Re: 'Kaspersky Software Updater' keeps installing, but I got rid of Kaspersky AV

LogMeIn Central is the common thread across multiple clients, Windows servers and personal computers suddenly listing Kaspersky Updater on their installed software list. 

I WOULD RATHER THIS DID NOT HAPPEN.   

Hopefully LogMeIn Support can convince me it is GOOD to have installed as well as advise me on how  remove it and how to stop it from being installed.  

I also spoke with a logmein tech about this. The kaspersky updater isn't part of an antivirus but is used for updating third party software. It's normal for all central installs if you want to be able to update non-microsoft software. It's a tool for updates.

Not sure why it was so difficult to get this answer from them.

Talking to LogMeIn tech support, the engineer said they are not installing the Kaspersky Updater, he sia dhe is 100% positive sure LogMeIn anti-virus doesn't use the Kaspersky Updater.

I just discovered that it is still happening. A brand new computer just rolled out a month ago that never had Kaspersky on it,  now does. The user would have not installed the Kaspersky Software updater - it could have only come from Logmein Central. This is very concerning.

From the registry the new guid...

MsiExec.exe /X{EB3EB252-23C8-4E03-89DA-3D9BC479BB69} /qb

I don't think they have to be marked for automatic updates in Windows.  If they are subscribed to Application Updates in LogMeIn Central, Kaspersky Software Updater will be installed.  

Vitor, 

This is incorrect. On all of the computers in my account this software was installed. None of them are marked for automatic updates. LogMeIn should stop misleading its customers when it knows better. 

LogMeIn is either guilty of incompetence or negligence - in either case its business practices are shady. 

We use a different application for 3rd party software so I actually had "Application Updates Disabled" set on every computer on my network since LMI's application update inception. When this went down, my Nessus scans revealed that LMI had installed the Kaspersky updater on every machine on my network, servers included. It was flagged as a Critical vulnerability on my network since it installs with improper permissions set on its .dlls

Hello,

The Kaspersky software updater should only be installed if you opt a computer to be part of the Applications feature. ( in your Central console, under application you need to set a computer to be either Automatically update or Manually update) if neither of those are checked the program does not get installed. 

BangHeadHere the Kaspersky Endpoint Protection software will attempt to uninstall any local av's it finds, but again the admin needs to choose to push the KES to the users. 

Best,

Vitor 

last week LMI "somehow" installed Kaspersky on hundreds of our company computers and uninstalled the Anti-Virus that we were running already

Silent uninstall string is

msiexec.exe /x{DEEDA858-A9B4-4212-8873-2F2CE2706E68} /qb

It may be part of their new 3rd party software updater system, so if you use that check for further guidance. We don't.

I'll post back if the software recurs after this removal.

Edit 10/27/17 - So far, no recurrance of the installs.

It looks like LogMeIn autoinstalled Kaspersky Software Updater without asking. Additionally, it was installed in an insecure manner introducing a vulnerability on every machine on my network. It installed the KSU service and gave "Everyone" control over the service therefore unprivileged users can modify the properties of this service, allowing an unprivileged, local attacker to execute arbitrary code or commands as SYSTEM.

https://support.microsoft.com/en-us/help/914392/best-practices-and-guidance-for-writers-of-service-discretionary-acces

https://msdn.microsoft.com/en-us/library/ms685981(VS.85).aspx

This is Unacceptable. Additionally, there doesn't seem to be a silent uninstaller, which means every system must be visited.

LogMeIn - where do you get off autoinstalling Kaspersky software onto our machines?