How to recover Kaspersky Security 10.1.1 for Windows Server if the kavfs service has crashed in PPL mode
Starting from version 10.1.1, Kaspersky Security for Windows Server features protection of the Kaspersky Security Service (kavfs.exe service process) using the Protected Process Light (PPL) technology.
Processes executed with the PPL attribute cannot be stopped or changed by processes without the PPL attribute. Use of the PPL attribute for Kaspersky Security Service provides solid protection of the service against external malicious actions and attempts to compromise the Kaspersky Security application. Strict access limitations to the process can make it more difficult to recover the application in case of failure, e.g., if the kavfs.exe service with the PPL attribute crashes and then fails to restart.
If this case, it will be impossible to recover the application using standard features (e.g. recovery or removal) due to restricted access to kavfs.exe. It will also be impossible to remove the PPL attribute from the process as it would imply compromising of the Kaspersky Security Service.
To recover the application after the protected kavfs service has crashed, follow the steps below:
- Disable the loading of the klelam.sys driver upon computer reboot. See the instructions on the Microsoft website.
- Recover the service. See the instructions in the application documentation.
The application’s functionality will be restored.
If the issue persists, submit a request to Kaspersky Lab Technical Support via Kaspersky CompanyAccount. Please include a detailed description of the issue.