WARNING: NOD32 4.2 corrupts Kaseya Server

For the record. NOD32 4.2 corrupts Kaseya Server by not only quarantining the Kserver.exe, but deleting critical related registry entries that can only be restored manually by Kaseya high-level support engineers.

And there's no clear workaround that I can see. How do you exclude registry entries? Or restored them from quarantine?

~ Comments removed ~

/kenw

 

Hello,

I would and suggest following the instructions outlined here.

-Tom

 

I could, but if they don't already know or care about Kaseya, it's probably a waste of time, and I've already wasted enough of that.

I'll probably shoot them a quick heads-up -- what they do with it is up to them.

/kenw

 

Is everyone expected to know about every application out there? Perhaps they've never had a scenario of using ESET with Kaseya.

 

Seems unlikely. Kaseya is AFAIK the single most popular remote management and monitoring product in the world, at least for managed services providers.

OTOH, ESET does seem rather insular in their world view. They don't seem to want to integrate with any large-scale management software.

They need to get out more.

/kenw

 

Have you already submitted the file to ESET and it still hasn't been fixed? If so, could you tell me the date you submitted the file on as well as the subject of the email so that I can check the status of the ticket?

 

For my years as sysadmin, I have never ever heard about this "most popular" remote management tool until now. Please, drop these completely false presumptions based on vendor marketing blurbs.

 

Step outside your bathroom more often... if you're a network guy, saying you've never heard of Kaseya is like saying you've never heard of Cisco or Juniper. Sorry he's not making false presumptions. Kaseya is BIG....they've been around for quite a while, and I'm confident is stating that they're the biggest remote monitoring/systems management/network management package out there.

Eset relies on the reseller model.
It's safe to assume that resellers are IT consultants and SMB consultants.
Kaseya is the biggest more popular remote systems management tool out there, and...
...following trends for remote support and management, IT consultants/SMB consultants have been turning to these tools such as Kaseya, and ZenithInfo, for quite a while now.
Logically one can arrive at the conclusion that....one of the main markets of Eset (consulting firms/VARs) are big users of Kaseya...to this wrinkle should have been found before release.

 

As points scoring goes this a school example as trying to fix a problem not so. Big or small, if there is a problem fix it and talk about size later

 

Yeah, they may be big but I've never heard about them until now, never ever. So - conclusion: either their marketing sucks even bigger time or they are not that big.


Assuming that something is 't3h world's most famous' stuff out there doesn't necessarily match reality for anyone but the OP.

 

If you're not familiar with Kaseya, you're almost certainly not familiar with Remote Monitoring and Management (RMM) software and the Managed Service Provider (MSP) IT business marketplace in general. That's as far as I want to argue that point.

But whether you are or not, and whether you agree or not, ESET should know its clientelle.

If I credit ESET with knowing their business, I have to believe that consulting firms/VARs must NOT be in ESET's target market. Either that, or they don't know their business. So either way, I might want to take that under advisement next time I recommend antivirus software to my clients.

/kenw

 

NOD32 and Kaseya6 are enemies

Yes I had the same experience with K2 and NOD32. It was a lot of problem. NOD32 and Dr.web are 2 incompatible s/ws when it comes to "kserver.exe" file on Kserver. They simply kick kserver.exe out of the loop.

According to NOD32 and DR.web "Kserver.exe" is a trojan.

http://virusscan.jotti.org/en

simply submit your quarantined file into the above link and you will find results

I wasted more than a month not knowing what to do and tried different scenarios installing and testing. That is all over now. Without NOD Kaseya server works perfectly.

One more warning. The story is not yet over. If you run a LAN watch (obviously you would be in a corporate. All machines would have nod32 if your organization is running on it. Atleast we have NOD32 in our environment). Once again NOD32 blocks the script from psexec.exe to push agent new version etc. I again struggled for this over a week. Had to manually diable the NOD32 on the machine where LAN watch was performed. Then it started working normally. New users be aware!!!!!

You will not find this info on Kaseya forums/blogs atleast for now. Completely remove NOD32 out of the loop!!!!!!!!!!!!

 

unfortunate, if only people would bother to report incompatibilities so that they can be fixed as well as complain

 

When running a sever OS or any network application there are certain configurations settings to take into account. Microsoft has their own virus scanning recommendations to take into consideration as well.

If you are taking the time to see that this file is a false positive, why not take the next step, as I suggested in the beginning of this thread, and report it to ESET as a false positive? Once we have the suspect files, we will have the Virus DB updated accordingly.

Regarding LANWatch, ESET also uses software to tie into the system at the network level. I can see how this might be a problem. Most software applications recommend temporarily disabling the antivirus software during the installation of their product. I can see why that solution worked for you.

Regards,
-Tom