Vulnerabilities and Wizards Options

[Lucian Bara]

Vulnerabilities
One thing that should be cleared up before we start: These are not malware and these are not false positives.

So what are they?
Starting with the 2009 series Kaspersky Products include a new feature which allows scanning for vulnerable applications. Vulnerable applications are applications with security holes. There are two situations where you can encounter such applications:

• outdated software (Office, Java, Flash, Quick Time are likely candidates)
• vulnerable versions of a program dropped by malware to use as a backdoor (but that's in probably 1 case out of 10000, mostly it's just because you haven't updated them).

The vulnerability scan runs during the full scan and at the end the vulnerabilities are displayed in the Detected list together with an URL for details and a threat level. you can access the detected list by clicking the button in the lower right corner of the main window. This will bring up the detected list.
By right clicking the entry and choosing "Go to description" you can visit the viruslist web page which has details on that vulnerability including download links for the product. If the page is unavailable or if the download link isn't good, don't hesitate to open a new topic on the forum and ask.

Mostly you can just install that on top of the existing application. An exception to that rule is Java which you should remove through Add/Remove programs before installing the new version (it may appear more then once in the list).
After you update your application you need to run another scan to make sure the vulnerability is gone. A popup will ask you if you want to clear the list of vulnerabilities when running a full scan. So far there is no such think as a quick scan for the singular application, it may be implemented later.

Why update?
There are a lot of security holes in programs you use on your pc, these can range from moderate ones to highly critical ones which allow malicious remote users to access your PC. The producers create patches or updates to fix those security holes however not all users want to install them (they ignore the update now messages or the application doesn't have an update capability or a way to notify the user that a new version is available).

I am still getting detection, but i updated the program
First take a look if the detection didn't change (does it still go to the same page when you choose to view the description?). Second, where is the file located?
In some cases Temporary files or installer caches maybe detected. If it's the first you can clean your temporary folder. If, however, it is a installer cache or install kit you should leave it alone. You can create an exclusion for the package.

Exclude an application from a vulnerability
If you want to do that for some particular reason you can do it by right clicking the entry and choosing "add to exclusions", in the next window click ok. This is shown in this example:

However excluding it isn't recommended, you should update it.

This post has been edited by Lucian Bara: 5.03.2009 23:53

[Baz^^]

System Analysis Wizards

Starting with Version 2009 product line up, Kaspersky now includes a number of wizards which can help you to tweak settings on your computer, for example browser and privacy options, or to reverse damage which may have been caused after a malware attack. Only one wizard can be run at a time, and each has it's own function as described below:

Security Analyzer Wizard
The Security Analyzer Wizard scans your Operating System, browser and installed applications for damaged/incorrect settings and vulnerabilities. It can be located under the "System Security" tab in the main interface.

There are two types of scan that can be performed by the Security Analyzer Wizard:

• Fast diagnostics: This will only scan your computer and browser for incorrect browser settings.
• Full diagnostics: This will peform an analysis of the installed applications on your computer and notify you of any vulnerabilities caused by out-of-date or unpatched software, in addition to the actions of the "Fast diagnostics" scan. This scan may take noticably longer to complete scanning.

System Restore Wizard
The system restore wizard can be found under the "Anti Malware" tab, and is used to help restore lost functionality after a malware attack. This includes restoring access to features such as Control Panel, Task Manager and Regedit.

Malware will sometimes disable access to these resources in order to prevent you from removing it, and even after your antivirus has removed the "infection", these restrictions will still likely remain.

For example, if you try to open Task Manager, you may be given such an error message:

In this case, after dealing with the main infection, we would use the System Restore Wizard in order to restore access to the Task Manager.

The animation below shows start and use the System Restore Wizard:

Notice that after the analysis, the Wizard will present you with two seperate types of action:
Strongly recommended and Recommended

Actions that fall under "Strongly recommended" are those which are likely to be as a direct result of malware activity and restricting your control over the computer.

Actions that fall under "Recommended" are those which do not pose an immediate danger and may not be necessarily the result of malware activity. It may however be beneficial to perform the recommended actions too. You have the option to check/uncheck the boxes by each of the actions performed by the wizard. If you uncheck an action, then the Wizard will ignore that action and not perform it.

If your computer continues to be restricted the next time you reboot after running the System Restore Wizard, this may indicate an active infection is still present, in which case you are advised to open a new topic and seek help on the forum.

Browser Configuration Wizard
This Wizard can be found under the "Online Security" tab.

The Browser Configuration Wizard scans your installation of Internet Explorer for browser settings which may be putting your security at risk.
This Wizard will only affect settings of Internet Explorer, so browsers like Firefox and Opera will not be analysed.

It is also important to note, that taking up some of the recommendations of the Browser Configuration Wizard may result in some websites not displaying correctly, due to the fact that the Wizard analyses browser settings purely from the security perspective, not from the perspective of user experience.

Privacy Cleaner Wizard
The Privacy Cleaner Wizard can be found under the "Content Filtering" tab.

This wizard searches for traces of user activity on the computer, such as lists of recently opened files, cookies, web history (Internet Explorer only) and other log files stored by Windows, and allows you to clear/delete them.

Please be aware that using this Wizard to clear certain options like cookies will mean that certain websites which use cookies to store your personal preferences will be reset.

This post has been edited by Lucian Bara: 11.05.2008 23:34