Kaspersky
Question

Kaspersky flooding clients with MSI files

  • 16 October 2019
  • 18 replies
  • 7554 views

We are using Kaspersky Security Center 10 which is flooding our client machines with .MSI files to the C:\Windows\Installer location.

As most will know its a big no no to clear this location but we are having no choice as for some unknown reason Kaspersky is constantly pushing these database update files to machines, these are filling the hard drive and can consist of 170GB of space in some instances, please can someone advise why this is happening so I can resolve the route cause issue.


18 replies

Userlevel 3
Badge +2

Hello!

Do you use patch management on KSC?

Or during what task you can reproduce the problem?

Thank you!

Hi,

 

We also encounter this issue to one of our customer. We did try to reinstall the antivirus but problem still persists. Do we have solution regarding these issue? What logs do we need to provide. 

TIA,

 

Userlevel 3
Badge +2

Hi,

 

We also encounter this issue to one of our customer. We did try to reinstall the antivirus but problem still persists. Do we have solution regarding these issue? What logs do we need to provide. 

TIA,

 

Hello!

Please describe your problem in more details. 

Thank you!

Hi,

 

We also encounter this issue to one of our customer. We did try to reinstall the antivirus but problem still persists. Do we have solution regarding these issue? What logs do we need to provide. 

TIA,

 

Hello!

Please describe your problem in more details. 

Thank you!

Hi,

 

the msi files has been created in the folder C://windows/installer. Unfortunately it floods the folder and it consumes a lot of resources. 

do we have solution regarding the issue.

 

-TIA

We have a similar issue on at least server. We have 1,185 instances of the same 80MB database update file. The file date for each is 08/27/2019  and this correlates to when the logical drive capacity started it march towards zero. I have had to extend the drive to free up additional space as I am reluctant to start sniping files from this directory. 

 

KES for Windows: 11.1.0.15919 AES56

DB Release: 10/30/2019 12:47 AM

Server: 2019 b17763

 

 

Have an update:

 

After some investigation we found that Windows Defender had been reenabled on the system (maybe through MS update – not sure). Since Windows Defender is  incompatible with KSM we believe it was causing the auto update to fail. Unfortunately, the update engine still requested an update file every hour (at 80MB a piece) so the erosion of drive space was pronounced (took about a month to drive it to almost 0).

 

To remedy, we disabled Windows Defender, manually applied the update, and are no longer seeing the update payload spooled down. We inventoried all files in the install directory with the files signature of the failed updated and moved them off box for eventual deletion.

 

Not sure if this applies to anyone else reporting issue but may be worth a look. 

Have an update:

 

After some investigation we found that Windows Defender had been reenabled on the system (maybe through MS update – not sure). Since Windows Defender is  incompatible with KSM we believe it was causing the auto update to fail. Unfortunately, the update engine still requested an update file every hour (at 80MB a piece) so the erosion of drive space was pronounced (took about a month to drive it to almost 0).

 

To remedy, we disabled Windows Defender, manually applied the update, and are no longer seeing the update payload spooled down. We inventoried all files in the install directory with the files signature of the failed updated and moved them off box for eventual deletion.

 

Not sure if this applies to anyone else reporting issue but may be worth a look. 

Hi Icgmurray,

 

Thanks for the update. 

I have two windows 2019 servers also being flooded by these files in the hidden directory in the windows\installer directory, each one is about 80 megs and eats up disk space super fast.  I deleted about 300 of them and then the next day 180 were back!  Defender was running on both servers so I just disabled it and will see if that helps!

We have  a similar problem. Prior to the holidays (X-Mas and Happy New Year) we updated the Kasperksy client on all machines. 

Now it appears that this problem occurs on computers which have not restarted. 

They appear Yellow in de KSC and are pending reboot. For some reason, people are not willing to reboot a machine. As long as the machine is not rebooted, the c:\windows\installer folder is flooded with these 80 MB files. 

In some case this now adds up to over 100 GB per machine. 

 

We are now looking for a solution to correct this and cleanup all the orphaned Files. 

 

This is potential a huge problem as all our hardrives are filling up rapidly on our workstations. 

 

 

Userlevel 5
Badge +4

@Remko , could you please clarify what version of KES is installed at these hosts?

Thank you!

its was 12.1 that was causing the issue, 12.2 seems to have fixed the issue.

We were upgrading from 11.0.1.90 to version 11.1.1.126.

I also escalated the problem to Kasperksy Suppport. They send me a personal fix last thursday but I need to figure out how to implement this. There is no documentation associated with it. 

Have an update:

 

After some investigation we found that Windows Defender had been reenabled on the system (maybe through MS update – not sure). Since Windows Defender is  incompatible with KSM we believe it was causing the auto update to fail. Unfortunately, the update engine still requested an update file every hour (at 80MB a piece) so the erosion of drive space was pronounced (took about a month to drive it to almost 0).

 

To remedy, we disabled Windows Defender, manually applied the update, and are no longer seeing the update payload spooled down. We inventoried all files in the install directory with the files signature of the failed updated and moved them off box for eventual deletion.

 

Not sure if this applies to anyone else reporting issue but may be worth a look. 


Hi Icgmurray, one of our clients are receiving the same issue as above. We have asked them to disable win defender aswell. Is there a restart or other steps involved in disabling win def?

Hello!

We have the same problem under Windows Server 2019, KSC 12 and KES 11.3. But the Windows Defender is already turned off.

Are there any other solutions?

 

Thanks a lot.

Hello!

We have the same problem under Windows Server 2019, KSC 12 and KES 11.3. But the Windows Defender is already turned off.

Are there any other solutions?

 

Thanks a lot.

 

Hi there,

 

I know there is a new version KSC 12.1 and KES 11.4, however I experienced this in 11.0 so I am not sure if it is fixed in latest.


Try uninstalling KES and installing KS 10 for Windows Server.

I see this more as a workaround than a solution, but test and see if it works. Worked for one of our clients.

Apologies, for not giving feedback sooner.

Userlevel 6
Badge +4

The use of KS4WS is generally recommended on servers
https://support.kaspersky.com/ksws10#downloads 

Regards
Alex

Thanks for your quick answers.

I thought it only depends on the license key for WS and Desktop meanwhile.

 

Cheers

Sascha

Userlevel 6
Badge +4

You can use KS4WS with select and advanced (and some other licens types).
Depending on the license, not all functions are available:
https://support.kaspersky.com/12784

Regards
Alex

Reply / Ответить