Kaspersky Anti-Ransomware Tool for Business (Beta)

@Iangh it is for solving compatibility issues, when you have no incompatibility, you can leave it off

 

Yup, it's only when you need to reproduce an issue and submit a bug to the developers.

 

Thanks, good to know.

 

For those interested how this free tool compares to the System Watcher component in paid Kaspersky versions: KART doesn't have proactive Exploit blocking and the ability to terminate undetected screen lockers via a key combination (ctrl+alt+shift+F4).
I'm a bit disappointed that it lacks Exploit blocking, but as long as the payload is detected it's fine.

Also, if you see "PDM:Trojan.Win32.Bazon.a" and similar "variant .a "detection, it's a cloud behavioral detection. If you're disconnected from the internet you'll only see the "traditional" behavioral detection names like PDM:Trojan.Win32.Generic from local rules.

 

Possible bug? Exit KAR and then go into Programs to restart. Icon does not re-appear as expected, the service shows as stopping (crashed). Solution is re-start.
Win10, alongside WD. Is it just me?

 

I've exited/started the app several times with no issues, Windows 10 Enterprise 2016 LTSB (1607). Do you have any .dmp files in C:\ProgramData\Kaspersky Lab or subfolders located there?
You'll need to enable Show hidden folders to see it (or just copy the location in explorer location bar)

 

No. It's just me!

 

It looks like closing KAR does not stop the service properly. If I go into Services I can stop and restart KAR instantaneously with the icon disappearing and re-appearing as it should. However, if I click exit on the icon there isn't a proper stop. Main display says it is still running, yet properties invites me to start it, with starting it bring back the icon.

 

pdfcreator was causing the problem. KAR now performs as should after stopping pdfcreator so uninstalled it.

 

Anyone else having multiple instances of the GUI?

 

I have had instances where 2 have shown in processlasso but there weren't two tray icons so I ignored it. I posted about uninstalling pdfcreator but having installed processlasso there have been times when exiting did not properly stop the service. Also, wife showed me a few times a pop-up that said she didn't have an internet connection (she is wireless while I am wired) when she did, therefore I have uninstalled it. I'll try the next update as I like the idea of a cloud white-listing tool. As a free complement to WD I am looking at this or Dan's VS (when finished in the very near future) - anything with minimal pop-ups when installing clean programs. To be honest, I'm not sure I need a complement given my browsing habits, but since becoming a member here I have acquired a dose of malware paranoia! I somehow don't think I'm the only one.

 

I think the GUI checks for internet connection, service is up and running so quickly that it often does not find a connection on startup

 

On WIN8 and later, the network should be ready.
On WIN7 and older, the network takes some time...

 

EDIT: using event viewer to check blocked outbound connections,

Code:

The Windows Filtering Platform has blocked a connection.

Application Information:
    Process ID:        404
    Application Name:    \device\harddiskvolume2\program files\kaspersky lab\kaspersky anti-ransomware tool for business 1.1\anti_ransom.exe

Network Information:
    Direction:        Outbound
    Source Address:        192.168.0.112
    Source Port:        57392
    Destination Address:    192.168.0.1
    Destination Port:        53
    Protocol:        17

 

Trying it just for fun and so far no problems, and it also feels very light.

What I don't understand is the icon of the AV, it isn't the typical "K" from Kaspersky but a white checkmark inside an octogon (or someting like that) ...

 

Yes in terms of branding it is unusual, but it fits the 2D black and white design of the system tray icons very well, it rotates as well and is nicely designed.

 

I have to disagree.
It's to small, poorly visible and does not indicate, what it stands for.
Also it is not clear, what the rotating outer octagon indicates, while there is an inner octagon, that is standing still.
To inspect, I needed the magnifying glass...

 

The sum of all the internal angles of any octagon is 1080. According to Lima Freitas, the number 1080 is linked "to the metaphysical negation of the death by the triumph of the Spirit". On top of that it rotates, so it obviously is a pro-active tool to prevent your data from dying, kindly given to us, earthlings, for free with the help of the creative spirits in the cloud. The programmers from Kapersky must have laughed their pants off when choosing this icon.

EDIT:
The sum of all the internal angles of any octagon adding up to 1080 is the clue, becaise 1080 also makes sense in leatspeek. In leetspeak the 1 stands for L, the 0 for O and the 8 for B, 1080 becomes LOBO which is an abbreviation for Left Out of Battle Order, possibly meaning left out of encryption/ransom.

 

'The sum of all the internal angles of any octagon is 1080. According to Lima Freitas, the number 1080 is linked "to the metaphysical negation of the death by the triumph of the Spirit". On top of that it rotates, so it obviously is a pro-active tool to prevent your data from dying, kindly given to us, earthlings, for free with the help of the creative spirits in the cloud. The programmers from Kapersky must have laughed their pants off when choosing this icon."


ok wild whatever you are on I want so me of that

 

He's from the Netherlands, so I guess the stuff is from a coffee-shop...
coffee, of course

 

Learn something new everyday, in the most unexpected of places.

 

"Live Webinar - Taking the Mystery Out of Ransomware"

2:00 central time usa. august 25th

https://attendee.gotowebinar.com/re...lMmx0ZDJCcXp6UGJINTZYeDB2dHVSejRmbE5yOD0ifQ==

anybody attending

 

I did the test of this program (check my Youtube canal).
This program is free for all until the end of the year...what will happens after I don't know...

https://forum.kaspersky.com/index.php?showtopic=355273

 

Thx where did you read it is free until end of this year?

 

On that link from Kaspersky forum is writen: testing from 9.8. - 31.12.
And someone on Malwaretips forum say it....or maybe is that just time for open beta...