TRUSTED ZONE…

How to configure the TRUSTED ZONE… for ‚POTENTIALLY DANGEROUS SOFTWARE (RISKWARE)’
To exclude Riskware like VNC, RADMIN etc… you’ve to include the scan option for riskware…

Sorry for german screenshots but I think you’ll understand it – if not ask me – thx!



Using this option will detect your VNC as a NOT-A-VIRUS application!

Now hit the TRUSTED ZONE… button (i'll explain it on using REAL VNC)


Use the VERDICT instead of OBJECT to set the exclusion correctly.
If you use the OBJECT as VNC4.EXE for example the VNC still will
be found because VNC will call other Objects like the wm_hook.dll etc.
To do it right you need to insert the VERDICT!

First you’ve to choose which SCAN METHODS should exclude your VERDICT…


To figure out the correct SYNTAX OF THE VERDICT…


…you’ve to SCAN your HD and Kaspersky will report you following result:

Now follow with RIGHT-CLICK the link to the Kaspersky Virus-Database….

…and copy the VERDICT to your clipboard.


PASTE VERDICT now from clipboard to your policy.


Now Kaspersky will NO longer find/report REAL VNC as NOT-A-VIRUS or anything else…

Hope this is usefull for anyone

Thank you for this FAQ, colleague

About the verdict to use, WinVNC can be detected under different names of threat :

# not-a-virus:RemoteAdmin.Win32.WinVNC.4110
# not-a-virus:RemoteAdmin.Win32.WinVNC.a
# not-a-virus:RemoteAdmin.Win32.WinVNC.b
# not-a-virus:RemoteAdmin.Win32.WinVNC-based.a
# not-a-virus:RemoteAdmin.Win32.WinVNC-based.b
# not-a-virus:RemoteAdmin.Win32.WinVNC-bases.c

That's why it's better to choose a common mask : not-a-virus:RemoteAdmin.Win32.WinVNC*

Finally, we can say that you can perform these different steps with Kaspersky Administration Kit, by modifying the properties of the correct policy.

Regards,
DB

I could not follow this in german and I do not see why one would want to exclude RealVNC specifically. are you concerned with the encrypted version or the free ware?

Hi onclejean,

i'm not concerned with Real VNC or anything like that i just used that as an example.

If you can for RISKWARE your system will detect all VNC cersion and other remote admin toolz - therefore you can exclude them from scan.
Also i recommend to exclude only that version you use a an admin if you do a exclusion as Tybilly mentioned in his post other users can also use VNC (if they gather admin rights) and you will never figure it out.

Also i remommend to scan archives because if the user is not allowed to install software he'll mostly be able to run software out of a zip file. I always used that trick in companies i worked before to have my toolz running