PSA: Kaspersky & Vista issues.

[Fullmetal Chocobo]

Basically, copying 16,384 files from one place to another results in an "out of memory" error in Vista (any version apparently). It seems to be the result of using Kaspersky Anti-Virus. The "fix" as of this time is to reset the computer, which resets the counter. Also, some users have stated that ending and restarted "explorer.exe" resets the counter as well.

This creates HUGE problems for situations such as:
-updating to Vista, and then copying original files over
-performing manual data / system backups
-graphic / animation users which moving of lots of files

Links:

Kaspersky forums

Vista 64.net forums

microsoft MSDN forums

HardForum forums

 

[bucwylde23]

This sucks. Perhaps this is why I could not get my pictures/music backed up to my external hard drive when I first installed vista. I have over 5,000 Mp3's not including album art, and a heck of a lot of pictures.

Do you know of any issues between Kapersky and Outlook 2007?

Whenever I close Outlook 2007 and reopen later on, I get a message that Outlook was not closed properly and it runs a scan on the data files. I disabled KIS and it seems to correct the problem. Not 100% sure on this yet, still testing.

 

[Fullmetal Chocobo]

Originally posted by: chrisg22
This sucks. Perhaps this is why I could not get my pictures/music backed up to my external hard drive when I first installed vista. I have over 5,000 Mp3's not including album art, and a heck of a lot of pictures.

Do you know of any issues between Kapersky and Outlook 2007?

Whenever I close Outlook 2007 and reopen later on, I get a message that Outlook was not closed properly and it runs a scan on the data files. I disabled KIS and it seems to correct the problem. Not 100% sure on this yet, still testing.

Yes, apparently there is another issue with Outlook 2007, but it is unrelated. There are several threads about it on the kaspersky forums, so I would check there. I myself do not have any info on that though, sorry. I'm going to keep digging, and I'll PM to you any info I find out that issue though.

 

[MmmSkyscraper]

Kaspersky FTL.

 

[mechBgon]

Originally posted by: chrisg22
This sucks. Perhaps this is why I could not get my pictures/music backed up to my external hard drive when I first installed vista. I have over 5,000 Mp3's not including album art, and a heck of a lot of pictures.

Do you know of any issues between Kapersky and Outlook 2007?

Whenever I close Outlook 2007 and reopen later on, I get a message that Outlook was not closed properly and it runs a scan on the data files. I disabled KIS and it seems to correct the problem. Not 100% sure on this yet, still testing.

I'm using KAV6 and Outlook 2007 on Vista x64. Haven't seen that problem.

 

[Robor]

Originally posted by: MmmSkyscraper
Kaspersky FTL.

:roll:

 

[MmmSkyscraper]

Originally posted by: Robor

Originally posted by: MmmSkyscraper
Kaspersky FTL.

:roll:

Your avatar suits you

 

[John]

Sobko @ 7.05.2007 - KL Russia Team

Hi. Microsoft assigned technical specialist to investigate this issue. I am getting touch with them. So, i think, addtitional info will be available very soon.

 

[Aeridyne]

Hey MechBgon, do you get the same error about "out of memory" when you copy a lot of files too?

 

[Aeridyne]

Originally posted by: John

Sobko @ 7.05.2007 - KL Russia Team

Hi. Microsoft assigned technical specialist to investigate this issue. I am getting touch with them. So, i think, addtitional info will be available very soon.

How in the world can they let a failure in their software that is so huge go unchanged? It seems like if they didn't fix it in a week or so that people would be bashing kaspersky like crazy on digg and slashdot n stuff... Waiting months just seems ludicrous, Norton or McAfee would NEVER get away with that.

 

[evilharp]

Originally posted by: Aeridyne

Originally posted by: John

Sobko @ 7.05.2007 - KL Russia Team

Hi. Microsoft assigned technical specialist to investigate this issue. I am getting touch with them. So, i think, addtitional info will be available very soon.

How in the world can they let a failure in their software that is so huge go unchanged? It seems like if they didn't fix it in a week or so that people would be bashing kaspersky like crazy on digg and slashdot n stuff... Waiting months just seems ludicrous, Norton or McAfee would NEVER get away with that.

The problem has been identified, and Kaspersky has issued a partial "hot" fix...

sobko post 4.06.2007 11:25

We found a reason of problem - occur when user try works with files with Extended Attributes usign explorer . KIS/KAV uses this api to support INetSwift technology. But problem will happen even KIS/KAV not installed and user have such files.

sobko post 6.06.2007 09:56

Disable self-protection, backup old klif.sys/cat, install using klif.inf and restart OS...

ps. dont forget choose right version - 32 or 64 bit driver smile.gif

Attached File(s)
Attached File mklif_noinetswift.zip ( 170.16k ) Number of downloads: 30

Link

INetSwift is the replacement for the "old" Kaspersky scan tool that used ADS (alternate data streams). Essentially, the AV checks to see if the file was modified since the last scan, if it has been modified it is scanned, if not it is skipped. The idea is that this helps to reduce the overall scan time on a system.

