Kav 5.0.383---NEVER AGAIN

Hi bigC.

Was the error message U got something like \Windows\System32\Config - A file needed for windows bootup is missing or corrupt?

If it was this is a common XP error where one of the registry files gets corrupted, has happened to me a few times in the past, last time was settin o&o defrag 8 to schedule a offline defrag, when i turned pc on next day i got that error.

 

Post removed.

Personal attacks will not be tolerated by anyone, please refrain from such and everyone will get along just fine.

Blackspear.

 

I BigC,

If you only loaded XPSP2 and this HP disc prior to loading KAV 5, then the system driver in question has to be on this HP disc. Hopefully Kaspersky Labs is able to detect the problem.

As you indicated, any anti-malware product is capable of a false positive. I think two signficant points are highlighted by this discussion:

1) No one should ever put their AV in Auto delete mode
2) AV vendors should consider putting in a fail safe alert message, before deleting any system file that might prove to be critical to startup. This is an important usability feature.

So instead of the title of this thread being: KAV 5.0.383 --- NEVER AGAIN, maybe more appropriately: Auto Delete ---- NEVER AGAIN.

Regards,
Rich

 

i have the same experience with BigC but on NAV. that's one reason why i quit nav. i chnage to KAV and til now its ok.

 

I've had similar problems with several types of security packages, which is why I never install a low-level package without an image copy (I made one before installing Online Armor), and I never use auto delete. Stuff happens ...

Cya,
Rich

 

Life is full surprises, isn't?

 

I had similar problems in the past. It could also be that there is some system conflicts caused by BigC's custom HP configuration which are simply totally unique to his machine.

Rich

 

From NAV to KAV.
Is that an improvement after reading bigC's experience ?

 

I have no doubt that bigc will get back on that horse as soon as KAV 6.0 is released.


snowbound

 

Well hopefully not as soon as it is released. Especially if it is on a custom build machine like BigC is using. Sometimes standing pat is the best place to be.

Cya,
Rich

 

bigc73542,

I'm sorry to notice your exprience mirrors that of mine.

KAV is having serious software quality control / compatibility testing issues with their recent builds.

If they cleaned up they act, I'm sure the number of people using and recommending their products would go up from the typical geek group, who know worships KAV (yes, I consider myself to be a geek, so it's not a derogatory term. It's empowerment).

 

After all that has transpired in this thread I realize that the title of the thread could have been something more approporiate. And rich you are right that the av makers should make it understood what the consequences could be with default settings set to delete. I was just trying the default settings to see how it worked, well regardless what caused my problem I have learned never set an av to delete without a prompt to do so With Kav I usually set it to max settings with extended bases and prompt on discovery of malware. But in this case My lapse in good judgement cost me. I never will set any av to default again. I really didn't care what caused the problem until I started thinking last night about 4:00 am and it got my curiousty aroused. Just as the comp shut down I got a glance of what Kav deleted and the more I think about it I think I might have figured out what it was Kav alerted on. There is a script type of file that they added that has something to do with the windows firewall and it is possible that is what it hit on. Well hopefully I will be able to copy the disc's and we will find out for sure.

 

Thanks for the update BigC. I totally agree that the AV vendors can be a lot more careful about the type of deletions they allow and when they allow them. Any deletion of a critical system or system-like file should be highlighted with a special alert, since the consequence could be a complete loss of the system - and possibly the loss of the system would be totally unnecessary. I think such an alert is a minor effort, and should be included in every AV.

Hopefully, you and KAV can find the source of the problem and the whole incident may help KAV better understand the consequences of Auto deletes on critical files.

Regards,
Rich

 

As an aside, the current build of KAV2006 defaults to "Ask me" for detected threats. KAV 5 can be justifiably criticised for having "Disinfect, delete if failed" as its default but false positives are an issue for every AV (I've had far more with F-Prot than KAV to date).

 

Hi,

Can someone please enlighten me here ??

My AV options under System Auto Protect has 3 choices.
1) Automatically repair the infected file. (recommended)
2) Try to repair then quarantine if unsuccessful.
3) Deny access to the infected file.

After reading Bigc's postings I have switched from option # 1 ..... to option # 2. Would this be correct ?

Also ..... under Manual Scan ..... How to respond when a virus is found.
1) Automatically repair the infected file. (recommended)
2) Ask me what to do.
3) Try to repair then quarantine if unsuccessful.

In this location I have option # 2 selected.

Any advice people ?

HR

 

None of the options under Auto Protect are desireable in the case of a false positive - option 3 would be the least harmful since the AV would not try to alter the file. For Manual Scan, option 2 is the best.

 

Hi Paranoid2000,

Thanks for responding ..... I guess the key then is knowing the difference between what would be a F/P and what would not be. In this situation it would probably be recommended to first check with the vendor before taking any action.

I have changed the Auto Protect selection to option # 3 as you have suggested.

Thanks Again,
HR

 

For the sake of argument I installed KAVP 5.0.383 - it's default action for an on-demand scan is to ask the user after the scan has been completed, not to automatically delete files.

For real-time settings the default is to prompt user for action.

While the auto-delete setting has been default in some older builds, this is no longer the case.

 

To everyone who reads this thread!

There seems to be some confusion as to what is the default setting when Kaspersky detects something, when using the default recommended settings.

The default setting in the real-time monitor is "Prompt user for action".

The default for the On-Demand scanner is "Prompt user for action once the scan is completed".

The confusion probably comes from the fact that there are also a recommended action setting, but as you can see this is not the default setting:





Also the "Riskware" detections which is only present in the extendedbases (which are hidden in "Threats and exclisions") are not false positive's, they are informational detections on programs which are considered riskware and when you switch from from the standard (hate that word, because it's more than enough for the everyday user) bases, you're informed that now Kaspersky will also scan the pc for potentially dangerous programs and you are recommended to use actions that require confirmation by the user (which is the default setting). When Kaspersky detects a riskware, this warning appears Riskware detected and that it is "not-a-virus": and the catagory with a link to it.

 

This could happen with all other AV (NOD32, Norton, McAfee...) if U change default settings.

Don't change default settings

KAV is great AV if you know how to use it.

 

"KAV is great AV if you know how to use it."

Until it silently quits on you, doesn't update, stops protecting the system and doesn't warn you.

All because of Kasperskys anti-piracy design that happens to hit a few legitimate users as well (withou any discernible reason).

oh well

 

Very disturbing information !!

I'm a bit curious as to why no one has made any comments on this ??

HR

 

Actually, comments of this nature have occurred on the KL forums. See here.

In my own case, I have run into a few instances where the update process only seems to have encountered a problem or two. This is on other family member PC's. During normal cleanup I'll notice that KAV WS has not pulled an update for a couple of weeks. It is set for auto check/download every three hours. Manually executing an update seems to cure the problem. No other symptoms or indications (i.e. no big message to update, no other obvious problems, scheduled scans appear to complete as planned). Has happended 3-4 times over the past year on two different machines.

Blue

 

While I think there may have been one time when KAV's GUI interface did not start up upon a reboot, their scan/detection protection service has always started up for me. If there is a known problem here, it would be interesting to get more information, particularly Kaspersky's reponse, either by email or on a forum.

Rich

P.S. I do seem to remember in an older versions of 5 (when it was first released), KAV shutting down without warning, but I haven't seen it replicated in the latest versions.