Kaspersky
Solved

KSC network agent v13 - an unmitigated disaster! Be warned.

  • 24 March 2021
  • 9 replies
  • 512 views

Userlevel 1
Badge

Today migrated our KSC to v13 and started to migrate our clients to agent version v13. What a bad idea. It has completely wiped out our Kaspersky installation.

When the agent started installation on machine it erased all the licenses from endpoints leaving any endpoint protection products in an inactive state. What’s worse - it did not f*cking disable them completely which means that Windows Defender was not activated. This in turn left the machines not only unprotected but also inaccessible from network because Windows Firewall did not kick in. All machines not only wiped out from KSC and no way to remedy but also inaccessible to our other remote management tools. Holy Jesus Christ on a chicken basket! Had to mobilize our whole IT team and send them by foot from machine to machine in every office and location to activate the endpoints manually with the activation code so that we would not be completely unprotected. None of the clients still connect to KSC. I shudder when I think what happened during those couple of hours our network was completely unprotected. Hours have passed and still haven’t  heard back from Kaspersky support.

 

So if you’re thinking about starting migration KSC and Agent v13 be warned.

icon

Best answer by Igor Kurzin 31 March 2021, 07:08

Hi @Kavuser10 , 

Sorry to hear about ths situation. We would like to deeper investigate the issue you are experiencing. In your second post you mention that there is another ticket open, is this for another issue? If yes, please submit a ticket with detailed description to technical support via your CompanyAccount, and post here the incident number. Or if the incident has already been submitted, post here the incident number, we will request some additional data for further analysis. 

Thank you.

View original

This topic has been closed for comments

9 replies

Userlevel 1
Badge

Amazing! A new day and still nothing from Kaspersky support.

 

I have another ticket open for several days and not have heard back regarding this either. Is there even anyone manning Kaspersky support anymore? They used to respond pretty much immediately.

 

Meanwhile we have managed to mostly remedy the situation by ourselves. As all the clients  were wiped from KSC we had to do everything from scratch. After activating the machines manually and getting them back to connect remotely had to clean out all the machines from KSC and re-deploy the agent second time, forcing it to install over the previous one.

Userlevel 7
Badge +5

Hi @Kavuser10 , 

Sorry to hear about ths situation. We would like to deeper investigate the issue you are experiencing. In your second post you mention that there is another ticket open, is this for another issue? If yes, please submit a ticket with detailed description to technical support via your CompanyAccount, and post here the incident number. Or if the incident has already been submitted, post here the incident number, we will request some additional data for further analysis. 

Thank you.

Userlevel 1
Badge

One of the issues I have found after digging in is that when Network Agent v13 is installed, it not only wipes any settings and policies on on the machine it also wipes the machine from KSC. For example, if the machine is in a specific OU/Group and you install Network Agent v13 on it, the machines is not updated in the OU. Instead a completely new duplicate machine with random name is created in Unassigned Devices. This means that all the machines will fall out of the scope of policies assigned to them. So you need to delete the original machine and the duplicate created, then do a new network discovery (and if the KES was deactivated/disabled on the original machine you need to manually activate it) and then re-install the network agent over the previously installed v13 one.

So if you would enable an automatic network agent installation on a Managed Devices OU/Group like we usually do, all the machines would be wiped out from it and any subgroups.

 

Strangely enough this issue occurs with Windows 10 machines but not with Windows Server machines.

 

This is really bad and I’m stunned that this has not been caught during beta testing.

 

PS. It would also be nice if you guys would be as active in the forums as you are posting stuff on Facebook. This new community seems to be pretty dead.

One of the issues I have found after digging in is that when Network Agent v13 is installed, it not only wipes any settings and policies on on the machine it also wipes the machine from KSC. For example, if the machine is in a specific OU/Group and you install Network Agent v13 on it, the machines is not updated in the OU. Instead a completely new duplicate machine with random name is created in Unassigned Devices. This means that all the machines will fall out of the scope of policies assigned to them. So you need to delete the original machine and the duplicate created, then do a new network discovery (and if the KES was deactivated/disabled on the original machine you need to manually activate it) and then re-install the network agent over the previously installed v13 one.

So if you would enable an automatic network agent installation on a Managed Devices OU/Group like we usually do, all the machines would be wiped out from it and any subgroups.

 

Strangely enough this issue occurs with Windows 10 machines but not with Windows Server machines.

 

This is really bad and I’m stunned that this has not been caught during beta testing.

 

PS. It would also be nice if you guys would be as active in the forums as you are posting stuff on Facebook. This new community seems to be pretty dead.

Hello, 

 

we can confirm problems with updates from Agent 12.2 to 13.0.

We also need to re-add some of the devices and delete the old ones.

 

Best regards

Hellow,

 

It is safe to upgrade to the latest version?

 

Is this problem solved?

 

Thanks in advance.

 

Best regards.

 

Hi there,

 

a new build (without new build number) for ksc 13.0 complete install packagewas released.

Please download the new one. 

Hi there,

 

a new build (without new build number) for ksc 13.0 complete install packagewas released.

Please download the new one. 

 

Hi,

This is the current package available for download:

 

 

https://www.kaspersky.com/small-to-medium-business-security/downloads/endpoint?utm_content=endpoint-advanced

 

Maybe is not published yet.

 

Best regards.

Hi there,

 

a new build (without new build number) for ksc 13.0 complete install packagewas released.

Please download the new one. 

Like i wrote - no new build number. Please compare the package size:

 

Hi there,

 

a new build (without new build number) for ksc 13.0 complete install packagewas released.

Please download the new one. 

Like i wrote - no new build number. Please compare the package size:

 

 

Sorry, I misunderstood and read “with new build number”… :confounded:

 

I redownload the whole package.

 

Thanks mosen.

 

Best regards.