'd click correct answer but I really have no way of being certain it is the correct answer. It certainly seems right and sounds reasonable but you would wonder why the bug got there in the first place assuming this was tested before it was released.

                                   

                                  I'm not trying to be a pain but of course I start delivering this and on the machines I tested the issue didn't seem to be there (however on a fresh load on a new PC the scan isn't that noticable, it was users with tons of "stuff" that brought the multiple scans to my attention). So in their view the issue was caused by us as it worked fine before the upgrade.

                                  • 14. Re: LANDesk 9.5 - Kaspersky Antivirus 10
                                    Rookie

                                    LANDesk has released (today), a MCP that resolve this issue.

                                     

                                    You can find more info, here: http://community.landesk.com/support/docs/DOC-27264 under the LANDesk 9.5 Service Pack 1 > LD95-SP1-CP_BASE-2013-0813 Section.