Kaspersky
Question

Kaspersky flooding clients with MSI files

  • 16 October 2019
  • 12 replies
  • 5823 views

We are using Kaspersky Security Center 10 which is flooding our client machines with .MSI files to the C:\Windows\Installer location.

As most will know its a big no no to clear this location but we are having no choice as for some unknown reason Kaspersky is constantly pushing these database update files to machines, these are filling the hard drive and can consist of 170GB of space in some instances, please can someone advise why this is happening so I can resolve the route cause issue.


12 replies

Userlevel 3
Badge +1

Hello!

Do you use patch management on KSC?

Or during what task you can reproduce the problem?

Thank you!

Hi,

 

We also encounter this issue to one of our customer. We did try to reinstall the antivirus but problem still persists. Do we have solution regarding these issue? What logs do we need to provide. 

TIA,

 

Userlevel 3
Badge +1

Hi,

 

We also encounter this issue to one of our customer. We did try to reinstall the antivirus but problem still persists. Do we have solution regarding these issue? What logs do we need to provide. 

TIA,

 

Hello!

Please describe your problem in more details. 

Thank you!

Hi,

 

We also encounter this issue to one of our customer. We did try to reinstall the antivirus but problem still persists. Do we have solution regarding these issue? What logs do we need to provide. 

TIA,

 

Hello!

Please describe your problem in more details. 

Thank you!

Hi,

 

the msi files has been created in the folder C://windows/installer. Unfortunately it floods the folder and it consumes a lot of resources. 

do we have solution regarding the issue.

 

-TIA

We have a similar issue on at least server. We have 1,185 instances of the same 80MB database update file. The file date for each is 08/27/2019  and this correlates to when the logical drive capacity started it march towards zero. I have had to extend the drive to free up additional space as I am reluctant to start sniping files from this directory. 

 

KES for Windows: 11.1.0.15919 AES56

DB Release: 10/30/2019 12:47 AM

Server: 2019 b17763

 

 

Have an update:

 

After some investigation we found that Windows Defender had been reenabled on the system (maybe through MS update – not sure). Since Windows Defender is  incompatible with KSM we believe it was causing the auto update to fail. Unfortunately, the update engine still requested an update file every hour (at 80MB a piece) so the erosion of drive space was pronounced (took about a month to drive it to almost 0).

 

To remedy, we disabled Windows Defender, manually applied the update, and are no longer seeing the update payload spooled down. We inventoried all files in the install directory with the files signature of the failed updated and moved them off box for eventual deletion.

 

Not sure if this applies to anyone else reporting issue but may be worth a look. 

Have an update:

 

After some investigation we found that Windows Defender had been reenabled on the system (maybe through MS update – not sure). Since Windows Defender is  incompatible with KSM we believe it was causing the auto update to fail. Unfortunately, the update engine still requested an update file every hour (at 80MB a piece) so the erosion of drive space was pronounced (took about a month to drive it to almost 0).

 

To remedy, we disabled Windows Defender, manually applied the update, and are no longer seeing the update payload spooled down. We inventoried all files in the install directory with the files signature of the failed updated and moved them off box for eventual deletion.

 

Not sure if this applies to anyone else reporting issue but may be worth a look. 

Hi Icgmurray,

 

Thanks for the update. 

I have two windows 2019 servers also being flooded by these files in the hidden directory in the windows\installer directory, each one is about 80 megs and eats up disk space super fast.  I deleted about 300 of them and then the next day 180 were back!  Defender was running on both servers so I just disabled it and will see if that helps!

We have  a similar problem. Prior to the holidays (X-Mas and Happy New Year) we updated the Kasperksy client on all machines. 

Now it appears that this problem occurs on computers which have not restarted. 

They appear Yellow in de KSC and are pending reboot. For some reason, people are not willing to reboot a machine. As long as the machine is not rebooted, the c:\windows\installer folder is flooded with these 80 MB files. 

In some case this now adds up to over 100 GB per machine. 

 

We are now looking for a solution to correct this and cleanup all the orphaned Files. 

 

This is potential a huge problem as all our hardrives are filling up rapidly on our workstations. 

 

 

Userlevel 5
Badge +2

@Remko , could you please clarify what version of KES is installed at these hosts?

Thank you!

its was 12.1 that was causing the issue, 12.2 seems to have fixed the issue.

We were upgrading from 11.0.1.90 to version 11.1.1.126.

I also escalated the problem to Kasperksy Suppport. They send me a personal fix last thursday but I need to figure out how to implement this. There is no documentation associated with it. 

Reply / Ответить