WARNING: NOD32 4.2 corrupts Kaseya Server

Discussion in 'ESET NOD32 Antivirus' started by kenwkmsi, May 3, 2010.

Thread Status:
Not open for further replies.
  1. kenwkmsi

    kenwkmsi Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    13
    For the record. NOD32 4.2 corrupts Kaseya Server by not only quarantining the Kserver.exe, but deleting critical related registry entries that can only be restored manually by Kaseya high-level support engineers.

    And there's no clear workaround that I can see. How do you exclude registry entries? Or restored them from quarantine?

    ~ Comments removed ~

    /kenw
     
    Last edited by a moderator: May 3, 2010
  2. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    Hello,

    I would and suggest following the instructions outlined here.

    -Tom
     
  3. kenwkmsi

    kenwkmsi Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    13
    I could, but if they don't already know or care about Kaseya, it's probably a waste of time, and I've already wasted enough of that.

    I'll probably shoot them a quick heads-up -- what they do with it is up to them.

    /kenw
     
  4. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Is everyone expected to know about every application out there? Perhaps they've never had a scenario of using ESET with Kaseya.
     
  5. kenwkmsi

    kenwkmsi Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    13
    Seems unlikely. Kaseya is AFAIK the single most popular remote management and monitoring product in the world, at least for managed services providers.

    OTOH, ESET does seem rather insular in their world view. They don't seem to want to integrate with any large-scale management software.

    They need to get out more.

    /kenw
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Have you already submitted the file to ESET and it still hasn't been fixed? If so, could you tell me the date you submitted the file on as well as the subject of the email so that I can check the status of the ticket?
     
  7. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    For my years as sysadmin, I have never ever heard about this "most popular" remote management tool until now. Please, drop these completely false presumptions based on vendor marketing blurbs.
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Step outside your bathroom more often... if you're a network guy, saying you've never heard of Kaseya is like saying you've never heard of Cisco or Juniper. Sorry he's not making false presumptions. Kaseya is BIG....they've been around for quite a while, and I'm confident is stating that they're the biggest remote monitoring/systems management/network management package out there.

    Eset relies on the reseller model.
    It's safe to assume that resellers are IT consultants and SMB consultants.
    Kaseya is the biggest more popular remote systems management tool out there, and...
    ...following trends for remote support and management, IT consultants/SMB consultants have been turning to these tools such as Kaseya, and ZenithInfo, for quite a while now.
    Logically one can arrive at the conclusion that....one of the main markets of Eset (consulting firms/VARs) are big users of Kaseya...to this wrinkle should have been found before release.
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    As points scoring goes this a school example as trying to fix a problem not so. Big or small, if there is a problem fix it and talk about size later
     
  10. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Yeah, they may be big but I've never heard about them until now, never ever. So - conclusion: either their marketing sucks even bigger time or they are not that big. :rolleyes:


    Assuming that something is 't3h world's most famous' stuff out there doesn't necessarily match reality for anyone but the OP. :p
     
  11. kenwkmsi

    kenwkmsi Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    13
    If you're not familiar with Kaseya, you're almost certainly not familiar with Remote Monitoring and Management (RMM) software and the Managed Service Provider (MSP) IT business marketplace in general. That's as far as I want to argue that point.

    But whether you are or not, and whether you agree or not, ESET should know its clientelle.

    If I credit ESET with knowing their business, I have to believe that consulting firms/VARs must NOT be in ESET's target market. Either that, or they don't know their business. So either way, I might want to take that under advisement next time I recommend antivirus software to my clients.

    /kenw
     
  12. rajnath27

    rajnath27 Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    2
    NOD32 and Kaseya6 are enemies
    :mad:
    Yes I had the same experience with K2 and NOD32. It was a lot of problem. NOD32 and Dr.web are 2 incompatible s/ws when it comes to "kserver.exe" file on Kserver. They simply kick kserver.exe out of the loop. :rolleyes:

    According to NOD32 and DR.web "Kserver.exe" is a trojan. o_O

    http://virusscan.jotti.org/en

    simply submit your quarantined file into the above link and you will find results

    I wasted more than a month not knowing what to do and tried different scenarios installing and testing. That is all over now. Without NOD Kaseya server works perfectly. :D

    One more warning. The story is not yet over. If you run a LAN watch (obviously you would be in a corporate. All machines would have nod32 if your organization is running on it. Atleast we have NOD32 in our environment). Once again NOD32 blocks the script from psexec.exe to push agent new version etc. I again struggled for this over a week. Had to manually diable the NOD32 on the machine where LAN watch was performed. Then it started working normally. New users be aware!!!!! :argh:

    You will not find this info on Kaseya forums/blogs atleast for now. Completely remove NOD32 out of the loop!!!!!!!!!!!! :thumb:
     
  13. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    unfortunate, if only people would bother to report incompatibilities so that they can be fixed as well as complain
     
  14. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209

    When running a sever OS or any network application there are certain configurations settings to take into account. Microsoft has their own virus scanning recommendations to take into consideration as well.

    If you are taking the time to see that this file is a false positive, why not take the next step, as I suggested in the beginning of this thread, and report it to ESET as a false positive? Once we have the suspect files, we will have the Virus DB updated accordingly.

    Regarding LANWatch, ESET also uses software to tie into the system at the network level. I can see how this might be a problem. Most software applications recommend temporarily disabling the antivirus software during the installation of their product. I can see why that solution worked for you.

    Regards,
    -Tom
     
    Last edited: May 24, 2010
Thread Status:
Not open for further replies.