Below is a list of general troubleshooting steps you can take to resolve issues with the detections and the virus defintions of Kaseya Anti-Virus. If any of the below procedures does not resolve your issue, please contact Kaseya Support at your earliest convenience.
- Definitions Are Not Updating/Virus Definitions Out-Of-Date (VSA 6.3, VSA 6.5, R7, R8)
- Defintions Up-To-Date On Endpoint, Not On VSA (VSA 6.3, VSA 6.5, R7, R8)
- Detection Alerts Constantly Sending Alert/Emails (VSA 6.3, VSA 6.5)
- Detections Display "szRestorePath" or "Unknown" Type (VSA 6.3, VSA 6.5, R7, R8)
- Endpoint Incorrectly Report Having Active Threats (VSA 6.3, VSA 6.5, R7, R8)
Definitions Are Not Updating/Virus Definitions Out-Of-Date
Applies To: On-Premise/SaaS
Applies To Versions: VSA 6.3, VSA 6.5, R7, R8, KAV6, KAV10
If the VSA is reporting that the endpoint's virus definitions are out of date, please run a manual update from the KAV module:
If the flag does not disappear, please confirm if the virus definitions are out-of-date on the endpoint. If they are not, please refer to the article below. If the issue persists, please contact Kaseya Support.
Defintions Up-To-Date On Endpoint, Not On VSA
Applies To: On-Premise ONLY
Applies To Versions: VSA 6.3, VSA 6.5, VSA 7.0, VSA 8.0, KAV6, KAV10
This will occur if there is an issue on the endpoint that causes the kaseya/kaspersky services to stop. A repair should fix this issue, however if it persists, please try a clean repair on the endpoint by following the steps below:
- On the endpoint, rename the following folders:
Program Files\Kaseya\Scripts\KAV to KAV.OLD (delete any other duplicate KAV folders that may exist within the Scripts folder)
Program Files (x86)\Kaseya\Scripts\KAV to KAV.OLD (delete any other duplicate KAV folders that may exist within the Scripts folder)
Program Files (x86)\Kaseya\ExtDLLs\KaLua.DLL to KaLua.DLL.OLD
<kworking directory>\KAV to KAV.OLD - Afterwards, please run a repair via the VSA on the endpoint.
We also suggest you to go through the options available from below KB article
https://kaseya.zendesk.com/entries/91525667
If the issue persists, please contact Kaseya Support.
Detection Alerts Constantly Sending Alert/Emails
Applies To: On-Premise/SaaS
Applies To Versions: VSA 6.3, VSA 6.5
This was a defect that was resolved in R7. Please upgrade at your earliest convenience.
Detections Display "szRestorePath" or "Unknown" Type
Applies To: On-Premise/SaaS
Applies To: VSA 6.3, VSA 6.5, R7, R8, KAV6, KAV10
"szRestorePath" is generally displayed when the path string is too long. If there is a detection that is not in the Kaspersky database or a file type that Kaspersky does not recognize, it would show up in the Detections page as "Unknown". As per our help file: http://help.kaseya.com/WebHelp/EN/KAV/6050000/index.asp#13258.htm
If you have questions or if you encounter further trouble with the detections page, please contact Kaseya Support.
Endpoint Incorrectly Report Having Active Threats
Applies To: On-Premise/SaaS
Applies To Versions: VSA 6.3, VSA 6.5, R7, R8, KAV6, KAV10
By design. threats that are detected in the Anti Virus > detections page are historical threats. The threats that are detected in this page do not change once detected.