Jump to content
Ivicask

Kaspersky mail antivirus deleting all xlsx from email attachment

Recommended Posts

I just finished installing Endpoint latest version including admin center in one company, and on one PC it keeps deleting all xslx files, it doesnt say it contains any virus just that it deleted them, i check in admin centar where i selected to delete unsafe extensions and there isnt xslx ticked, i even tried deleting the rule and its not helping.

I downloaded deleted copy on my pc and scanned it with same AV and it says it safe.

Im out of ideas what to do, i dont want to disable unsafe attachment deleting because they get alot of spam and viruses usually so this protects them even better.

attachments.PNG

deleted.PNG

Share this post


Link to post
8 minutes ago, Ivan.Ponomarev said:

Hello!

Please state your software versions. 

Thanks!

Endpoint Security 10.3.0.6294

KSC 10.4.343

Share this post


Link to post

Please be adviced tht an .xlsx file is a container that has many types of files in it, so if some of the listed for deletion files are detected in this .xlsx file, this attachment will be deleted. 

Thanks!

Share this post


Link to post
21 minutes ago, Ivan.Ponomarev said:

Please be adviced tht an .xlsx file is a container that has many types of files in it, so if some of the listed for deletion files are detected in this .xlsx file, this attachment will be deleted. 

Thanks!

Well ok, but why doesnt kaspersky tell me which of extension inside it flagged if it didint xlsx it self, how do i know which extension i need to remove for this customer?

Share this post


Link to post
Event name		A backup copy of the object was created
Severity:		Info
Application:		Kaspersky Endpoint Security 10 Service Pack 2 for Windows
Version number:		10.3.0.6294
Task name:		Mail Anti-Virus
Device:		BERISLAV-ZELKOM
Group:		Managed devices
Time:		22.1.2018. 8:57:15
Virtual Server name:		
Description:		Event type:     A backup copy of the object was created
Application\Name:     Microsoft Outlook
Application\Path:     C:\Program Files (x86)\microsoft office\root\office16\
Application\Process ID:     10544
User:     BERISLAV-ZELKOM\Berislav_ZELKOM (Active user)
Component:     Mail Anti-Virus
Result\Description:     Backup created
Result\Threat level:     High
Result\Precision:     Exactly
Object:     [From:"hera" <hera@hera.hr>][Subject:FW: Prikupljanje podataka o maloprodajnom i veleprodajnom tržištu plina_4. KVARTAL 2017][Time:2018/01/22 08:51:22]//OPSKRBA I TRGOVINA PLINOM - 2017_4. KVARTAL.XLSX
Object\Type:     Email attachment
Object\Name:     OPSKRBA I TRGOVINA PLINOM - 2017_4. KVARTAL.XLSX

To me it looks like its deleting xlsx directly, dont see any info on other flaged extension.

Share this post


Link to post
9 minutes ago, Ivan.Ponomarev said:

Is it possible to set the option to rename instead of delete?

What is the result in this case? 

Thanks!

Thing is, i dont want them even renamed, we already got in past zero day cryptolocker  which Kaspersky did not detect, and it was in some regular extension like exe or bat.So its safest for me to simple delete all such extensions, they have no place in email attachments.And if renamed, user will be confused and wont be able to open it(xslx)..

I have a copy of this file, i dont see any other extensions inside of it, i dont understand why Kaspersky deletes them.

 

I attached the file, could you maybe check it?

Zelinske komunalije_271117.xlsx

Edited by Ivicask

Share this post


Link to post

The file is ok, but due to this file is a container tha t has several different files in it, it is deleted by the mail anti virus because of the security setting. 

It contains a .bin library that triggers the mail AV.

Thanks!

Share this post


Link to post
13 minutes ago, Ivan.Ponomarev said:

The file is ok, but due to this file is a container tha t has several different files in it, it is deleted by the mail anti virus because of the security setting. 

It contains a .bin library that triggers the mail AV.

Thanks!

Oh so its bin, yes i have that ticked ON, ill try removing it for now as bin files arent that big security concern.Thank you.

Share this post


Link to post
23 hours ago, Ivan.Ponomarev said:

Please keep us informed about the issue. 

Thanks!

it seams to be fine for now, if it happens again ill report back.

 

But still, would be good Kaspersky gives more detailed info on which extension it flagged for easier debugging.

Share this post


Link to post
6 minutes ago, Konstantin Antonov said:

Can we mark this topic as solved?

Thank you!

Yes, thank you.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.