Had a notification when I came in this morning of a virus. I'm running Windows 7 32bit, Lotus Notes 8.5, and Kaspersky Anti-Virus 6.0.4.1212. File is : "C:\program files (x86)\IBM\lotus\notes\assr.dll"

It looks as a false/positiv. Did you scan the quaratine after an update?

I am see this as well on brand new installs of Lotus Notes 8.5. I am sure it's a false positive. My problem is I have no idea how to use the Admin Kit to tell all the workstations to ignore it. It seems only my upgraded 6.0.4.1212 workstations are misreporting this file. Any suggestions on my best course of action here? I am still learning my way around the Admin Kit and have never had to deal with a false positive.

¿What version of Admin kit you have installed?

You can add assr.dll into the trusted zone. But I think it not the best way.
By your words: this file was only found as infected by version 6.0.4.1212 and not by 6.0.3.837. Right?

Version 8.0.2048

Correct, many of my users are still on 6.0.3.837 and that version doesn't report the file as infected. The 6.0.4.1212 workstations are in their own group running different policies, mainly since the old converted policies didn't work very well.

As Helmut said, you must add affected library assr.dll in trusted zone, please follow this:

1) Open Admin Kit.
2) Go to: Managed computers>>Policies>>Protection Policies-Windows Workstations>>Settings>>Trusted Zone
3) Try creating rule in "Trusted Applications" tab: %programfiles%\IBM\lotus\notes\assr.dll
4) Apply, save and if you want / can: start Lotus or restart computer.

Tell us your results!

Tried this. added it with both the %programfiles% and also as Program Files (x86)

KAV is still picking it up as "Packed.Win32.Krap.w"

Did you try only filename? Like "assr.dll"?

I was able to successfully add a Exclusion Rule to ignore this file. I have pushed the updated policy out and have verified that it is no longer being flagged. I used the %programfiles%\IBM\lotus\notes\assr.dll path and Packed.Win32.Krap.w as the Threat Type. Then for the component type I selected both scan and file anti-virus.

I'm not sure why I picked Exclusion Rule over Trusted Apps when creating this rule, but it worked so I not gonna argue. Hope this helps you nadams.

Thank you victorm and Helmut for taking the time to help with this issue. If anything else related to this issue pops up, I will let you all know. Cheers.

Thanks for this... I had only "File Anti-Virus" checked, and I was testing my settings by running a scan on the folder... so of course it flagged the file. Setting the threat type is not required as long as the file name is explicitley set.

Still, Kaspersky should probably fix this false positive before other people get bit.

Well, try creating exclusion like image...

Or try sending the file to newvirus@kaspersky.com with subject "False Positive" and attach assr.dll in zip format with password: infected

I had the same problem with Notes 8.0.2 and found the phone support guy was pretty good. He just walked me through adding the exception and presto! no more problem.