DarkWav

Its sadly NOT fixed with patch E 😐 .

After providing detaild information and samples, the bug has been forwarded to the product development. From what I can telll it isn't fixed in patch D, yet.

Thanks for the advice, I'll do that :slight_smile:

I did, the logs are attatched below. Heres what I did: Run the sample with all settings at default. Run the sample with System Watcher Application Activity Controlll set to "Delete Application" Run the sample with System Watcher Application Activity Controlll set to "Terminate Application" Run the sample with System Watcher Application Activity Controlll set to "Ignore." Thanks

Thanks for the reply :relaxed:. Yes, I tested on both my real machine which meets all requirements (16GB RAM + 8x4.70GHZ CPU Intel 9th gen, NVidia Maxwell GPU (900-series) with Driver 436.02) as well as a freshly installer virtual machine inside virutalbox, both running latest Windows 10 1903 with no other security solution asides integrated windows defender installed. The described behavoir can be observed on both machines equally.

So, I recently tested Kaspersky 2020 (Security Cloud Free) in a virtual machine and tested its system watcher capabilities. For doing this, I use my own custom program that is completely harmless by itself but its installer uses a really... let's say shady way to install the program into the local user autostart directory. The "shady" installer is successfully detected by both version 2019 (19.0.0.X) and 2020 (20.0.0.X). Both flag the installer as PDM:Trojan.Win32.Generic, the typical generic behavoir alert. Version 19 then terminates the program, deletes the installer executable and rolls back all actions it did, as intended. Version 20 however also terminates the installer and rolls back all of its actions, but guess what? It just leaves the installer on the disk and doesn't move it to quarantine, even though it clearly identified it as malware! This could have many reasons. It could be a major critical flaw in Kaspersky System Watcher. It could be that fact that SW is now smart enough to detect my installer is not actually malicious enough to instant delete it and chooses to just terminate it instead. But it gets worse............ When you go to system watcher settings and set the action to "delete application" or "termiante application"..... The installer just fully bypasses Kaspersky, like System Watcher was set to "Ignore"! (The tray icon turns red shortly but then the AV just ignores the threat). Now my question is... Is this behavoir in ANY kind normal?! Has anyone else tested system watcher yet and expirienced the same issue? If not where can I report this bug?