A new antivirus update from Kaspersky disables Internet connectivity, forcing the company to push out a fix and a workaround.
Windows XP users who run certain Kaspersky antivirus software may find themselves offline after downloading a new update.
Released yesterday, the update causes Windows XP computers to lose their connection to the Internet.
IT administrators who use Kaspersky Endpoint Security at their organizations chimed into the Kaspersky forum yesterday and today complaining of connectivity problems. One person who manages around 12,000 computers with KES installed noted a slew of calls to the help desk from users knocked offline.
Some IT admins said they were able to restore Internet access by shutting down the monitoring of certain ports or disabling the product's Web Anti-Virus component. But those were deemed temporary solutions at best.
Kaspersky did eventually acknowledge the problem, announcing a fix to the buggy update and offering a resolution. Kaspersky's response was posted by one of the forum users:
We apologize for the inconvenience. It does appear that there was a hiccup with an update pushed out causing Windows XP machines to lose Internet connectivity. An update was just released that should address the issue, what I will need you to do is:
To get XP users Internet connectivity (temporarily), please disable the Web AV component of your protection policy for your managed computers. After doing so;
In Security Center (or Admin Kit):
1) Go to the Repositories section >> (Right click) Updates >> All Tasks >> Clear updates repository.
2) Go to the Repositories section >> (Right click) Updates >> Download Updates
After taking this step, please run your group update task for Managed Computers. After the update has been pushed to your workstations, please re-enable your Web AV component in your protection policy. This should resolve the issue.
Some of the commenters were in the process of following Kaspersky's steps but noted delays in updating the repository. Several also had harsh words for Kaspersky for not addressing the problem more effectively.
"I just wanted to thank the good folks at Kaspersky for insuring that my hospital has either crippled or no AntiVirus," one commenter said. "The workaround of disabling A/V is outright stupid."
Another criticized Kaspersky's failure to respond to the many complaints on the forum.
"I can't believe that Kaspersky is not responding to any of these forums," the commenter said. "That is horrible. One more reason why we will be switching to a different antivirus vendor after the contract is done."
In a statement sent to CNET, Kaspersky confirmed the problem, noted the affected products, and described the lengthy steps to fix the issue.
Kaspersky Lab has fixed the issue that was causing the Web Anti-Virus component in some products to block Internet access. The error was caused by a database update that was released on Monday, February 4th, at 11:52 a.m., EST.
The problem was limited to x86 systems with the following Kaspersky Lab products installed:
- Kaspersky Anti-Virus for Windows Workstations 6.0.4 MP4
- Kaspersky Endpoint Security 8 for Windows
- Kaspersky Endpoint Security 10 for Windows
- Kaspersky Internet Security 2012 and 2013
- Kaspersky Pure 2.0
When these errors were reported, Kaspersky Lab identified an immediate workaround and recommended that customers experiencing problems disable their Web Anti-Virus or roll back the update to a previous version of the database. At 5:31 p.m. the same day, the problem was fixed by a database update being uploaded to public servers.
Customers need to perform a database update to resolve the issue. If an affected machine updates from the Administration Kit/Security Center console, then these updates will be downloaded automatically. If a machine updates directly from our servers, then the initial workaround step of disabling the Web Anti-Virus component should be applied first. Internet connectivity will then be restored and the customer will be able to download the most recent database update. The Web Anti-Virus component should be re-enabled after downloading the database update.
Kaspersky Lab would like to apologize for any inconvenience caused by this database update error. Actions have been taken to prevent such incidents from occurring in the future.