Endpoints running KES freeze or will not boot


  • Endpoint freezes requiring a reboot
  • Upon reboot, endpoint does not boot at all or freezes at Windows splash screen

Affected Systems

Not all machines running KES/AVG have been affected by this problem.  However, those that are affected have been reported as:

  • Operating Systems:   This may be affecting any version of Windows
  • Running AVG program version 2012.0.2250 with engine/virus_database version 4365/9543
  • AVG has identified a conflict between AVG and a specific Trusteer Rapport version.  AVG has been able to reproduce the issue, but this conflict may not account for all instances of the symptoms.  AVG has posted an FAQ here.


A update to the AVG scanning engine on Wednesday, June 18th, 2015 and a concurrent release of IBM Trusteer caused a conflict.  


AVG has removed and stopped the distribution of scanning engine update 4365 to AVG 2013 and older versions to prevent future downloads of the affected versions.  AVG has also released the virus database update which doesn’t contains the virus definition for Luhe.Susphat.1.  

We have confirmed that IBM has released an update that resolves the conflict with AVG.  Please update the Trusteer application with the latest update.



Verify AVG and IBM Trusteer are at the latest versions.  AVG (KES) should be at update 4311/9725 (AVG 2012) or later.  Please contact IBM Trusteer support directly for information regarding corrected versions.

KES updates automatically, as necessary, every four hours.  However, if you would like to verify the endpoint is running the current version, navigate to the AVG UI on the endpoint locally and check the Product Information tab.

Identifying Potentially Affected Machines

Kaseya has developed a quick Agent Procedure that will allow admins to identify potentially affected endpoints.  This requires the machine can currently check into the Kaseya Server to receive instructions.  The .zip file attached to this article contains an Agent Procedure and a Report.  

 To run this procedure:

    • Download and extract the file attached to this article
    • Import the Agent Procedure
      • Navigate to Agent Procedures > Schedule/Create
      • Expand the Private or Shared cabinet, select a folder, and click the Import Folder/Procedure button in the top ribbon
      • Use the file selector to navigate to the Procedure-AVG_Version4365_Registry_Value_Present.xml file and click Save to import
    • Optionally import the Report
      • Navigate to System > Import Center and click the New Import button in the top ribbon
      • Name the import
      • Click the Browse button to navigate to and select the Report-Machines_with_AVG_Update_4365.xml file
      • Click Process then click Save
    • Run the Procedure
      • On the Agent Procedure > Create/Schedule function, select the procedure, select the endpoints, and click Run Now (optionally Schedule the procedure to run at a future time)
      • Note:  Depending on the version of Kaseya you are running, you may need to Approve the procedure prior to running on your systems

The procedure will check for the presence of a registry key, write an entry to the Agent Procedure log, and will email the scheduling administrator (one email per machine where the registry key is detected).  Use the optional "Machines with AVG Update 4365" report to find all machines with the registry key present.  Note:  The procedure must be successfully executed on endpoints for the report to return results as the report reads the Agent Procedure log for specific entries written as part of the procedure; only those machines with the registry key will be included in the report.  It is also important to note that machines where AVG has been manually uninstalled may still have this registry key, even if the endpoint has been reverted to a prior engine version.  Presence of this key does not necessarily mean the endpoint is affected.  Admins will need to determine whether machines with this key are, in fact, affected by the update.



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.