Best anti-virus to run side-by-side with Kace?
We use the K1000 to patch our environment and thus far it has done a really good job after making a few tweaks here and there.
Recently, we started testing out Kaspersky Endpoint Security and it has wreaked absolute havoc on many of the computers we've pushed it to. Boot and login times went from 1.5-2 minutes with AVG to 2-6 minutes with Kaspersky. Additionally, computers often hang during login for upwards of 5-10 minutes, etc.. I suspect these massive increases in boot times may be on account of kinventory taking off after the computer starts. We had no such issues with AVG, which we used previously.
Worse of all, Kace patching seems to drive Kaspersky absolutely berserk. On many of the systems, even the simple act of kinventory running can send the CPU spiking to 80-100%. We normally run our Kace patch schedules in the evenings after business hours, but if a user takes their computer home with them or accidentally shuts it off before leaving, patching picks up the following morning when the computer is turned on or reconnected, sending Kaspersky over the top, and our users sitting there idle for 30 minutes until Kace finishes and Kaspersky settles back down.
I've added every folder Kace uses (C:\Dell, C:\program files\Dell, C:\programdata\dell) to Kaspersky's trusted zone and every Kace executable in "C:\program files\dell\kace" to Kaspersky's list of trusted applications, and patching still causes massive issues with Kaspersky.
With all of that said, I have two questions:
1. Has anybody with Kaspersky Endpoint Security been able to use Kace without these sorts of problems occurring?
2. If you use your K1000 to patch, which anti-virus product do you use? Do you have chronic problems such as the ones I mentioned above?
Thank you!
Answers (6)
We use Symantec Enterprise 12 and do not have any of the problems you are seeing
Comments:
-
I've used SEP before (at a previous job) and had very few problems with it. I may have a hard time convincing the higher-ups, though, since Symantec has had something of a bad reputation for being resource-intensive (as Kaspersky is proving to be). Has Symantec made improvements in reducing their footprint as of late? - Michael4732 11 years ago
This problem is easily resolved by setting KACE binaries as trusted applications on your KES policy.
Trusted apps are completely ignored by the KES engine, as are every sub-process they create.
This completely eliminates the AV engine from the equation and there is no lag, no complaints, etc for pesky deployment processes which "look like" malware, because they try to access registry keys, make changes to system protected files, etc which the AV engine "SHOULD" normally not permit easily...
Add the KACE executables and their origin runspace paths to the exclusion > Trusted applications section as shown above.
The problem is not with the product; as every junior support guy will be quick to say "it is the antivirus' fault"
....the problem is that the technician responsible for the AV solution is not analyzing the environment and configuring it correctly. No AV product can know your runtime environment "out of the box"... Once we set our policies, our deployment works effortlessly. If you take the time to analyze what causes your bottlenecks and configure your policies to accommodate those processes, yours will also work flawlessly.
We love Kaspersky! Unfortunately, it is a product for "self-thinking" techs.
Their support is not terribly helpful, I will admit.
We use ESET NOD32 here and after some exceptions have not had any issues. If it might help with your Kaspersky setup, here are the exclusions I'm using:
XP
C:\Documents and Settings\All Users\Dell\KACE\*.*
C:\Program Files\Dell\KACE\*.*
Win7
C:\Program Files (x86)\Dell\KACE\*.*
C:\ProgramData\Dell\KACE\*.*
I also excluded the IP address of my KBOX in the AV's Web access protection section.
John
Comments:
-
Thanks for the suggestion. I've actually already added exceptions for all of these folders in the Kaspersky policy, but unfortunately it doesn't seem to actually work.
We're currently working with Kaspersky to try to figure out what the problem is, but if they don't come up with a fix soon, we may just end up going with another product. - Michael4732 11 years ago -
Have you tried adding the "Windows" executables that actually run during the detect/deploy processes (i.e. wuauclt.exe, mcescan.exe, wmiprvse.exe)? I know mcescan.exe is in the agent program folder, but am assuming the others are in their default locations (C:\Windows\System32, C:\Windows\System32\wbem).
John - jverbosk 11 years ago -
Something else to try - stop & completely disable the Automatic Updates service and try a detect/deploy run against that machine. I had some machines acting up until I did that (and it doesn't need to be enabled for KACE patching to work).
John - jverbosk 11 years ago -
I'd already added mcescan.exe as a trusted application (along with every other executable in the Kace folder), but haven't added wuauclt.exe or wmiprvse.exe. I'll give those a shot to see if it helps any.
Is there a list somewhere of all of the non-Kace executables that the detect/deploy process launches? - Michael4732 11 years ago -
I'm sure the KACE engineers would know, but I don't. I just watch the processes in Task Manager. ^_^
John - jverbosk 11 years ago -
Did you ever get an answer for this? We've been looking at Kaspersky and this could be a deal breaker. - wwingert 11 years ago
-
Unfortunately no.
After working with Kaspersky support for over a month trying to fix the numerous problems that it caused (doubling startup/login times, random freezes for no reason, freezing while patching, etc), we gave up.
We were able to get our money back and after testing a handful of other products (BitDefender, Sophos, GFI, Trend Micro), went with Trend Micro OfficeScan. We've had zero issues with OfficeScan and it's been running like a champ for a few months now. The management console isn't as pretty as Kaspersky, but I'll take that over the numerous issues Kaspersky caused any day.
Unless you prefer to spend the first few hours of your days assisting users get logged in because their systems keep freezing, I'd recommend avoiding Kaspersky Endpoint Security like the plague. I'd imagine that not everybody experiences these issues with Kaspersky, but I'll never touch another one of their products. - Michael4732 11 years ago