Jump to content
fernandogoodboy

HEUR:Generic.Unknown.Cryptor

Recommended Posts

Dear Forum,

KSC 10.5.1781

KES 11

Kaspersky 10.1.0.622 for server with patch core 1.

Kaspersky 10.1.0.622 is installed on server 2016.

the product Blocks accessing files and says that it is infected by HEUR:Generic.Unknown.Cryptor (Encryption attempt detected)

on version 10.0.0.486 the issue was a bug and kaspersky made a fix as patch core.

how about in this version?

is it again false - positive detection  or something else?

screen shot is attached.

BR,

event.jpg

unkown.jpg

Share this post


Link to post

Hello,

I don't remember making any fixes for RND files modification in 10.0's AntiCryptor... And by the looks it seems like the only solution for this could be excluding *.RND files from protection.

But to be sure, can you please collect product tracing when the false positive is happening?

Share this post


Link to post

Thanks for the traces.

It seems the only way to overcome this is to add this exclusion to the AntiCryptor settings:

*\PUTTY.RND

I don't think this file needs protection from encryption anyway...

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.