Jump to content
Sergey Korzukhin

[FAQ] System Watcher and bsshlp2 update testing

Recommended Posts

This is a mini-FAQ for System Watcher update testing.

 

Test collection:

Attached

 

Supported products:

KIS 2016 TR

KIS 2015 MP 2

KIS 2015 MP 1

KIS 2015 TR

KIS 2014

KIS 2013

KIS 2012

KIS 2011

Pure v2

Pure v3

Pure v4 (KTS)

KSOS 4

KSOS 3

LightAgent

KES 10

KES 8

SDK 8.5 Windows

SDK 8.3.3-*.* Windows

SDK 8.3.0-2.* Windows

SDK 8.2 Windows

 

OS coverage:

The products should be tested with supported OSes.

 

VM or real PC?

If you can, it is better to perform tests on physical computers (not VMWare or Virtual PC).

Also it would be useful to test with different hardware configurations: CPU, HDD controllers, motherboards etc.

 

Before testing:

Enable complete memory dump:

XP: http://support.kaspersky.com/general/dumps/6200

Vista: http://support.kaspersky.com/general/dumps/2142

Win7: http://support.kaspersky.com/general/dumps/7989

Win8+: http://support.kaspersky.com/general/dumps/10659

 

What to pay attention for:

- speed of scanning and disinfection

- crashes of the product and other apps

 

Short test plan:

1. During update, please launch a lot of applications to emulate the situation in which dumps occurred.

2. Check Reports of Updater: it should say that update was successful, report a problem otherwise.

3. Do not reboot your computer; make sure that modules versions are: klavasyswatch.dll - 2.3.5.796;

4. Turn the File Antivirus off and Turn off HIPS (Application Control + Firewall)

5. Perform the following tests:

 

A. BSS-detection testing

1. Run testbssdetecttool.exe utility as Administrator (run it from any folder, but not from C:\) (note: the C:\ drive should be present in the system, because utility creates files in the C:\ directory)

2. If you have default settings, then utility should be placed to Quarantine. If you configured product to show alerts, then you’ll have alert about this utility.

3. Note: on KAV/KIS build 11.0.1.400 due to a known issue, the status “Threats have been detected” stays on even after you click “Neutralize all”. This is a problem with product and is not related to System Watcher component.

 

 

B. Rollback with BSS Detection

1. Run SomethingToRollback.exe (utility copies itself to C:\TestBSSDetectAction.txt) Please note that .NET Framework 2.0 or higher is required for this tool to work.

2. If you have the default settings, then utility should be placed to Quarantine in 10 -50 seconds.

3. File C:\TestBSSDetectAction.txt should be removed in 10-50 seconds.

 

C. Manual mode - exit while displaying SW alert

0. Enable Manual mode

1. Run testbssdetecttool.exe utility as Administrator (run it from any folder, but not from C:\) (note: the C:\ drive should be present in the system, because utility creates files in the C:\ directory)

2. Check that product displays alert

3. Do not select any actions in alert, exit product. If alert is still displayed then select any action there.

Chech that there are no dumps

It's not necessary to check actions with test file

 

D. Manual mode - disable SW while displaying SW alert

0. Enable Manual mode

1. Run testbssdetecttool.exe utility as Administrator (run it from any folder, but not from C:\) (note: the C:\ drive should be present in the system, because utility creates files in the C:\ directory)

2. Check that product displays alert

3. Do not select any actions in alert, disable System Watcher in product's settings. If alert is still displayed then select any action there.

4. Enable System Watcher

Chech that there are no dumps

It's not necessary to check actions with test file

 

 

E. Rollback with BSS Detection - exit while displaying rollback alert

0. Enable Manual mode

1. Run SomethingToRollback.exe (utility copies itself to C:\TestBSSDetectAction.txt) Please note that .NET Framework 2.0 or higher is required for this tool to work.

2. Check that product displays alert. Select "Terminate, Delete (or "Quarantine).

3. Check that product offers to perform rollback

4. Do not select any actions in alert, exit product. If alert is still displayed then select any action there.

Chech that there are no dumps

It's not necessary to check actions with test file. It is not necessary to check rollback.

 

F. Rollback with BSS Detection - exit while displaying rollback alert

0. Enable Manual mode

1. Run SomethingToRollback.exe (utility copies itself to C:\TestBSSDetectAction.txt) Please note that .NET Framework 2.0 or higher is required for this tool to work.

2. Check that product displays alert. Select "Terminate, Delete (or "Quarantine).

3. Check that product offers to perform rollback

4. Do not select any actions in alert, disable System Watcher in product's settings. If alert is still displayed then select any action there.

5. Enable System Watcher

Chech that there are no dumps

It's not necessary to check actions with test file. It is not necessary to check rollback.

 

G. Behavior of System Watcher while typical use of OS

1. Perform usual activity on your computer

2. Install some software

3. Play games

4. Watch video and listen to music.

5. Use office-related software

6. Use software which is interacts with a network intensively (online music, video, other services, torrents, etc.)

7. Chech simultaneous work of severl users

8. Restart System Watcher component a couple of time, using GUI.

 

H. Behavior of System Watcher while typical use of OS while product is offline

1. Exit product

2. Repeat test G

 

Pay attention to:

1. Performance of product and system

I. Memory usage

II. Processor time usage

2. Product failures

3. OS Failures.

tools_for_sysw2.zip

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.