Author Topic: Kryptik-PFA [Trj]  (Read 36455 times)

0 Members and 1 Guest are viewing this topic.

Offline kaidomac

  • Newbie
  • *
  • Posts: 12
Re: Kryptik-PFA [Trj]
« Reply #90 on: May 07, 2015, 04:41:51 PM »
Installed the update on computers, but haven't turned back on the file shield yet.

I've tried telling the computers to restore files from the virus chest through AEA and they don't appear to be going back as instructed. Anyone else having problems with this or am I missing something?

I did it locally (manually) and it worked for maybe 80% of the machines.  I think pulling files into the chest broke specific programs, which required me to reinstall them.  Fortunately Office 2013 took the restores just fine.  Fortunately I had a small-ish installation (200 users) so I could run around or remote in to fix everyone's issues.

Offline john-genus

  • Newbie
  • *
  • Posts: 4
Re: Kryptik-PFA [Trj]
« Reply #91 on: May 07, 2015, 05:08:09 PM »
I think my biggest complaint is that I did not receive any sort of contact from Avast regarding this issue.  No emergency email alert, no apology, nothing - just no contact on the issue that took an entire company's computer resources down.  I've been stuck here for the last 19 hours reading user-generated threads on this forum & manually working through individual machines on-site to get people working again.  I am 100% resolved now thanks to people sharing info here, but when I go to Avast.com, I don't see a big red emergency button to help fix my problem.   And fortunately they use a different A/V product on their servers to minimize issues like this, so at least it was only desktop users & not their entire network.

I agree completely.  Every tech who has been around for awhile understands problems can happen with these products.  However, getting complete radio silence from your vendor during an issue like this is very troubling.

Offline kaidomac

  • Newbie
  • *
  • Posts: 12
Re: Kryptik-PFA [Trj]
« Reply #92 on: May 07, 2015, 05:24:23 PM »
I agree completely.  Every tech who has been around for awhile understands problems can happen with these products.  However, getting complete radio silence from your vendor during an issue like this is very troubling.

Recent example - the Wink Hub failure (it's smarthome controller sold through Home Depot for home automation of lights etc.).  Apparently they failed to renew their SSL certificate, which caused all of the Hubs to lock themselves down (and completely lock themselves out of communicating with the server since it had a new & different certificate).  Very simple issue with huge negative consequences.  There was obviously a lot of kickback from users, but Wink also kept their Twitter, Facebook, etc. up-to-date as they worked to resolve it so that people were kept in the loop & knew that Wink was not only aware of the problem but working to fix it, and then updates were posted when the resolution was available.  Crap hits the fan sometimes; that's just how life goes - nothing is perfect.  But you have to keep your (paying) users informed of what's going on.  My trust in Avast has gone down significantly because it's nearly 24 hours later at this point & I haven't received any official communication.

I just barely checked their Facebook page (Facebook is blocked at most corporations I work at, so I didn't think to check) & their Twitter account and see that they put a note up on both of those pages, but I didn't think to check because I first checked my email, then the Avast home page, then the Avast blog, then the Avast forums - I don't typically rely on social media for business support, you know?  It is not even stickied here in the forum, so I had to search for it to make sure I wasn't the only one experiencing the issue.  Again, I've been very happy with the pricing & reliability up to this point, and I do understand the mistakes happen, I just think they should really really streamline their customer communication process.  My customer service experiences in the past with Avast have been what I'll call mediocre at best, so I'm not entirely surprised that this issue has largely been ignored in terms of informing paid clientele.  Would like to see that change for sure.  I like the product & service, but right now I am so tired that I want to throw up & still have an hour's drive home from this client, once I make sure everything is still smooth for the remainder of the business day.  I appreciate the somewhat fast response for the program/definitions update to resolve this, but feel very ignored from a business contact point of view.

Offline nannunannu

  • Full Member
  • ***
  • Posts: 199
Re: Kryptik-PFA [Trj]
« Reply #93 on: May 07, 2015, 05:58:58 PM »
Just to clarify a bit more:
Bussiness product (EndProtect) uses VPS5 and an engine in V8.
Free users use a VPS9 and an engine V10.
This DOES NOT mean that the business version is inferior in any way, but the problem with FP is only in the business version.

