A faulty antivirus update issued by Kaspersky Lab on Monday left many of its home and business customers unable to access any websites on their computers.
Systems administrators using Kaspersky Endpoint Security (KES) on their corporate networks started reporting the problem on Kaspersky’s support forum on Monday afternoon, Eastern Time. The reports kept piling up until late in the evening.
“I have ~12,000 machines running KES8 and my help desk started getting calls about an hour ago saying users were having problems accessing various web sites,” one user named bradb21 reported.
Other users confirmed the problem and attempted to troubleshoot it themselves. Some reported success after disabling the Web protection component or turning off the product’s monitoring for port 80, 443 and other Web proxy ports.
Users later posted responses they had received from the company’s technical support representatives. This included a recommendation to temporarily disable the Web antivirus component on the affected computers via the management console, force them to perform a new definition update and re-enable the Web antivirus.
Most users reported that the problem manifested itself only on Windows XP systems. However, the faulty update didn’t just affect business antivirus products, but consumer ones as well.
“The issue was caused by a database update released on 4/2/2013 at 8:52:00 PM MSK [Moscow Standard Time] that resulted in the Web Anti-Virus component in some products blocking Internet access,” a Kaspersky representative said Tuesday via email. “The problem only affected x86 systems with the following products installed: Kaspersky Anti-Virus for Windows Workstations 6.04 MP4; Kaspersky Endpoint Security 8 for Windows; Kaspersky Endpoint Security 10 for Windows; Kaspersky Internet Security 2012 and 2013; and Kaspersky Pure 2.0.”
The problem was fixed with a database update released on Jan. 5 at 2:31 a.m. Moscow Standard Time (Jan. 4 at 5:31 p.m. ET), according to the Kaspersky representative.
Computers that download updates via the Kaspersky Administration Kit or Security Center management console will receive the fix automatically. However, computers that are configured to download the antivirus updates directly from Kaspersky’s update servers will need to first have the Web Anti-Virus component disabled, the Kaspersky representative said.
“Kaspersky Lab would like to apologize for any inconvenience caused by this database update error. Actions have been taken to prevent such incidents from occurring in the future,” she said.
Faulty antivirus updates are not uncommon and nearly every antivirus company has had to deal with them at one time or another. The impact of a bad update, however, is different from case to case and can range from a mild annoyance to hours of downtime.
There have been cases when bad antivirus updates deleted critical system files and left computers unable to boot into the operating system. In such situations, fixing the problem can require manual intervention, which can be a very time consuming task, especially on corporate networks with hundreds or thousands of computers and offsite branches.