Windows users in the US continue to express their discontent with the forced, automatic switch from Kaspersky’s security products to UltraAV, but the two antivirus companies say they provided everyone with the necessary information in due time.

The transition kicked off on September 17, roughly two weeks after Kaspersky announced an agreement with Pango Group to take over its US user base following a ban and sanctions, and move it to UltraAV.

The deal was struck as result of a long-standing relationship between the two companies, part of which involved Kaspersky licensing a Pango Group VPN for its security bundle.

“Following the notice that KL would need to cease operations, we quickly started conversations with KL to ensure that their customers in the US had the best possible alternative to protect themselves and their devices. The discussions resulted in a commercial agreement between the two protection companies,” Pango told SecurityWeek.

As previously reported, shortly after the first users were migrated to UltraAV, many flooded online forums with concerns and questions over how the matter was handled, saying they simply woke up to Kaspersky’s antivirus being deleted and UltraAV, a product they knew nothing about, up and running instead.

The main complaint SecurityWeek has seen was related to an apparent lack of communication from both Kaspersky and Pango Group regarding when and how the transition would take place, and what other options were available.

Responding to an inquiry, Kaspersky pointed out that email notifications were sent to users roughly two weeks before the migration kicked off.

“Information about the transition has been communicated to all US users eligible for the replacement, in a series of email communications by Kaspersky and UltraAV,” Kaspersky told SecurityWeek.

Additional communication was also delivered to the affected users, both in-app and via Kaspersky’s website, according to Pango Group, which posted a dedicated welcome page and an FAQ page on the UltraAV website.

“Prior to the transition, customer communications were managed by Kaspersky directly. All users with valid email addresses received direct communications and all users had access to transition notifications in-app, on MyKaspersky account pages, and via Kaspersky Labs’ webpages,” Pango said in an emailed statement.

On September 24, the company updated its transition-related FAQ page to add the above statement and to note that Kaspersky’s notifications rolled out on September 5, and that “all Kaspersky notifications directed customers to ultrasecureav.com for more information about the transition.”

Pango told SecurityWeek that, following the switch, users received email communication from UltraAV explaining the transition, and that an in-app notification was displayed in UltraAV as well.

Both Kaspersky and Pango also underlined that users have the option to cancel their Kaspersky subscriptions should they choose to opt out and move to a different antivirus product.

“Users who did not wish to continue with UltraAV’s service had the option of canceling their subscription directly with Kaspersky’s customer service team and would not have received the update to UltraAV,” Pango said.

“Kaspersky’s US customers were notified about the transition in advance. Additionally, all tools are available so customers can decide whether they want to continue using this solution or not,” Kaspersky said.

Ten days after the transition started, however, users continue to express their discontent with how the transition was handled, both on Kaspersky’s forums and on several threads on Reddit.

While some have acknowledged that they might have missed Kaspersky’s email notification, others say they could not find the notification. Overall, the consensus is that neither company was straightforward in respect to how the switch to UltraAV would be performed.

For example, information posted on UltraAV’s FAQ page only hinted that the switch would be automatic: “No action is required. […] If you are a paying Kaspersky customer, when the transition is complete UltraAV protection will be active on your device.”

No consent, but the switch was in users’ best interest

Users underlined that the transition was performed without their consent and that they did not have the option to stop the migration process once it started. According to Kaspersky, regulation compliance was factored in when deciding to make the full replacement with a simple update:

“Conditions defined by the regulations required the discontinuation of our products’ functionality, so in order to fulfill our obligations before customers and to comply with US authorities demands, we found an alternative solution from our trusted US partner to ensure continuous protection,” Kaspersky said.

Pango, on the other hand, pointed out that the forced switch was meant to ensure that users would continue to be protected, and to ensure that the transition was a seamless one.

“In the security market, frictionless experience is of the highest importance. Most AV users are not technically savvy, and even the technical among us don’t pay the closest attention to our AV software on a regular basis,” Pango said.

“Our goal in this transition was to make the move to UltraAV as seamless as possible. […] If any friction were to be introduced into the process, it would be a virtual certainty that a large number of users would be left unprotected,” it added.

The company also underlined that the limited time frame to migrate all users required quick action: “While there are always things we could have done differently or potentially better, this situation is unique in terms of the limited time window to address issues, and the backdrop of Kaspersky being forced out of the US market.”

The transition, Kaspersky explained, will continue in waves. It should, however, be completed by September 29, as the cybersecurity company will no longer be allowed to sell or update its products in the US starting the next day.

“The transition applies only to users of Kaspersky consumer products in the US only and does not extend to other customers in other regions,” the company said.

In many forum posts, the disgruntled users said they immediately uninstalled UltraAV, claiming it acted unexpectedly, seemingly like malware, or caused crashes. Some complained about not being able to remove it, as it reinstalled itself after a system reboot, reinforcing the suspicion.

“We are seeing some customers having issues with the uninstall. So far it has been a small number, as most customers are satisfied with UltraAV. We are handling these through our customer support team and are releasing software patches as appropriate to address any issues or user feedback,” Pango said.

The forum posts show that most of the expressed concerns are also rooted in the fact that users know little about Pango Group and UltraAV, and Pango decided to address the matter directly on Reddit.

“While familiarity with Pango Group and the UltraAV brand is lower, our technologies have been in the market for many years as both direct to consumer products and white-labeled by many leading brands. We secure millions of users in more than 150 countries around the world,” a company representative said.

The Pango Group name is as fresh as it could be: it split from consumer security firm Aura on September 3, only two days before the Kaspersky to UltraAV transition was announced. The spin-off occurred four years after Aura acquired Pango.

Aura was founded in 2017. Initially named iSubscribed, the company changed its branding in 2019. By October 2021, the company had raised $650 million in funding, being valued at $2.5 billion.

But UltraAV, Pango Group claims, is a mature product that has been around for over 20 years, offering comparable protection to Kaspersky’s antivirus. The UltraAV engine, however, is apparently based on a solution from Indian company Max Secure Software, which was acquired by Aura a couple of years ago.

Related: Kaspersky’s US Exit Sparks Outrage as UltraAV Takes Over Systems Without Consent

Related: ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products

Related: Russian Security Firm Doctor Web Hacked

Related: A Year After Death, McAfee’s Corpse Still in Spanish Morgue