Jump to content
Sergey Korzukhin

Testing of Anti-Rootkit and UDS

Recommended Posts

Hello!

We are asking you to test Anti-Rootkit and UDS modules.

 

Release date:

13.10.2014

 

Update description:

 

1. Changes:

ARK

- bugfix

 

UDS

- bugfix

- performance optimizations

 

2. Files:

ARK:

 

This is a targeted delivery.

User will get:

 

arkmon.kdl 1.6.3.1 (md5: 17721213727e08998b9e3a74f97a8de9)

arkmon32.dat (md5: a79d74bc3b9340149ae8358797915d69)

arkmon64.dat (md5: 91d3efccff1a3b95abffd0cfad58fee9)

mark.kdl 5.6.2.1 (md5: 35135545dc52614f6e863f3b83d58d4b)

mark32.dat (md5: f0286fb8b288966143fd41166c8b8f26)

mark64.dat (md5: 4bd8fc5131aee7fe1bf00257de61b95c)

 

or

 

arkmon.kdl 1.6.3.1 (md5: ef2960ea49cacd970aface57bdc7650d)

arkmon32.dat (md5: c1b626e822c9d6c630b2a90451c2ccff)

arkmon64.dat (md5: 8f9fd073ab9b3d80ded8783feb4bfad7)

mark.kdl 5.6.2.1 (md5: 7957ec0f1536b620bceac0dcc413ca58)

mark32.dat (md5: fa132e1181d112f3cd01880230f69f36)

mark64.dat (md5: 7d682323ed06f3d0a20487895cc34f8c)

 

 

UDS:

 

This is a targeted delivery.

User will get:

 

uds.dll 4.8.0.114 (md5: 68daeecead995d74278a8168f9a35699)

 

or

 

uds.dll 4.8.0.114 (md5: f5b69f586b37cf2095967ddd348d210b)

 

 

Testing FAQ:

ARK

UDS

Update etc

Share this post


Link to post

I've changed Updating source in my KIS2015MR1 15.0.1.415 (W8 Ent. x64 Real system) to http://dnl-test.kaspersky-labs.com/test/iro/

 

And I got this update:

 

post-5997-1412582643_thumb.png post-5997-1412582651_thumb.png

 

but I'm not sure whether this update info is correct... not so big...

 

Added:

 

I'm a bit confused here, I have the same uds.dll and mark.kdl MD5, but not the same in the cases of files arkmon32.dat & arkmon64.dat, and I don't have mark32.dat & mark64.dat

 

Regards.

Edited by harlan4096

Share this post


Link to post

Your screenshot shows only a small part of the detailed update report. Maybe it would be better to save it as text file and attach it here.

 

Regarding the update for ARK component, if you are using version 2014 or above you should get the files from the first set. The files are stored in C:\ProgramData\Kaspersky Lab\AVP15.0.1\Bases\klava\log* (can be opend with 7-zip for example). Please note that arkmon32.dat and mark32.dat are only for 32-bit systems, arkmon64.dat and mark64.dat are only for 64-bit systems.

Share this post


Link to post

Hello guys, sorry for long absence.

 

There were some problems in index files.

Please recheck with 2015, it should work now - files should be from one of the sets.

Share this post


Link to post

W8 Ent. x64 (Real System) + KIS2015 MR1 15.0.1.415 Spanish.

 

1.- Quick Scan (Highest Security Level) adding some folders to Scope:

 

post-5997-1412869301_thumb.png post-5997-1412869314_thumb.png post-5997-1412869372_thumb.png

 

2.- RootKit Scan:

 

post-5997-1412869326_thumb.png post-5997-1412869337_thumb.png

 

3.- Disinfection (EICAR Test) placing th 4 samples in Desktop & StartUp folder, running a Quick Scan (Highest Security Level) with Standard Scope:

 

post-5997-1412869346_thumb.png post-5997-1412869774_thumb.png post-5997-1412869355_thumb.png post-5997-1412869362_thumb.png

 

Added:

 

4.- Rebooted system and no dumps.

 

5.- During AD 2 temporal files were created in my Desktop: msdxwwtc.sgb & gzsyyhtn.kgr

 

Regards.

Edited by harlan4096

Share this post


Link to post
W8 Ent. x64 (Real System) + KIS2015 MR1 15.0.1.415 Spanish.

 

 

Added:

 

 

4.- Rebooted system and no dumps.

 

5.- During AD 2 temporal files were created in my Desktop: msdxwwtc.sgb & gzsyyhtn.kgr

 

Regards.

 

Many thanks for the testing.

And what about these temp files, were they deleted after reboot or no?

Share this post


Link to post

Looks like these were released to regular update servers:

r3L4x, получается что да, когда внимание со стороны сотрудников к данному разделу притих...

Переходим на релизные сервера

;)

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.