Jump to content

Recommended Posts

Hello all,

 

Any idea why a couple of old trojan test tools are added to the trusted zone with a default install of KIS?

 

TrojanSimulator.exe

TSServ.exe

 

Just curious.

 

Oops:

KIS 2012 12.0.0.374 (j)

Edited by norwegian

Share this post


Link to post

Hi norwegian,

 

Maybe because they are not malware, and/or they are signed, and/or they are known to KSN as safe, and/or Heuristic analysis showed they were ok?

post-47457-1347080567_thumb.png

Share this post


Link to post

 

Hello richbuff, hope this finds you well?

 

As for detection, it is neither signed nor known to the KSN, but it is placed into the "trusted zone".

I'm just surprised it wasn't put into the "low restricted".

I understand it is a simulator and old, just curious why the heuristics didn't even flinch, surely something like these would give a questionable alert and look at the "low restricted"?

I can not see any signed .exe info either, guess the heuristics are that finely tuned, I'm just surprised that's all.

 

As I've mentioned elsewhere, I know KIS can be adjusted to alert to this, that I have no problem with.

But for default settings there is nothing and it is a loaded as a trusted application.

 

 

This is Baz's reply in 2008 - http://forum.kaspersky.com/index.php?showtopic=87798

That is the main thing to note here.

 

Why detect something that isn't harmful?

 

The file is put into "trusted" group by KIS 2009 because it is made by a real (safe) company and does not have any malicious functions. If you want to use this "test" then you must move the application into the low restricted application filtering group. Any malware or unknown file would not be placed in the trusted group so this test is of negligible value.

 

The first alert you get is the application setting the registry run key. If you block it (as recommended in the popup, it gives an error and can't complete the "simulation")

 

Filealyser doesn't show any company referencing either?

 

No biggie.

 

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.