This "BIT" fix resolves the problem by removing inetswift, but Kaspersky is waiting on more info from Microsoft so that the problem can be resolved completely.

Edit: I was able to reproduce this error using the new KAV 7 TR.119.

 

[Schadenfroh]

Originally posted by: Aeridyne
How in the world can they let a failure in their software that is so huge go unchanged? It seems like if they didn't fix it in a week or so that people would be bashing kaspersky like crazy on digg and slashdot n stuff... Waiting months just seems ludicrous, Norton or McAfee would NEVER get away with that.

There is a double standard, no doubt. NOD32 is "getting away" with declining detection rates in comparison to their competitors, but no one is bashing them. Symantec (makers of Norton) produces fine enterprise level products (SAV) and the new Norton 360 seems to be a good piece of software, but people still hate them. The reason is that Kaspersky and eset (makers of NOD32) have a history of producing fine products and have amassed a considerable fanbase.


Reference: Detection Rate Thread

 

[mechBgon]

There was also the exciting episode where McAfee was deleting Excel.exe. I was a sysadmin at the time, and all I can say is thank goodness for Administrative Installation Points :shocked: because VirusScan Enterprise 8.0i deleted most of the employees' Excel executables point-blank. OMG THEY'RE TRYING TO MAKE A SPREADSHEET!!! MUST... STOP THEM!!! :Q

On the topic of Aeridyne's criticism... When I find a sample and submit it to McAfee, I might hear back from them after a couple weeks on 1 out of 10 samples, asking me why I think it's malicious :roll: When I submit one to Microsoft's OneCare or Defender teams, I never hear a thing and they never bother to add detection (I've checked this plenty).

When I submit a sample to Kaspersky, sometimes they email back shortly (like, 30-60 minutes) to say something along the lines of... well, lemme check my email...

Hello,

ani[1].htm_ - Exploit.HTML.IframeBof,
BaaaaBaa.class, java.class - Exploit.Java.Gimsh.a

These files are already detected. Please update your antivirus bases.

fi[1].php - Trojan.PHP.Nagual.a,
ibm00001.dll, ldupl.exe_, update.exe_ - Trojan-PSW.Win32.Agent.lu,
ibm00002.dll - Trojan-PSW.Win32.Sinowal.m,
script.js_ - Trojan.JS.Agent.e

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Erakhtin Kirill
Virus analyst, Kaspersky Lab.
e-mail: newvirus-a-kasperskycom
http://www.kaspersky.com/

Kaspersky does a dasm fine job earning their $50. :thumbsup: Not only do they respond to virus submissions, they let you have the new version using your old license (when KAV7 comes out, I can use my KAV6 license to run KAV7). Their Help file is painstakingly written in real English, with excellent descriptions of what does what, they have sweet Proactive Defense and Web modules on the pay-for version, and in my SiteAdvisor adventures they are usually one of the few at VirusTotal or Jotti that detects the fast-moving stuff like Zlob and DNSChanger.

If the worst thing they ever do is uncover a Windows Vista bug, then at least keep it in persepective. I think Microsoft should just license Kaspersky's engine for OneCare and get it over with :evil:

 

[bsobel]

How in the world can they let a failure in their software that is so huge go unchanged? It seems like if they didn't fix it in a week or so that people would be bashing kaspersky like crazy on digg and slashdot n stuff... Waiting months just seems ludicrous, Norton or McAfee would NEVER get away with that.

Consider the user base when making such a statement. McAfee or us would be under more preasure because frankly it would affect more people.

 

[John]

6+ months later and we now have a fix for the Vista ?Out of Memory? errors.

Although the problem occurs where users are running Kaspersky security products, it?s a kernel leak that lies at the root of problem (the problem?s not confined to systems running Kaspersky software, that just that this application seems to exacerbate the issue). This issue which has been known about for some months by both Kaspersky and Microsoft was reportedly due to be fixed in SP1, however the current beta of Vista SP1 does not contain a patch. Microsoft have now released a hotfix for the issue (you have to ask for it) which we tried out and can report that it works well to cure the out of memory problem on Vista installations, at least the ones that we could replicate (although the fix cannot be installed on the Vista SP1 Beta).

Read more....