Kaspersky
Question

Sudden "Security application is not installed"


Multiple (although not all and not even majority of) computers have suddenly, in last couple of days, fallen into the “Security application is not installed” state. KES 11.2.0.2254cf1 is installed on the computers according to “Application registry” but the “Applications” tab shows only Network Agent being installed and running.
Network agent 11.0.0.1131b is running ok against KSC 10.5.1781.

The affected machines connect remotely over VPN (the crisis and quarantine, you know) so I cannot even get diagnostics from them.

WTHIGO? Has anybody encountered anything similar?


14 replies

Userlevel 5
Badge +2

Hi,

Could you please confirm that these hosts are still managable via Network agent and KSC can obtain events ans other data from that hosts?

The affected machines connect remotely over VPN (the crisis and quarantine, you know) so I cannot even get diagnostics from them.

Is it true, that there is no access for that machines using KSC diagnostic utilities?

Badge

Multiple (although not all and not even majority of) computers have suddenly, in last couple of days, fallen into the “Security application is not installed” state. KES 11.2.0.2254cf1 is installed on the computers according to “Application registry” but the “Applications” tab shows only Network Agent being installed and running.
Network agent 11.0.0.1131b is running ok against KSC 10.5.1781.

The affected machines connect remotely over VPN (the crisis and quarantine, you know) so I cannot even get diagnostics from them.

WTHIGO? Has anybody encountered anything similar?

Hi @aehrlich,
I’ve been facing the same error on one particular machine - and it was after recent Windows Updates (Feature Update → 1903 → 1909) :rage:

I’m afraid that the only thing that helped was a complete reinstall KES + NAgent (using stand-alone installation package). That machine was also connected via VPN to my KSC … after reinstalling, Network Agent finally recognized that there IS a KES installed..from that moment, it’s working now correctly ..

Cheers,
Milan

@MilanBortel I suspect that my affected machines did also run through 1903->1909.

Could you please confirm that these hosts are still managable via Network agent and KSC can obtain events ans other data from that hosts?

At least events “application uninstalled/application installed” for, e.g. Chrome update are being published.

 

> Is it true, that there is no access for that machines using KSC diagnostic utilities?

Ehm… how can I do it remotely?

Badge

Could you please confirm that these hosts are still managable via Network agent and KSC can obtain events ans other data from that hosts?

At least events “application uninstalled/application installed” for, e.g. Chrome update are being published.

 

> Is it true, that there is no access for that machines using KSC diagnostic utilities?

Ehm… how can I do it remotely?

Right-click on the device in KSC and go Custom tools→ Remote diagnostics

Remote diagnostics in KSC

 

It is possible to run Remote diagnostics on (at least one) affected host.

Running "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagchk.exe" produced cab file with empty stdout. though ;-/

Kaspersky Security Endpoint.evt stops on 16.03.2020 with successful “Application started”.

There is one noteworthy record in Application Event log next day after Windows upgraded it from 1903 to 1909:
Product: Free Snipping Tool -- Error 1704. An installation for Kaspersky Endpoint Security for Windows is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Userlevel 5
Badge +2

Is it possible to collect GSI log from one of affected hosts?

Is it possible to collect GSI log from one of affected hosts?


GSI is not part of Remote Diagnostics as far as I can see so it has to be deployed and run manually and results fetched by remote diagnostics.

GSI takes a crazy amount of time to run, mostly due to “virus scan” of the system if I understand it correctly. Are there any undocumented commad-line switches to avoid this virus scan?

The installation task of “building GSI log” ended in 30 minutes with:
"The time interval allocated for the remote installation task expired. The task on this device will be marked as failed" in spite of "Stop if the task is taking longer than (min): 120".

And no GSI.zip has been generated :(

@Nikolay arinchev But how can I download the GSI results from the remote computer? Only by means of “dear user, please pick this file and upload to the file server manually”?

Userlevel 7
Badge +9

Hi @aehrlich 

Please review: https://support.kaspersky.com/common/diagnostics/3632

Regards

Hi @aehrlich 

Please review: https://support.kaspersky.com/common/diagnostics/3632

Regards


Yes I acted according to this article -- within my own limits: “ At the Select accounts to access devices step, specify the account with the access to the shared folder which is included in the local administration group” is not an option for me, we do not use AD and do not now (and shall not) know users’ credentials.

I hoped Remote Diagnostics could help, now I am at the mercy of user’s co-operation, but as I’ve already posted, “t he installation task of “building GSI log” ended in 30 minutes” and user found no gsi.zip in the expected directory afterwards.

Userlevel 5
Badge +2

Hi,

Please specify the path to GSI output manually.

Thank you for cooperation!

Hi,

Please specify the path to GSI output manually.

Thank you for cooperation!


I did. But there was no output file generated, at least by the moment the task was unexpectedly terminated in 30 minutes (see posts above).

Reply / Ответить