Right, and when something like KB3000850 caused machines with Avast! to brick, VPS9 was updated same day...  Business products that rely on VPS5 weren't addressed for three days...  So not inferior in any way, just not as well supported and prone to experience problems when the other editions don't...  But, no, not inferior in any way.  Riiiiight.

Offline dixons

  • Newbie
  • *
  • Posts: 3
Re: Kryptik-PFA [Trj]
« Reply #94 on: May 07, 2015, 06:53:44 PM »
Sounds like I have something similar to kaidomac

This is a cut and paste form the email I just sent support.  Not sure it is entirely related but it started yesterday for us when those bad defs hit us.

--------------

We had the issue that started yesterday with the bad definitions.  Our PC’s have since updated but those that had the erroneous virus issue are still giving us fits.  I am not sure it is strictly related to just those PC’s either but that seems to be a common thread.

The false positives are gone (we have restored any files purged).  However we are seeing EXTREME performance issues.  This is only hitting our Windows 7 x64 PC’s.  The issue does not exist on Vista on 32 bit OS.

Basically what is happening – many of the PC’s will just sit and stall on the login Welcome screen.  If we try remotely attach to service or the eventlog it will timeout and/or give an RPC too busy error.

If we disable shields (leaving just the File Scanner) still no joy.  Same issue.  If we disable Avast completely and reboot, it is fine.

If we uninstall and reinstall Avast the same issue happens.  It only resolves itself if we uninstall AND run these commands to clean up all of Avast.

rem del /q /s "C:\ProgramData\AVAST Software\*.*"
rem del /q /s "C:\Program Files\AVAST Software\*.*"

rmdir /q /s "C:\ProgramData\AVAST Software"
rmdir /q /s "C:\Program Files\AVAST Software"

If we then reinstall everything works perfectly.

We had the exact same issue around our spring break – there was nothing on the forums at that time about an issue.  We went around to our PC’s and uninstall/reinstalled about 500 clients.

Sending the Avast Uninstall job would fail on most PC’s.  as soon as the PC was online for any amount of time – even if not logged in, it became too unstable to work on and/or uninstall Avast.

Symptoms we are seeing, internet browsing (Chrome and IE) just fail to do anything.  Excel, Word, Outlook all hand.  Opening PDF files fails.

In a weird twist – I just gave a loaner laptop to one of my administrators – it locked up on him in the same way.  The gotcha – it had not been on for a couple weeks so it went from a very old virus def update to 507-0 update, indicating it was not likely specific to the bad update.


Offline nannunannu

  • Full Member
  • ***
  • Posts: 199
Re: Kryptik-PFA [Trj]
« Reply #95 on: May 07, 2015, 07:21:10 PM »
@dixons - I think there are some separate threads about filter drivers and performance issues like you've described.  If I find them I'll post cross links.  For curiosity's sake, On these windows 7 x64 machines, do you run the version of Avast with their software firewall (Plus?) or just the straight endpoint AV software with the windows firewall?

Offline dixons

  • Newbie
  • *
  • Posts: 3
Re: Kryptik-PFA [Trj]
« Reply #96 on: May 07, 2015, 07:27:29 PM »
I would appreciate the threads - I think we visited those last time we saw an issue like this and they gave us no joy.

We are running the straight Endpoint Protection with the Windows Firewall ( in many cases with the Windows Firewall off as well - but that varies).

Other odd part if it was related to filter drivers - it should affect all the same make/model PC that share the same image, and I would think it would be a constant problem

Thanks,

Scott

Offline nannunannu

  • Full Member
  • ***
  • Posts: 199
Re: Kryptik-PFA [Trj]
« Reply #97 on: May 07, 2015, 10:20:34 PM »
In your machine group settings try setting the option for avast to load after other system services. 

Also, if you have cloud services enabled (reputation services in particular) and some of the machines are unable to reach, or slow in reaching the mothership, you can experience slowdowns.  Network conditions may vary for two machines cut from the same image.

Also...  If you uninstall avast, then look at what remains in the two folders you are removing manually? I bet it is some of the log files (how big is your avastnet.log file??) and other things in the ProgramData folder...  Inspect what is leftover for abnormally large or small files, corrupt or truncated .dat files, url.db file, etc...  One of those is probably the cause, or at least the mechanism of the problem, perhaps caused by an issue with the streaming updates, or etc...