Jump to content

maxmathew

Members
  • Posts

    46
  • Joined

  • Last visited

    Never

Everything posted by maxmathew

  1. First, web-antivirus has a Website Reputation Database, if a website have a many malicious url which has been detected by kaspersky, This website will be blocked. It is a normal threats response. mega.nz is a download and file share website, the resources stored on this website are diverse. The reputation value of this type of file sharing website may be much higher than that of the website you mentioned, so it will not be blocked after a few malicious links are discovered. Regards. Thank you for the information you gave. But I gave these examples (mega.nz, github.com,...) to indicate that blocking simple download sites just because of the fact that the reputation system shows malware is distributed, is a wrong system,in my opinion. This is a war between antivirus companies and malware creators. And every day evolving malware techniques may compromise pcs where antiviruses find another technique to defend against them. This war always goes on. But what i mention here is: by using reputation system,if we try to block every download site where malwares may exist and where reputation values are low, then this would look like this: “this tree has lots of apples and falling on our heads (reputation value is low,i mean) , and we must cut this tree. That tree has some apples on it, it hasn’t so much risk to fall on our heads (reputation value is little higher). So we don’t need to cut it. “ If we block every low reputation download sites to lower the risks of pcs’ being “injured” instead of evolving av techniques to fight with malwares on pcs’ by using real time protection of avs, if we become over-protective by blocking even download sites, then where is the freedom of surfing in internet? Block it, because it spreads malicious downloads, block that, it distributes malicious downloads, block this, block that, in the end, we come to a point that almost all download sites where malicious downloads may exist , were blocked. In my point of view, if there is no other risk, if it’s JUST because a download site has malicious downloads and if there is no other security-related reason, then let kaspersky real time protection detect the threats. Why are you afraid, why are you so protective? (by saying “you”,i meant Kaspersky team) This over-protective manner just helps “preventing freedom of surfing”. We may think different about this subject, but there is no use to block simple download sites,in my point of view, if there are no other security related reasons rather than just having malicious downloads. Sincerely..
  2. Hello @maxmathew, Welcome back! Nothing is static, websites evolve all the time, sometimes not in a good way: If you disagree with the analysis, it would be best to continue with the Kaspersky Technical Team, using the case you already logged, explain to them you don’t understand, ask them to explain again? Thank you🙏 Flood🐳+🐋 Thank you for your answer. I agree with you. Nothing is static, websites evolve all the time, but not all websites evolve. Since more than 10 years, that website’s appearence never changed. If there were any changes, this would be obvious even from its appearence,too, even if i ignore checking the website’s source code. Thank you for your advice. Maybe i do that, maybe i don’t. Because in every conflict of antiviruses’ working style,if i would write to technical department, my messages would be more than 200 maybe to technical department. I will think of it. I just wanted to learn your opinions, that’s why i wrote here.. thank you for yuor answer. How did you come to this conclusion that it was a good site in the past, and now it’s bad? 🙂 I have been using this site maybe more than 10 years, and it had sometimes malicious codes in their downloads during more than 10 years. My point is not this point. I just tell that scope of Web Antivirus protection component must not include the websites where downloads may have malicious things sometimes. This mustn’t be Web Antivirus’s mission. Kaspersky Antivirus protection components related with real time (file antivirus, system watcher, maybe we can include application control,too,--> web antivirus component is different, related with browser security) already does these works of removing threats. If they load the mission of blocking sites where malicious downloads may exist, then Web Antivirus must include all download sites, upload sites where malicious downloads might exist, and this would be a huge conflict which to choose for blocking. for example: mega.nz upload site, there are many downloads, there, too, and time to time those downloads may have malicious codes in them, whoever knows what kind of things the people uploaded. Why is Web Antivirus component not blocking those sites then? This mustn’t be Web Antivirus’s mission to do that,i just say this point. And oceanofgames.com have games downloaded in it, and of course there may be some downloads (and there were) which are malicious, but just because of this reason, Web Antivirus protection component mustn’t include this site in blocking list. phishing websites, the websites which may compromise client pcs in a dangerous way using javascript codes, or dangerous links, ...etc these kind of sites must be the scope of Web Antivirus module. oceanofgames.com is just a download site and as far as i see, never changed more than 10 years. and it wasn’t in the blocking list more than 10 years, what changed ? This is really ridiculous, i just pointed this point.. Anyway, take care.. Sincerely..
