Probably still some registry keys of EmsiSoft and/or 360 TS leftovers, if still no go after the others suggestions, I would use this tool (freeware): http://www.resplendence.com/download/RegistrarHomeV8.exe To search all registry keys from those 2 products, it lets You search and delete all the the keys , selecting them all...
This is related to various issues with HIPS and Registry\Rights modules that you have and I have discussed.
About 1 or 2 weeks ago I sent to "System Watcher" devs a video and collected traces (KTS2018 in defaults settings) showing how a malware ran and auto dropped to folder \AppData\Local or \Roaming\ and set a registry in Windows Scheduler without any warning/alert... From my experience, many months testing samples in 2 different forums, in general this kind of Kaspersky bypass are always coming from concrete variants of MSIL samples, with them K. always let them to run, drop a copy to \AppData\Local \Roaming and even set a registry key in Windows AutoRuns sections or Windows Scheduler... I guess may be an issue classifying this kind of MSIL variants and/or probably also an issue related to HIPS as You mentioned...
MSIL uses .NET Framework. K whitelists all .NET Framework objects. It could be the fact that the malware is abusing whilelisted Windows processes and\or something else.
Stupid qt but I have 21 days of trial remaining for KIS , if I activate the license will the 21 days be added to the license or 21 days will be gone ?
I've been seeing false positive issues the last couple of days. PowerPoint, LastPass, etc. I'm gonna dump this if it continues. Anyone else having any issues?
I don't see false positives on lastpass or powerpoint. KIS is, so far, smooth, light and silent. May be this is due to custom settings? Anyone know if and when they will support Microsoft Edge?
No false positives here as well.. running heuristics at max and with pup detection on... Using KIS 2018 and Office 2016 with all the updates installed.
I had Trusted Applications mode on when it blocked the LastPass update. I turned it off. There was an update for Office 2016 that I applied late yesterday and today it deleted a PowerPoint file from an update folder. Log from the PowerPoint update: 21.07.2017 08.29.47etected object (file) deleted;C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\F7DBD6EC-BBD3-465E-BB5E-92FB53DEA3A1\root\Office16\POWERPNT.EXE;C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\F7DBD6EC-BBD3-465E-BB5E-92FB53DEA3A1\root\Office16\POWERPNT.EXE;UDSangerousObject.Multi.Generic;07/21/2017 08:29:47 From the LastPass update: 19.07.2017 08.13.51;Access by the application to the module is blocked;C:\Windows\SysWOW64\msvcr71.dll;C:\Windows\SysWOW64\msvcr71.dll;LastPass Installer;07/19/2017 08:13:51 Not that I expect anyone here to do anything about it, just clarifying what happened.
I had no problems until the last couple of days after running it for months. In any case I turned it off after the LastPass incident so it was not even on when I had the PowerPoint issue on 2 machines. Unfortunately much like Norton it just deleted files with no options and nothing in quarantine. I'm very tempted to run with nothing at this point.
Will '17 keys from the newegg bargain thread work on the '18 releases? I've never used K so I have no idea.
It may not be shown on the US website yet, but this is the link for the installer, so you can install it now: https://products.s.kaspersky-labs.com/english/homeuser/kfa2018/kfa18.0.0.405aben_12579.exe