PROBLEM
Your AV solution, be it KES/KAV modules in Kaseya, or a 3rd party tool is flagging a Kaseya file as a virus
CAUSE
Kaseya does not ship viruses to its customers. Our installers and software is scanned for viruses before publication.
There is of course the possibility that a computer does have a virus, and that the virus has infected the file once it has been downloaded.
However, the most common issue is that the AV is falsely identifying a virus in a file where there is not one - this is called a "False positive".
All AV vendors try their best to avoid this situation, but it can happen - a harmless and genuine file can contain data that looks just enough like the same piece of data that the AV vendor has found in a virus - this causes the AV software to incorrectly flag the genuine file as a virus.
WORKAROUND / RESOLUTION
Kaseya does not have any control over this - if an AV tool detects a genuine and harmless file as a virus, the AV vendor should be immediately informed, so that they can update their definitions to avoid problems.
To be sure that this is genuinely a false positive, you should scan the file with another AV tool and see what the results are.
A useful tool for this is "Virus Total", you can upload the suspect file to this site and they will scan the file against all the top AV tools and give you the results.
If many of the AV tools identify a virus in the file, then there is of course the possibility that the file DOES have a virus, in which case you should take the appropriate action, but if the file is only flagged as infected by one or two of the vendors (some vendors share definitions, so a bad denfintion in one AV solution can be shared by another), then it is most likely a false positive, and you should report this to the AV vendor.
ADDITIONAL INFORMATION
Wikipedia - False positives: http://en.wikipedia.org/wiki/Antivirus_software#Problems_caused_by_false_positives
Virus Total - Online Virus Scanner: https://www.virustotal.com/
AVG False Positive reporting page: https://support.avg.com/SupportArticleView?l=en_US&urlname=How-to-report-a-false-incorrect-detection
Kaspersky False Positive reporting page:
http://forum.kaspersky.com/index.php?showtopic=13881
My AV solution is identifying a Kaseya file as a virus
Have more questions?
Was this article helpful?
Provide feedback for the Documentation team!
Browse this section
- Gathering Agent Logs For Connectivity Issues
- How can I remove the Badge Icon on my Agent?
- 'K Agent Update Done' script loops on Machines.
- 9.5 Agent: "Installation of the Agent Failed" on Windows systems.
- Adding the -remote tag for KaUsrtsk.exe on Windows Agents
- Agent account name is not the same as the Computer name
- Agent deleted but the licence count is unchanged
- Agent Failing to Change Machine Groups
- Agent Not Installing - Curl.exe/proxy issue
- Agent Procedures appear stuck / not running on a newly installed Agent
- See more