maxmathew

First, web-antivirus has a Website Reputation Database, if a website have a many malicious url which has been detected by kaspersky, This website will be blocked. It is a normal threats response. mega.nz is a download and file share website, the resources stored on this website are diverse. The reputation value of this type of file sharing website may be much higher than that of the website you mentioned, so it will not be blocked after a few malicious links are discovered. Regards. Thank you for the information you gave. But I gave these examples (mega.nz, github.com,...) to indicate that blocking simple download sites just because of the fact that the reputation system shows malware is distributed, is a wrong system,in my opinion. This is a war between antivirus companies and malware creators. And every day evolving malware techniques may compromise pcs where antiviruses find another technique to defend against them. This war always goes on. But what i mention here is: by using reputation system,if we try to block every download site where malwares may exist and where reputation values are low, then this would look like this: “this tree has lots of apples and falling on our heads (reputation value is low,i mean) , and we must cut this tree. That tree has some apples on it, it hasn’t so much risk to fall on our heads (reputation value is little higher). So we don’t need to cut it. “ If we block every low reputation download sites to lower the risks of pcs’ being “injured” instead of evolving av techniques to fight with malwares on pcs’ by using real time protection of avs, if we become over-protective by blocking even download sites, then where is the freedom of surfing in internet? Block it, because it spreads malicious downloads, block that, it distributes malicious downloads, block this, block that, in the end, we come to a point that almost all download sites where malicious downloads may exist , were blocked. In my point of view, if there is no other risk, if it’s JUST because a download site has malicious downloads and if there is no other security-related reason, then let kaspersky real time protection detect the threats. Why are you afraid, why are you so protective? (by saying “you”,i meant Kaspersky team) This over-protective manner just helps “preventing freedom of surfing”. We may think different about this subject, but there is no use to block simple download sites,in my point of view, if there are no other security related reasons rather than just having malicious downloads. Sincerely..

Hello @maxmathew, Welcome back! Nothing is static, websites evolve all the time, sometimes not in a good way: If you disagree with the analysis, it would be best to continue with the Kaspersky Technical Team, using the case you already logged, explain to them you don’t understand, ask them to explain again? Thank you🙏 Flood🐳+🐋 Thank you for your answer. I agree with you. Nothing is static, websites evolve all the time, but not all websites evolve. Since more than 10 years, that website’s appearence never changed. If there were any changes, this would be obvious even from its appearence,too, even if i ignore checking the website’s source code. Thank you for your advice. Maybe i do that, maybe i don’t. Because in every conflict of antiviruses’ working style,if i would write to technical department, my messages would be more than 200 maybe to technical department. I will think of it. I just wanted to learn your opinions, that’s why i wrote here.. thank you for yuor answer. How did you come to this conclusion that it was a good site in the past, and now it’s bad? 🙂 I have been using this site maybe more than 10 years, and it had sometimes malicious codes in their downloads during more than 10 years. My point is not this point. I just tell that scope of Web Antivirus protection component must not include the websites where downloads may have malicious things sometimes. This mustn’t be Web Antivirus’s mission. Kaspersky Antivirus protection components related with real time (file antivirus, system watcher, maybe we can include application control,too,--> web antivirus component is different, related with browser security) already does these works of removing threats. If they load the mission of blocking sites where malicious downloads may exist, then Web Antivirus must include all download sites, upload sites where malicious downloads might exist, and this would be a huge conflict which to choose for blocking. for example: mega.nz upload site, there are many downloads, there, too, and time to time those downloads may have malicious codes in them, whoever knows what kind of things the people uploaded. Why is Web Antivirus component not blocking those sites then? This mustn’t be Web Antivirus’s mission to do that,i just say this point. And oceanofgames.com have games downloaded in it, and of course there may be some downloads (and there were) which are malicious, but just because of this reason, Web Antivirus protection component mustn’t include this site in blocking list. phishing websites, the websites which may compromise client pcs in a dangerous way using javascript codes, or dangerous links, ...etc these kind of sites must be the scope of Web Antivirus module. oceanofgames.com is just a download site and as far as i see, never changed more than 10 years. and it wasn’t in the blocking list more than 10 years, what changed ? This is really ridiculous, i just pointed this point.. Anyway, take care.. Sincerely..

