Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting (click here to read the full text RU/EN)   09/20/2017

      Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published. || По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.

Update of Avengine/Kavbase, ARK, QSCAN, SWMON

Recommended Posts


We are asking you to test Avengine/Kavbase, ARK, QSCAN, SWMON modules update

Update available from: http://iro.kaspersky-labs.com/


Release date:

13 Nov 2017 (start of targeting)


Update description:



1)      swmon.kdl          (, MD5: B4490F8CBA9993297EC3E1AF7D6499B5)

2)      swmon32.dat    (, MD5: 98136B7118F24B832D91019FE9F51C9E)

3)      swmon64.dat    (, MD5: 36C2E8687F2A37EF9F804C842D363C7F)

4)      swmon_32.dll    (, MD5: 323DC235178ED214ADAACE544E07C14E)

5)      swmon_64.dll    (, MD5: 46BFFE52F4465CEBD7C29F77CD645700)

6)      swmon_drv.kdl (, MD5: 3E625901CE43E15097B4AFD8794567A4)


1)      swmon.kdl          (, MD5: B9074218AB7C54A51ECE6C858D8A4D1F)

2)      swmon32.dat    (, MD5: DEF5ABCCA41FED0F8A9BF066E4948F0D)

3)      swmon64.dat    (, MD5: 378C0D4BC0CBFED93894CB0283ABC57F)

4)      swmon_32.dll    (, MD5: AB353CB542735C82EFD545D96AE1A7C7)

5)      swmon_64.dll    (, MD5: 36C985CC3DE07334439BB8C956687172)

6)      swmon_drv.kdl (, MD5: 3392A119589CAD2936BCD279ECC27816)



1) Detect Vmware UM interceptor

2) New logic to detect KLHKUM (TFS 2431529)

How to test


For Windows,Linux, FreeBSD, MacOS

avengine.dll (x86, unmod)


MD5: 7AF1FA4A7063A884E6F86067568D0DF3

avengine.dll (x86, mod)


MD5: 44721575337529DF0DECD418858E18D4

kavbase.kdl (x86, unmod)


MD5: 3BFCC8067C598D458196E9F1D6873BAC

kavbase.kdl (x86, mod)


MD5: 0C688B962B4B6491588735D4CA2E0BCB

libavengine.so (x64)


MD5: D560F7883FEF608AD581899972E215D1

kavbase.kdl (x64)


MD5: 45F35FC580B5F698E7CE43805378C0EE

avengine.dll (x64)


MD5: 622ED68ADFE347BD0AD6159862E36062

libavengine.dylib (x86)


MD5: D51D55FD723AFDADE62329CB4E1F9D44

libavengine.so (x86)


MD5: C335481E6B6D9BA5BDBB3938EA004BFA

libavengine.so (x86)


MD5: C3B0F4ED1B53156E1ED403A35B2EA745

libavengine.so (x86)


MD5: A50BC59DAA0DC0FBD5AC155AB83A9362

libavengine.so (x64)


MD5: 968C7F913A6BE4BAB6662B615EFA8A7E

libavengine.so (x64)




  • Fix [KES11} ODS. Some samples from collection were not disinfected
  • Add support FileMapping
  • Dump fix

Avengine: How to test

Kavbase: How to test



qscan.kdl (md5: b15a578025d6967cf8738c39b2b814f9 )

kavsys.kdl (md5: 12d064af3aa3677b0af1b6a84f9cd9c6 )

klark32.dat (md5: 1a317131f2a1ad745419ef6f100db210 )

klark64.dat (md5: 6d3ea434891eaefb9bf1bf46a0d8c6f8 )

klark32.drv (md5: e7206b00e626749caeccb7d355cd0d6e )

klark64.drv (md5: 3d8b3598e023d2370ce01d2d1a644830 )

klbg32.dat (md5: a2d0e6ddaf5ec4550842e81d3c40a6a7 )

klbg64.dat (md5: aa2292a9262e014c0fe5f2520e91e6b5 )

klbg32.drv (md5: 03d030ba4c32686749583221450c332b )

klbg64.drv (md5: 49dda33b5a43b6222429b9e26fa7c3fa )


Mod version:

qscan.kdl (md5: 90390b2e6c7fd40fbbc33e9573e08edf )

kavsys.kdl (md5: 6170921e04e1bb10d418f23f9184d061 )

klark32.dat (md5: a93e0ffcb0e99275be761f56f3f3334b )

klark64.dat (md5: 2bea14cee62ccfe86329bac354af45ec )

klark32.drv (md5: 8baf27c8d2855142aab0a4597481f50d )

klark64.drv (md5: 0bf0a65acad840f89aff23f10960e187 )

klbg32.dat (md5: ee004c2d0e071ab215e0ec1c798022ea )

klbg64.dat (md5: 8ab7c996eb76a49a08185ae2b1283808 )

klbg32.drv (md5: eb35d803748376a7abc310150cce49a0 )

klbg64.drv (md5: 3422253be14d58ad8712bf405c8fa36d )

 How to test




arkmon.kdl (md5: 7e42de9970b9dd7f0aefb50e11193c8a )

arkmon32.dat (md5: 59999fdb4e252541afc2908fda3416f1 )

arkmon64.dat (md5: 26e8e9528c1d28c7a8c36d43f5538044 )

arkmon32.drv (md5: e2ddd5659311ad1835e5756a950b02a4 )

arkmon64.drv (md5: 53812426f96605ce7466f078bbd38a1c )

mark.kdl (md5: 530e9c942728887785edd7f0e661de43 )

mark32.dat (md5: 9860981c45eecf300eb98a083a028668 )

mark64.dat (md5: 9d4dd27a56cc30bf9f8d558ecfe93ef0 )

mark32.drv (md5: d9a173904a45413ab136f3f749b906b2 )

mark64.drv (md5: 469c046986e9cef73a2f6234477df3ba )


Mod version:

arkmon.kdl (md5: 97d95931d2094a3c18f61b06f7e53096 )

arkmon32.dat (md5: 9def4dc24d4849ea54acd3fbb165f8fb )

arkmon64.dat (md5: 448d0ba42b7dcfd902f878575d49cde8 )

arkmon32.drv (md5: b1045a230a2afe3309532f14bc844ea8 )

arkmon64.drv (md5: c4e91afa5afc23bdc8cc2f6f9400eadf )

mark.kdl (md5: 2b335224da912bcbd9913f988d848f39 )

mark32.dat (md5: 0327f3a5b4679fe4d27e3685af36fe6b )

mark64.dat (md5: b3745f637c7a2b14baad45970e9e2988 )

mark32.drv (md5: bdb97cf6511527dc7e7e0515efd77c1a )

mark64.drv (md5: 5cbc8d07c5ac2bc9e861da676de7ead0 )



1)      Support for Windows 10 RS3

2)      CR 2316315 implemented

3)      Bugfixes (2397202, 2216915, 2217253, 2365844, 2369848)

4)      Modules no longer packed

 How to test


How to update:

Update etc

Share this post

Link to post


May I ask, does the changes for kavbase.dll include a new about 50MB kavbase.xxxxx.xxxxxxxxx.kmc database cache? It happened after the module updated.

Does it contain some certain antivirus signatures that rarely modified so that overall performance will be better?


Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now