Ask the Community
Groups
(KAV) Master: General Definitions/Detection Issues - Connect IT Community | Kaseya
<main> <article class="userContent"> <p>Below is a list of general troubleshooting steps you can take to resolve issues with the detections and the virus defintions of Kaseya Anti-Virus. If any of the below procedures does not resolve your issue, please contact Kaseya Support at your earliest convenience.</p> <div> <a name="toc" id="toc"></a><strong>Table of Contents</strong> <ul><li><a rel="nofollow" href="#1">Definitions Are Not Updating/Virus Definitions Out-Of-Date (VSA 6.3, VSA 6.5, R7, R8)</a></li> <li><a rel="nofollow" href="#2">Defintions Up-To-Date On Endpoint, Not On VSA (VSA 6.3, VSA 6.5, R7, R8)</a></li> <li><a rel="nofollow" href="#3">Detection Alerts Constantly Sending Alert/Emails (VSA 6.3, VSA 6.5)</a></li> <li><a rel="nofollow" href="#4">Detections Display "szRestorePath" or "Unknown" Type (VSA 6.3, VSA 6.5, R7, R8)</a></li> <li><a rel="nofollow" href="#5">Endpoint Incorrectly Report Having Active Threats (VSA 6.3, VSA 6.5, R7, R8)</a></li> </ul></div> <hr></hr><p><small><a rel="nofollow" href="#toc">Back To Top</a></small></p> <h1 data-id="definitions-are-not-updating-virus-definitions-out-of-date"> <a name="1" id="1"></a><strong>Definitions Are Not Updating/Virus Definitions Out-Of-Date</strong> </h1> <p><strong>Applies To: On-Premise/SaaS</strong></p> <p><strong><strong>Applies To Versions: VSA 6.3, VSA 6.5, R7, R8, KAV6, KAV10</strong></strong></p> <p>If the VSA is reporting that the endpoint's virus definitions are out of date, please run a manual update from the KAV module:</p> <p><strong><strong><img src="/attachments/token/Rl7rKOTT45FzFqS5ITyNpzkqU/?name=kav-manual-update.png" alt="kav-manual-update.png" width="731" height="346" class="embedImage-img importedEmbed-img"></img></strong></strong></p> <p> </p> <p>If the flag does not disappear, please confirm if the virus definitions are out-of-date on the endpoint. If they are not, please refer to the article below. If the issue persists, please contact Kaseya Support. </p> <hr></hr><p><small><a rel="nofollow" href="#toc">Back To Top</a></small></p> <h1 data-id="defintions-up-to-date-on-endpoint-not-on-vsa"> <a name="2" id="2"></a><strong>Defintions Up-To-Date On Endpoint, Not On VSA</strong> </h1> <p><strong><strong>Applies To: On-Premise ONLY</strong></strong></p> <p><strong><strong><strong>Applies To Versions: VSA 6.3, VSA 6.5, VSA 7.0, VSA 8.0, KAV6, KAV10</strong></strong></strong></p> <p>This will occur if there is an issue on the endpoint that causes the kaseya/kaspersky services to stop. A repair should fix this issue, however if it persists, please try a clean repair on the endpoint by following the steps below:</p> <ol><li>On the endpoint, rename the following folders:<br>Program Files\Kaseya\Scripts\KAV to KAV.OLD (delete any other duplicate KAV folders that may exist within the Scripts folder)<br><br>Program Files (x86)\Kaseya\Scripts\KAV to KAV.OLD (delete any other duplicate KAV folders that may exist within the Scripts folder)<br><br>Program Files (x86)\Kaseya\ExtDLLs\KaLua.DLL to KaLua.DLL.OLD<br><br><img src="/attachments/token/k5sfV7yEjwDZGEmYjJe3WbXC5/?name=kav-kav-lua-files.png" alt="kav-kav-lua-files.png" class="embedImage-img importedEmbed-img"></img><br><br><kworking directory>\KAV to KAV.OLD<br><img src="/attachments/token/ACjSp2U7QR7iFyQ0LbiC8rDw7/?name=kav-kworking-kav-folder.PNG" alt="kav-kworking-kav-folder.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Afterwards, please run a repair via the VSA on the endpoint. </li> </ol><p>We also suggest you to go through the options available from below KB article</p> <p><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.zendesk.com%2Fentries%2F91525667">https://kaseya.zendesk.com/entries/91525667</a></p> <p>If the issue persists, please contact Kaseya Support.</p> <hr></hr><p><a rel="nofollow" href="#toc"><small>Back To Top</small></a></p> <h1 data-id="detection-alerts-constantly-sending-alert-emails"> <a name="3" id="3"></a><strong>Detection Alerts Constantly Sending Alert/Emails</strong> </h1> <p><strong><strong>Applies To: On-Premise/SaaS</strong></strong></p> <p><strong><strong><strong>Applies To Versions: VSA 6.3, VSA 6.5</strong></strong></strong></p> <p>This was a defect that was resolved in R7. Please upgrade at your earliest convenience.</p> <p><strong><strong><strong><img src="/attachments/token/yF9TuascqwXh0Z3I1uS82IQpQ/?name=Release+Notes_20140610_14-34-05.jpg" alt="Release_Notes_20140610_14-34-05.jpg" width="741" height="71" class="embedImage-img importedEmbed-img"></img></strong></strong></strong></p> <hr></hr><p><small><a rel="nofollow" href="#toc">Back To Top</a></small></p> <h1 data-id="detections-display-szrestorepath-or-unknown-type"> <a name="4" id="4"></a><strong>Detections Display "szRestorePath" or "Unknown" Type</strong> </h1> <p><strong><strong>Applies To: On-Premise/SaaS</strong></strong></p> <p><strong><strong><strong>Applies To: VSA 6.3, VSA 6.5, R7, R8, KAV6, KAV10</strong></strong></strong></p> <p><strong>"szRestorePath"</strong> is generally displayed when the path string is too long. If there is a detection that is not in the Kaspersky database or a file type that Kaspersky does not recognize, it would show up in the Detections page as "<strong>Unknown</strong>". As per our help file: <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fhelp.kaseya.com%2FWebHelp%2FEN%2FKAV%2F6050000%2Findex.asp%2313258.htm">http://help.kaseya.com/WebHelp/EN/KAV/6050000/index.asp#13258.htm</a></p> <p> </p> <p>If you have questions or if you encounter further trouble with the detections page, please contact Kaseya Support.</p> <hr></hr><p><small><a rel="nofollow" href="#toc">Back To Top</a></small></p> <h1 data-id="endpoint-incorrectly-report-having-active-threats"> <a name="5" id="5"></a><strong>Endpoint Incorrectly Report Having Active Threats</strong> </h1> <p><strong><strong>Applies To: On-Premise/SaaS</strong></strong></p> <p><strong><strong><strong>Applies To Versions: VSA 6.3, VSA 6.5, R7, R8, KAV6, KAV10</strong></strong></strong></p> <p>By design. threats that are detected in the Anti Virus > detections page are historical threats. The threats that are detected in this page do not change once detected. </p> </article> </main>