Jump to content
rhamblin

Behavior Detection exclusion

Recommended Posts

KES 11.0.1.90

KSC 10.5.1781

I keep getting a behavior detection Malicious Object detected on a file server. I know this is a false report and is causing lots of issues after it rolls back some file moves.

I need to exclude this detection but I cannot identify the application. I know it is a piece of software on a different server interacting with a file server as it should. But the software has multiple .exe files and all Kaspersky tells me is image.png.3ce6076bb6e0a6b19956d8ac0d28e9e5.png

Share this post


Link to post

Ok,Is this what you're looking for, I've had to do it in three sections to get all of the columns in

   

image.png

image.png

image.png

Share this post


Link to post

Hello!

Could you please provide the fll GSI report with eventlogs from the affected machine? 

Thanks!

Share this post


Link to post

The Full GSI is 16101KB so I cannot attach. Is there another way to get it too you?

Share this post


Link to post

Is it possible to add all of these executable files to exclusions? Is it possible to add a folder(with this programm) to exclusions?

Thank you!

Share this post


Link to post

But the applications are on another server, and the server which has the malicious issue only shows it as being an external connection. How would it identify the program?

Share this post


Link to post

In that case you can just exclude all the network share from scan task scope and create an exclusion at "Trusted zone".

Is this solution acceptable for you?

Share this post


Link to post

Is there no way to exclude behavior detection based on the source of the behavior?

Share this post


Link to post
7 часов назад, rhamblin сказал:

Is there no way to exclude behavior detection based on the source of the behavior?

Hello!

In this way it can be network share with this application.

thank you!

 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.