Ask the Community
Groups
KAV License is Expired Due To Missing Uninstall Password in Registry - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>Problem</strong></p> <p>KAV licenses have expired on the endpoint or are displaying as expired on the VSA:</p> <p><img src="/attachments/token/gBTeJyZcOao0DHwAZFqLpCoHw/?name=11-30-2015+8-22-40+AM.png" alt="11-30-2015_8-22-40_AM.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p><strong>Cause</strong></p> <p>While there are many reasons this may occur, the most common is that the Kaspersky uninstall password (which is created upon installation) did not successfully write itself to the registry. This most commonly occurs during upgrades from KAV6 to KAV10. </p> <p>Because the VSA sends an uninstall password with its license command, the endpoint rejects it every time because it is expecting a "null" password due to the key being missing.</p> <p>You can verify this by navigating to <strong>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\KES10\settings</strong> or <strong>HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\KES10\settings</strong> (if 32-bit OS) and finding the OPEP key:</p> <p><img src="/attachments/token/CN4EEeH0Nz0qTLOYOhp4eUsbN/?name=11-30-2015+8-25-21+AM.png" alt="11-30-2015_8-25-21_AM.png" width="848" height="291" class="embedImage-img importedEmbed-img"></img></p> <p>This key holds the encrypted version of your uninstall password that was set on the VSA:</p> <p><img src="/attachments/token/Nwt2kfqvkbEFln219zEDkpkUG/?name=11-30-2015+8-27-28+AM.png" alt="11-30-2015_8-27-28_AM.png" class="embedImage-img importedEmbed-img"></img></p> <p>If this key is blank, then you are experiencing this issue.</p> <p> </p> <p><strong>Fix</strong></p> <p>The fix for this issue is pretty straightforward, you need only re-add the encrypted uninstall password to the OPEP key. However, often this is not possible due to Kaspersky's self-protection being enabled and, unfortunately, cannot be disabled as there is no password in place so when disabling the feature, no password will successfully pass. That being said, you can work around this by booting into Safe Mode and modifying the registry. </p> <p>An agent procedure that automates this process has been created and is attached to this KB. </p> <p>First, create a folder called "Safe Mode" in your Shared Managed Files Directory:</p> <p><img src="/attachments/token/HtRgfEjtfhx8rmFTEycDTAMM0/?name=step1.png" alt="step1.png" width="803" height="292" class="embedImage-img importedEmbed-img"></img></p> <p>Next, upload the two attached .bat files into this directory.</p> <p><img src="/attachments/token/ZQkhqGg7Lox3eTJge93qMCoQI/?name=step2.png" alt="step2.png" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p>Next, import the attached agent procedure to your VSA:</p> <p><img src="/attachments/token/UEiPAtWmhmtntLX9GJsOcNItp/?name=step3.png" alt="step3.png" width="781" height="380" class="embedImage-img importedEmbed-img"></img></p> <p>Finally, select the "0-Run all steps" procedure and run it on the affected agents:</p> <p><img src="/attachments/token/AEWohdCOz4lWm1vMGtBIu1h4A/?name=step4.png" alt="step4.png" width="779" height="245" class="embedImage-img importedEmbed-img"></img></p> <p> </p> <p><strong>Note:</strong> This procedure will cause your endpoint to <strong>reboot twice.</strong> After the reboot is complete, your endpoint should correctly receive a license.</p> </article> </main>