Hi, I really wonder why is “oceanofgames.com” blocked in Web Antivirus protection component in recent times? I have been entering this site maybe more than 10 years, and it wasn’t being blocked up to recent times. I submitted that address to reanalyze this site in opentip.kaspersky.com and they opened a ticket for reanalysis to communicate via email. They reanalyzed and they wrote me via my email “Blocking this url is correct”. I told them that this site’s being blocked was suspicious in my point of view, i said: because i have been entering this site for a long time and it wasn’t in the blocking list up to recent times maybe more than 10 years. And i added that i would like to see their analyze reports,too, if this was possible for them. They answered me : “According to our statistics, malware was distributed from this resource.”. This answer looked really weird to me. Because the scope of Web Antivirus protection mechanism must not be in the length of blocking the sites where there can be malicious downloads. Web Antivirus must block the phishing sites, for example, the sites which can lower down the security of connected clients via dangerous links, via javascript codes, … etc. These kind of dangerous sites must be in the scope of web antivirus protection mechanism. If the scope of Web Antivirus protection mechanism is expanded to a length to blocking the sites where there can be malicious downloads, then Web Antivirus must block all legitimate or unlegitimate download sites where malicious downloads may exist. This is ridiculous in my opinion.. Because for example: github.com has malicious downloads ,too, but Web Antivirus allows it. Why? Or some download sites may include programs which may have malicious codes. I couldn’t remember their names to give an example right now :), The scope of Web Antivirus protection mechanism must not include the sites where there can be malicious downloads. Kaspersy Antivirus protection mechanism already does this work. When we try to download a file which may have malicious codes in it, Kaspersky scans all files being downloaded, executed in real time. But Kaspersky Antivirus protection module doesn’t find phishing web sites, for example. This is Web Antivirus’s responsibility. Do you understand what i try to mean? I really don’t understand this point about why oceanofgames.com is blocked.. If somebody could clarify this subject,i would be glad. Sincerely..

Hi, I have downloaded your attachment now and I scanned your file with KIS - 21.2.16.590 (a) version, and detected nothing malicious, says “safe”. And i analyzed with analyze.intezer.com site and in dynamic execution part, only found one suspicious packed process, and only in that process, found some malicious codes named “malicious packer” and “ evrial” and as a result of scan Intezer says “unknown” - “unique code”. The problem about KIS seems got solved for your file. I just wanted to inform you.. Best wishes Edit: I didn’t read your post carefully, sorry, i think this file was the obfuscated,merged,anti-reflected,anti-tampered one. :) You can check your original file time to time with kaspersky , after “kaspersky whitelist” solution they suggested.

Hi, If you come to the point that you will reinstall windows 10 :) , I will advise you : after installing windows 10 and upgrading windows 10 processes, before installing any program, just install Kaspersky and for 2-3 days long , please do not install anything, and look if any network attack notification will pop up or not. 1- If no network attack notification occurs (in my opinion most probably this will happen in this way,i mean no notifications will show up) , This means, that was something related with installed programs. 2- If attack notifications pop up again, then the possibility of being attacked becomes higher then. But in my opinion first option will happen. Then whenever you install a program , just install one by one and wait for 2-3 days, do not install altogether, so that you may understand :if network notifications appear again, then highest possibility is that that application was the cause of those notifications.. ;) Anyway, i hope your problem will be solved.. Take care.. Sincerely..

Hi, According to your post, this “network attack” notifications has been happening for a long time you said. Do you remember if you installed a new program or not before this “network attack” notification began .. ? Even if you were being attacked by port scans, this doesn’t take for a long time, doesn’t take especially for months. This must be something related with installed programs or likewise.. Maybe you installed a program or a game maybe, and the game or program’s connection tries are being detected as “network scan” or something like that.. I would advise you to search your installed programs and one by one uninstall them, and in every uninstallation time, investigate when these attack notifications stop.. I can advise you in this way.. Or you can format your pc and reinstall Win10, this will most probably solve your problem.. :) Sincerely..

hello, Your question is not related with Kaspersky Internet Security, but i wondered and looked up the page (hmms.org), everytime i try to enter that page, it sends me to different servers starting with “ww7.hmms.org” or mostly “ww12.hmms.org”. That site is not an available address,i think. In searches, not all the time it finds available pages, sometimes these kind of links can be seen ,too.. Best wishes

Hi, I had given a feedback/suggestion to Support and the Support replied to me today. I wanted to inform you about this subject. (I translated from Turkish to English) The reply is: “ Thank you for contacting Kaspersky Lab's Technical Support Team. According to the response from our programmers, your proposal was saved in the system and forwarded to the program developers to work on it. Thank you. ” In future versions,i hope this suggestion will be applied.. Sincerely

