Kaspersky

KIS 19.0.0.1088d restarts itself randomly/KLAVA update error if ssh port is under brute force attack??

  • 4 April 2019
  • 1 reply
  • 628 views

I have KIS 19.0.0.1088d installed on my Windows 10 x64 1809 desktop and router forwarding port 22 from WAN to my desktop port 22 (I know its dangerous and I forget to close the port forwarding after I test something earlier this year). I have OpenSSH client/server installed on my Windows 10 (the ones provided by Windows) which allow I ssh connect my desktop from outside.

Since then I notice that from time to time that Windows Defender/Firewall notify me they have themselves turned on because KIS snoozed. And some notification saying they have turned off again because KIS comes back alive. Also I receive KLAVA update failed from time to time. Both usually happen once-twice per day, KLAVA error will go away if I restart my desktop but after like 2 days I will get that error/KIS restarted itself randomly again.

So last weekend I was just curious and check Windows event log and discovered tons and tons of failed ssh login attempts and I realize I have port 22 exposed on the WAN so I closed the port forwarding rule. And since then KIS has not restarted itself randomly nor I get any KLAVA update error.

KIS did not warn me about ssh brute force attack tho, unlike I once exposed RDP 3389port to WAN KIS did warn me on RDP brute force on port 3389. I have a strong windows user account password so I do think those random attackers never succeed.

Anyway because I am no expert and I am really curious anyone can do a test on WIndows 10 x64 1809 with OpenSSH client/server with KIS19.0.0.1088d and brute force port 22 from outside and see if you can reproduce KIS restarting itself randomly and have KLAVA update error.

1 reply

Userlevel 7
Badge +1
Welcome. There are two courses of action. One is to post your GetSystemInfo report here, so forum users can help, and the other is to Contact Tech Support.

1. Please post your GetSystemInfo report link, instructions: https://forum.kaspersky.com/index.php?/topic/915-how-to-help-us-help-you-with-a-log-of-your-system/

2. Please contact Tech Support: https://my.kaspersky.com/support/

Please contact Tech Support: https://my.kaspersky.com/support/

Please attach the following items to your Tech Support request:

a. Description of the issue.
b. Screenshot, as needed.
c. GSI

Reply / Ответить