Gene15644

Subsequent actions.... I will retain Kaspersky on other systems that I have here. I would counsel Kaspersky to consider a "sandbox" option or "chain of custody" of compilation feature for popular development tools. 1. The virus checker enforces a discipline onto installed software but exclude programs that are freshly compiled. The ware should ask the user if this is required.... 2. That the virus check examines code that tries to alter other exe files, tries to invoke system calls and other more sophisticated functions. Alternately an "extension" similar to those for Web Browsers, that applies to popular development tools. This extension would monitor compiling and linking to generation of an *.exe file. Thus verifying a good process, the Heuristic could be applied and seamlessly report deviations back to Kaspersky. This service would seamlessly help Kaspersky refine their Heuristics while improving the quality of compiled code. This might be a premium feature that Kaspersky could offer only to interested customers? I would gladly pay for such a feature. I do not know what would be required to implement any of requests. I do see opportunities for Kaspersky to gain market share into the developer community by offering these services.

Here's my concern.... I do not want to have to request a waiver/exception/"this is OK" for every unique version of code that I compile. Imagine if each time that I change four lines of code and Kaspersky "sees" a nuisance problem, that it binds up a system, then forces a reboot. If Kaspersky has their process, then I will need to adopt my process - a machine without Kaspersky, a VM or some other work around. I will continue to use Kaspersky for 'routine' malware checks. I've had very few "pass throughs" over the years. Works well... in this case, too well.

One other thing - Trojan writers can now take advantage of this known flaw to spoof Kaspersky users. Anyone who develops C or C++ on a system will blow off Trojan "warnings" because "Hey, that's my Kaspersky". This is known as a false positive vulnerability. People do not take the product seriously and ignore problems. Worse, they drop Kaspersky. The outfit loses marketshare.

Hi, Berny, I agree with your evaluation. I would have followed this course except that there is at least one other post on this forum regarding VHO:Trojan.Win32.Convagent.gen. This happened almost a year and a half ago. Almost precisely the same origin - someone was writing C code. In my case, C++, given how most compilers roll it's "potato/potatoe". So this kind of error is "known" to Kaspersky. A known flaw that is over a year and a half old. They have not been able to discriminate between the product of a C++ compiler and a genuine Trojan? Do I need to take this approach each time that my compiler generates a false positive? What is the time required for resolution, so that Kaspersky doesn't "see" this particular flaw? So for this particular addition of code... double add( double x, double y, double z) { return add(add(x,y),z); } Do I need to undergo this process while I relearn C++? I don't have the bandwidth to babysit my Malware checker and learn a language. You are probably aware of the process that happens when a "trojan" is found. 1. EVERYTHING stops while Kaspersky looks for collateral damage. That's about twenty minutes. 2.The device restarts. 3. Microsoft gets into the act to clean up damage. Reboot. We're talking twenty minutes of lost time because I called a function by reference? Can't I create a sandbox? I have alternatives. I can remove Kaspersky from this system. I'd rather not do that. Another is to get a beefier machine, install the compiler into a VM. That's tedious too. Isn't there a way to adjust Kaspersky to allow for these exceptions?

Good Day: VS 2022 ver 17.4.3 Win 10 - 10.0.19044 Build 19044 If I compile this, no problem..... #include <iostream> #include <complex.h> using std::cout; using std::cin; using std::endl; double add(double x, double y) { return (x + y); } int main() { int total = add(3, 4); cout << "3 + 4 is " << total << endl; double another = add(1.2, 3.4); cout << endl; cout << "1.2 and 3.4 is " << another << endl; cout << "Hello World!\n"; } If I compile this, having added four lines I get a complaint of VHO:Trojan.Win32.Convagent.gen // #include <iostream> #include <complex.h> using std::cout; using std::cin; using std::endl; double add(double x, double y) { return (x + y); } double add( double x, double y, double z) { return add(add(x,y),z); } int main() { int total = add(3, 4); cout << "3 + 4 is " << total << endl; double another = add(1.2, 3.4); cout << endl; cout << "1.2 and 3.4 is " << another << endl; cout << "Hello World!\n"; } } double add( double x, double y, double z) { return add(add(x,y),z); } int main() { int total = add(3, 4); cout << "3 + 4 is " << total << endl; double another = add(1.2, 3.4); cout << endl; cout << "1.2 and 3.4 is " << another << endl; cout << "Hello World!\n"; } I don't see this code snippet changing the code to resemble a trojan. double add( double x, double y, double z) { return add(add(x,y),z); } This is an obvious false positive, at least that is my take on it. There was a previous post regarding Convagent.gen but if after a year and a half of this reappearing.... what do I conclude? Kaspersky is still having problems with this code. Any thoughts? Any way to change the settings on either the development environment or Kaspersky? Of course there are solutions, but they are cumbersome... 1. Install a Windows VM without Kaspersky 2. Remove Kaspersky from this machine. 3. Configure Kaspersky to create a sandbox. 4. Kaspersky can fix their ware. 5. Make changes to the VS 2022 so that it does not generate "Trojans". Option 3 seems best, followed by Option 5.

In parting? The support in the US was not getting it done. I'm coming here from now on. Berny saved me the misery of having to find a new Anti-Virus software. He saved Kaspersky a paying customer. I'm an employee of a large US company. He saved the reputation of Kaspersky there too. I'm in Customer Support. Every customer matters.

Added advice from my following of Igor's suggestion... 1. Be sure to disable self defense. Otherwise the System will not let you change the name of the folder. 2. You still require administrative privilege to change a folder name in this critical area of the system. a. Be sure that you have administrative privileges b. To change the name - right click on the folder, look below for the "Rename" with a shield that shows Administrative privileges. Click on that to initiate a rename of the folder from Report to Report1. 3. Reinitialize self defense under settings. 4.. I took the precaution of restarting the system to allow the Kaspersky to "find everything". I hope that this augments Igor's instructions. They do work.

Hi, Igor, I did as you suggested, and Chrome now works. As far as I can tell, Igor, there were no visible side effects. I am very grateful to you for this suggestion. Сбасибо болшои и Молодец! Gene

Good Day: I am running Kaspersky 21.3.10.391 (j) on Windows 10.0.19044 x64 on a Core I7 @ 3.4 ghz. 16 gb. 500 Gigabyte free. I am using Firefox 104.0.2 and Brave 1.43.89 Chromium 105.0.5195 Google announced a vulnerability with Google Chrome recently. I noticed that I had an "older" version. I tried to update it, but could not do so. I needed to shut off Kaspersky to perform an update I updated to 105.0.5195. Since I performed an update Kaspersky seems to be blocking Chrome. I say this because if I turn Kaspersky totally off, I can use Chrome. If I come to a site while Kaspersky is off, I can see it. Sometimes either Chrome or Kaspersky "remembers" the site and will let me see it while Kaspersky is on. Normally I get the following displays on Chrome for "unlearned" sites.