Brents IT Blog

Random thoughts by an IT GOAT


Kaspersky Version 10, quite possibly the worst AV out there.

We have been using Kaspersky since we remove symantec a few years ago.  We started with version 8 of KAV and still have version 8 enterprise loaded on our servers.  The setup for a centerally controlled Kaspersky environment consists of a Security Center server and a database.  The database can be local to the SC server or remote.  We use a remote SQL server that works just fine.  One note here:  Do not try to move to another SQL server if the version is not the same, we had problems with the automatic backup.  First you install the SC server, make sure to enable the various plugin as needed.  This of course creates and configures the database.  The great part about the newest version is that it includes the enterprise plugin that you would normally need to install seperately.  Once this is setup, you move on to the configuration.

The newest version of the SC, version 10, has some bugs but all the features work.  The first thing you want to configure is the network bandwidth limitations.  I normally assign 3Mb max per subnet, but thats a call you have to make based on your environment.  Next you want to create your management folders, usually servers, computers, mobile, etc..   After that you want to add your packages, really the only one to add is the enterprise install, the other AV 10 package is ready to roll, if you are upgrading the version 8 package remains available( you will probably want to keep this given the issues with 10 ).  Make sure to alter the KAV 10 package if you dont want certain things to install with deployment( i recommend using policies to control them unless you have a specific restriction ) and install your key into each package as well as the server.  Lets move on to the policies.

Ok, so here we are, the policies.  While the policies are great at controlling the KAV client, the sad part is that many of the specific controls only work the way you want them to if you disable or enable.  Trying to put in settings for some items doesnt result in any fix.  If you call support, they will tell you to disable half the settings as well.  This is what pisses me off about the product, it has all these features, but once you start having problems with one or more, support simply says for you to disable the setting.  WHY, why not fix it?  We ended up disabling about 1/3 of the applications functions by policy because the way they wrote KAV 10, it breaks websites.  Not only does it break websites, it breaks internal device control, it broke my IIS on my test PC and it randmly changes the permssions on your medical application which prevents the users from changing settings or scanning images in(we are more worried about image scans).  When you call their support, they just start disabling things, thus thats what we do before we even bother to sit on hold for 30 minutes(because thats the normal wait time).  I have a few stations i had to completely remove KAV 10 from because the user couldnt use their workstation and we couldnt find a fix.  Version 8 had a few items disabled, but it never caused these problems.  The one good thing i can say is that neither of the versions ate system resources like symantec endpoint did(or mcafee for that matter).  Also, there are some policy settings for the network agent, i highly recommend following their guide, there are a few settings that can bring your servers and client to a halt if they are not altered before deployment.  They have a decent admin guide as well, most of the guides are quick and to the point, so reading is at a minimum, which is good.

The last thing i want to talk about is the shitty way you have to deal with a rebuild of the SC server.  If you do this, you must push the network agent to all the clients once again.  This means a lot of headache for users.  Why cant i just copy a configuration file down to the workstations?  They already have the newest version of the client and network agent!  Of course the reason this is a pain is because of the fact that the push doesnt always work right.  The install will fail for all sorts of stupid reasons and i just end up having my staff attach to each one that hasnt reported in and forcefully install the application.  This is crap!

We still have a year left in our licensing, so we have some time to once again research a new AV system for the office.  Why cant they just make them work, out of the box, work!  

If you have version 8 and are reading this, DO NOT upgrade to KAV version 10, though it ok to upgrade the security center to version 10, just watch the network policy and backup all your policies before doing so(my version 8 policies were overwritten, much to the surprise of the support tech).