Source: The Next Web
Russian security firm Kaspersky Lab is having a very poor start to the week. Thousands of Windows XP machines were cut off from the Internet late last night after an antivirus update crippled Internet access for home and business users.
The update (version 18.104.22.1681) killed off HTTP traffic on Windows platforms. Customers of the software took to Twitter and reported the issue on the company’s forum. A user by the name of “bradb21″ described the problem as follows:
Other users confirmed the issue, noting they could not access internal (on company networks) or external (on the Internet) websites. Many noted that Windows 7 did not appear to be affected. Some users tried rolling back the update in question, others disabled the software’s Web protection, and a few manually unblocked the ports 80, 443, and any ports they may have been using for a proxy.I have ~12,000 machines running KES8 and my help desk started getting calls about an hour ago saying users were having problems accessing various web sites. I did all my typical troubleshooting and was not able to find a problem and I was not having the problem on my Linux machine that I use on a daily basis. So I went over to some of my lab Windows XP machines and I was having the same problem. I was able to change a setting and tell KES to stop monitoring port 80 and then I could then access the web sites again. I turned the monitoring of port 80 back on and it broke the browser access again. I can not find any logs as to what is going on. I was able to roll the updates back in KES8 on one machine it the browser was working with port 80 being monitored…. so it seems like a bad update or something that went out.
The good news is that Kaspersky issued an update on Tuesday morning to address the problem. The bad news is that in many cases it will require user intervention: the update should install automatically but some users will have to disable the Web protection component first.Kaspersky Lab has fixed the issue that was causing the Web Anti-Virus component in some products to block Internet access. The error was caused by a database update that was released on Monday, February 4th, at 11:52 a.m., EST.
The problem was limited to x86 systems with the following Kaspersky Lab products installed:
- Kaspersky Anti-Virus for Windows Workstations 6.04 MP4
- Kaspersky Endpoint Security 8 for Windows
- Kaspersky Endpoint Security 10 for Windows
- Kaspersky Internet Security 2012 and 2013
- Kaspersky Pure 2.0
When these errors were reported, Kaspersky Lab identified an immediate workaround and recommended that customers experiencing problems disable their Web Anti-Virus or roll back the update to a previous version of the database. At 5:31 p.m. the same day, the problem was fixed by a database update being uploaded to public servers.
Customers need to perform a database update to resolve the issue. If an affected machine updates from the Administration Kit/Security Center console, then these updates will be downloaded automatically. If a machine updates directly from our servers, then the initial workaround step of disabling the Web Anti-Virus component should be applied first. Internet connectivity will then be restored and the customer will be able to download the most recent database update.
Kaspersky Lab would like to apologize for any inconvenience caused by this database update error. Actions have been taken to prevent such incidents from occurring in the future.