Kaspersky KAV/KIS/KTS/KS 2018

Discussion in 'other anti-virus software' started by 3x0gR13N, Jan 31, 2017.

  1. harlan4096

    harlan4096 Registered Member

    Joined:
    May 6, 2008
    Posts:
    234
    Location:
    Almería (Spain)
    Probably still some registry keys of EmsiSoft and/or 360 TS leftovers, if still no go after the others suggestions, I would use this tool (freeware):

    http://www.resplendence.com/download/RegistrarHomeV8.exe

    To search all registry keys from those 2 products, it lets You search and delete all the the keys , selecting them all...
     
  2. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    This is related to various issues with HIPS and Registry\Rights modules that you have and I have discussed.
     
  3. harlan4096

    harlan4096 Registered Member

    Joined:
    May 6, 2008
    Posts:
    234
    Location:
    Almería (Spain)
    About 1 or 2 weeks ago I sent to "System Watcher" devs a video and collected traces (KTS2018 in defaults settings) showing how a malware ran and auto dropped to folder \AppData\Local or \Roaming\ and set a registry in Windows Scheduler without any warning/alert...

    From my experience, many months testing samples in 2 different forums, in general this kind of Kaspersky bypass are always coming from concrete variants of MSIL samples, with them K. always let them to run, drop a copy to \AppData\Local \Roaming and even set a registry key in Windows AutoRuns sections or Windows Scheduler...

    I guess may be an issue classifying this kind of MSIL variants and/or probably also an issue related to HIPS as You mentioned...
     
  4. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    Wilders Security
    MSIL uses .NET Framework. K whitelists all .NET Framework objects. :cautious:

    It could be the fact that the malware is abusing whilelisted Windows processes and\or something else.
     
  5. harlan4096

    harlan4096 Registered Member

    Joined:
    May 6, 2008
    Posts:
    234
    Location:
    Almería (Spain)
    Good point!
     
  6. ReverseGear

    ReverseGear Guest

    Stupid qt but I have 21 days of trial remaining for KIS , if I activate the license will the 21 days be added to the license or 21 days will be gone ?
     
  7. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I think the 21 days will be gone and your license will start ticking.
     
  8. ReverseGear

    ReverseGear Guest

    Then I will wait for 21 days to activate the license.Thanks
     
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    You are absolutely correct.
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I've been seeing false positive issues the last couple of days. PowerPoint, LastPass, etc. I'm gonna dump this if it continues. Anyone else having any issues?
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    I don't see false positives on lastpass or powerpoint. KIS is, so far, smooth, light and silent.
    May be this is due to custom settings? Anyone know if and when they will support Microsoft Edge?
     
  12. Marcelo

    Marcelo Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    276
    Location:
    Rio de Janeiro, Brazil.
    No false positives here as well.. running heuristics at max and with pup detection on... Using KIS 2018 and Office 2016 with all the updates installed.
     
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I had Trusted Applications mode on when it blocked the LastPass update. I turned it off. There was an update for Office 2016 that I applied late yesterday and today it deleted a PowerPoint file from an update folder.

    Log from the PowerPoint update:
    21.07.2017 08.29.47:Detected object (file) deleted;C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\F7DBD6EC-BBD3-465E-BB5E-92FB53DEA3A1\root\Office16\POWERPNT.EXE;C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\F7DBD6EC-BBD3-465E-BB5E-92FB53DEA3A1\root\Office16\POWERPNT.EXE;UDS:DangerousObject.Multi.Generic;07/21/2017 08:29:47
    From the LastPass update:
    19.07.2017 08.13.51;Access by the application to the module is blocked;C:\Windows\SysWOW64\msvcr71.dll;C:\Windows\SysWOW64\msvcr71.dll;LastPass Installer;07/19/2017 08:13:51

    Not that I expect anyone here to do anything about it, just clarifying what happened.
     
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    That's explain why I am not experience the issue. I did not turn it ON here.
     
  15. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    Don't even think to use Kaspersky's trusted applications mode or most of your updaters will fail :)
     
  16. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    you should be getting notifications about TAM blockings..
     
  17. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    I had no problems until the last couple of days after running it for months. In any case I turned it off after the LastPass incident so it was not even on when I had the PowerPoint issue on 2 machines. Unfortunately much like Norton it just deleted files with no options and nothing in quarantine. I'm very tempted to run with nothing at this point.
     
  18. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    That is unfortunate. I am starting to think the same. :\
     
  19. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Kaspersky Version 18 is finally out :thumb:
     
  20. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    Including the long awaited free version. ;)
     
  21. Marc Hufnagel

    Marc Hufnagel Registered Member

    Joined:
    Apr 11, 2017
    Posts:
    16
    Location:
    USA
    Will '17 keys from the newegg bargain thread work on the '18 releases? I've never used K so I have no idea.
     
  22. Marc Hufnagel

    Marc Hufnagel Registered Member

    Joined:
    Apr 11, 2017
    Posts:
    16
    Location:
    USA
    Apparently not in the USA yet.
     
  23. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    It may not be shown on the US website yet, but this is the link for the installer, so you can install it now:
    https://products.s.kaspersky-labs.com/english/homeuser/kfa2018/kfa18.0.0.405aben_12579.exe
     
  24. Marc Hufnagel

    Marc Hufnagel Registered Member

    Joined:
    Apr 11, 2017
    Posts:
    16
    Location:
    USA
    interesting. thank you
     
  25. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,623
    Location:
    USA
    Yes, they will work.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.