By the way, i gave a feedback /suggestion to Support for Kaspersky so that even in automatic mode Kaspersky will give warning to users for their decisions for low and high restricted applications to connect to network or not.. If this is done by Kaspersky, then no RAT-like applications will be able to bypass Kaspersky protection without user knowledge.. Best regards

Hello, I read this topic and i wanted to give little info for max protection in Kaspersky Internet Security. In first attachment “settings for max protection 00.jpg”, in low restricted and high restricted parts, in network column, you will see that network connection is question mark and when we click on it, it writes in the bottom: “” you will be prompted for a decision if the “perform recommend actions automatically” check box is cleared (Settings window, the General section). If this check box is selected,the executable file is allowed to perform the action. ”” . If we choose “perform recommended actions automatically” , then the network connection will be allowed for low restricted and high restricted applications if i didn’t misunderstand, of course if no malign actions are detected by kaspersky. As far as we know, rat programs can be used for good purposes or for bad purposes. This is like a knife: we can use that knife for kitchen works for good intentions, or we can kill a person with that knife,too, for bad purposes. 🙂 Rat programs are like that. If we want to be protected maximum by kaspersky, then we must uncheck “perform recommended actions automatically” check box as in the attachment “settings for max protection 01.jpg”.. Of course, for not technical users, this option can be a little pain, because every low restricted , high restricted applications will give a warning for your decision, but low restricted and high restricted programs cannot use network without your knowledge in this way.. and most probably, that hacker wouldn’t be able to penetrate in his pc, in this way.. By the way, in fact, while we are using kaspersky with “perform recommended actions automaticaly” option, this network connection for low and high restricted applications can be made by kaspersky team in a way so that kaspersky asks users for their decisions,too, for max protection..I hope in future versions, this situation will be considered by kasperky.. I forgot to say,that’s why i edited, of course, if a user wants to use kaspersky in automatic mode and if a user doesn’t want low and high restricted programs to use his network, then in application manager, manage applications part, that user can adjust low restricted and high restricted parts from “question mark” to “deny” so that low and high restricted applications won’t use network. This is an option,too. :) Best wishes..

Hello, Flood Thank you for information you provided. I hope they increase “browser configuration” capability for all browsers in soon future,in future versions.. The products must renew some features according to recent conditions of life, to be updated so that they can be competing with other friendly rivals. This is always so in life. They are little bit late in renewing this feature “browser configuration”.. :) I’m happy that they are aware of the issue.. Thanks for info again.. Best wishes..

Andrew, thanks for your answer.. 🙂 Wouldn’t it be better to increase the detection capability for all browsers in future versions of Kaspersky? why only in Internet explorer? does this have a special reason for that? ;) Nowadays, we don’t even use IE so much, there are many browsers on market.. And IE is not so popular in recent times. Chrome is used more, for example.. Browser configurations in all browsers would be better in my opinion.. Sincerely

I forgot to add attachments. :)

Hello, There is a question in my mind which stuck. As you see in attachments, in Kaspersky’s “browser configuration” part, it writes “helps securely configure Internet explorer”. and in “pc cleaner” part, it writes “helps you delete unnecessary applications and inside of it, it says “detect applications and browser extensions that were installed or modified by mistake or without your knowledge.We will help you delete or fix them in order to protect your data”. In browser configuration part ,does Kaspersky only detect in IE or in all browsers? if it detects only in IE, then does this mean that pc cleaner just works for IE? My mind got little confused about this subject. I know that Kaspersky protects all browsers as protection, but in these 2 parts, it’s not so clear about which browser or browsers it detects. And if “browser configuration” only detects in IE, wouldn’t it be better to increase its detection capability for all browsers? 🙂 Thanks for your reply from now.. Sincerely

hi, harlan4096, at least this report interface looks better than now. But in KIS 2020, i got used to see that report view and it was more userfriendly and more simple, in my opinion. Some people may like detailed reports, some people may like simple reports as i like,too. 🙂 Wouldn’t it be better to switch between 2 modes (simple (as in KIS 2020), detailed (as in KIS 2021) modes) ? 🙂 The users would use the mode they like.. 🙂 I wish they see my suggestion, and they change it to dual mode in report interface in the future.. Sincerely..