Jump to content
Sign in to follow this  
wguru

KAV'411 sees Apoint.exe as "Keylogger"

Recommended Posts

Just upgraded (or so I thought) to the latest KAV6 (6.0.411).

 

Several oddities resulted (after 1st uninstalling KAV) after/during fresh install. Kaspersky needs a new key before activating (unless we use trial and await new key) and is unable to detect my pc as an existing (paid) subscriber.

 

Tried using the 2005 KAV6 CD's key, then tried the one given by KAV support (for the last time I upgraded), but no soap. As I've not seen any link or instructions for providing new key during install, nor at K's website, I'm running trial version (6.0.411) now.

 

It gets better.

 

Before initial scan, updated definitions and noticed prompt 'saying' I needed to install SP2 regardless that it's already installed.

 

Then the 1st scan says my Apoint.exe is a keylogger. Assume this's a false postive (but denied it permission anyway) and nothing in editor's journal about this 'false positive'. Note, 'Apoint' is my Sony VAIO's OEM provided Alps Pointing-device Driver, ref the laptop's touch pad, etc. So naturally one might assume it logs keystokes.

 

Sooo, I'm busy now uninstalling the trial version and drilling internet for latest version of KAV6 to install.

 

So many issues and so little time.

Share this post


Link to post
...1st scan says my Apoint.exe is a keylogger.  Assume this's a false postive...

 

Okay, found the forum's previous posts about Apoint.exe. Added it to trusted zone. As that program (Apoint.exe's) should be a staple, why is it being flagged as a kelogger and the lab's virus knowledgebase NOT saying anything about it when 'we' click the hit's 'more info'? All the site says is "KEYLOGGER"?

 

One would think the 'more info' would get users to the virus.com's database which should be telling us that if Apoint.exe attributes (size, location, etc.) are normal, that this in effect is a 'false positive' (and to simply add it to trusted zone)?

Share this post


Link to post

So my question still remains to be answered.

 

It sure seems like it deserves answering with one of two resolutions, as opposed to 'add it to trusted zone'.

 

The reason being since KAV doesn't require Windows LogOn window to be added to the trusted zone, obviously KAV designers give valid 'acting like a keylogger' executables a free pass, so what makes this executable any different?

 

Why did not my replies provide the obvious 'yes KAV shouldn't necessitate alerting to apoint.exe' just as it shouldn't alert to user keyboards 'acting like a keylogger'.

 

Would have hoped that a reply here would have said, oh ya, KAV sometimes is a bit slow on the uptake by recognizing valid 'acting like a keylogger' programs/executables, but what makes this one (Apoint.exe) so different in that it seems a little ridiculous not to have it at least placed on the list of definitions, so everytime a new KAV user runs their OS, they're all not drilling the net to determine if their apoint/exe has been modified and/or if KAV is false positiving.

 

I seem to recall having posted/submitted not only the file for analysis, recommended it be acknowledged as nothing alertable or neccessary to be 'trust zoned', so why isn't someone agreeing with me and apparently why hasn't KAV admonished this executable to a non-alertable status??

Edited by wguru

Share this post


Link to post

Because there is no "white list" of safe applications for the PDM.

 

 

It reacts on components regardless of safety/legitemacy.

 

This will get much better in the next version which will have a huge database of safe and dangerous applications, hence cutting down on these type of alerts.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.