  3. Hi, I really wonder why is “oceanofgames.com” blocked in Web Antivirus protection component in recent times? I have been entering this site maybe more than 10 years, and it wasn’t being blocked up to recent times. I submitted that address to reanalyze this site in opentip.kaspersky.com and they opened a ticket for reanalysis to communicate via email. They reanalyzed and they wrote me via my email “Blocking this url is correct”. I told them that this site’s being blocked was suspicious in my point of view, i said: because i have been entering this site for a long time and it wasn’t in the blocking list up to recent times maybe more than 10 years. And i added that i would like to see their analyze reports,too, if this was possible for them. They answered me : “According to our statistics, malware was distributed from this resource.”. This answer looked really weird to me. Because the scope of Web Antivirus protection mechanism must not be in the length of blocking the sites where there can be malicious downloads. Web Antivirus must block the phishing sites, for example, the sites which can lower down the security of connected clients via dangerous links, via javascript codes, … etc. These kind of dangerous sites must be in the scope of web antivirus protection mechanism. If the scope of Web Antivirus protection mechanism is expanded to a length to blocking the sites where there can be malicious downloads, then Web Antivirus must block all legitimate or unlegitimate download sites where malicious downloads may exist. This is ridiculous in my opinion.. Because for example: github.com has malicious downloads ,too, but Web Antivirus allows it. Why? Or some download sites may include programs which may have malicious codes. I couldn’t remember their names to give an example right now :), The scope of Web Antivirus protection mechanism must not include the sites where there can be malicious downloads. Kaspersy Antivirus protection mechanism already does this work. When we try to download a file which may have malicious codes in it, Kaspersky scans all files being downloaded, executed in real time. But Kaspersky Antivirus protection module doesn’t find phishing web sites, for example. This is Web Antivirus’s responsibility. Do you understand what i try to mean? I really don’t understand this point about why oceanofgames.com is blocked.. If somebody could clarify this subject,i would be glad. Sincerely..
  4. Hi, I have downloaded your attachment now and I scanned your file with KIS - 21.2.16.590 (a) version, and detected nothing malicious, says “safe”. And i analyzed with analyze.intezer.com site and in dynamic execution part, only found one suspicious packed process, and only in that process, found some malicious codes named “malicious packer” and “ evrial” and as a result of scan Intezer says “unknown” - “unique code”. The problem about KIS seems got solved for your file. I just wanted to inform you.. Best wishes Edit: I didn’t read your post carefully, sorry, i think this file was the obfuscated,merged,anti-reflected,anti-tampered one. :) You can check your original file time to time with kaspersky , after “kaspersky whitelist” solution they suggested.
  5. Hi, If you come to the point that you will reinstall windows 10 :) , I will advise you : after installing windows 10 and upgrading windows 10 processes, before installing any program, just install Kaspersky and for 2-3 days long , please do not install anything, and look if any network attack notification will pop up or not. 1- If no network attack notification occurs (in my opinion most probably this will happen in this way,i mean no notifications will show up) , This means, that was something related with installed programs. 2- If attack notifications pop up again, then the possibility of being attacked becomes higher then. But in my opinion first option will happen. Then whenever you install a program , just install one by one and wait for 2-3 days, do not install altogether, so that you may understand :if network notifications appear again, then highest possibility is that that application was the cause of those notifications.. ;) Anyway, i hope your problem will be solved.. Take care.. Sincerely..
  6. Hi, According to your post, this “network attack” notifications has been happening for a long time you said. Do you remember if you installed a new program or not before this “network attack” notification began .. ? Even if you were being attacked by port scans, this doesn’t take for a long time, doesn’t take especially for months. This must be something related with installed programs or likewise.. Maybe you installed a program or a game maybe, and the game or program’s connection tries are being detected as “network scan” or something like that.. I would advise you to search your installed programs and one by one uninstall them, and in every uninstallation time, investigate when these attack notifications stop.. I can advise you in this way.. Or you can format your pc and reinstall Win10, this will most probably solve your problem.. :) Sincerely..
  7. hello, Your question is not related with Kaspersky Internet Security, but i wondered and looked up the page (hmms.org), everytime i try to enter that page, it sends me to different servers starting with “ww7.hmms.org” or mostly “ww12.hmms.org”. That site is not an available address,i think. In searches, not all the time it finds available pages, sometimes these kind of links can be seen ,too.. Best wishes
  8. Hi, I had given a feedback/suggestion to Support and the Support replied to me today. I wanted to inform you about this subject. (I translated from Turkish to English) The reply is: “ Thank you for contacting Kaspersky Lab's Technical Support Team. According to the response from our programmers, your proposal was saved in the system and forwarded to the program developers to work on it. Thank you. ” In future versions,i hope this suggestion will be applied.. Sincerely
  9. By the way, i gave a feedback /suggestion to Support for Kaspersky so that even in automatic mode Kaspersky will give warning to users for their decisions for low and high restricted applications to connect to network or not.. If this is done by Kaspersky, then no RAT-like applications will be able to bypass Kaspersky protection without user knowledge.. Best regards
  10. Hello, I read this topic and i wanted to give little info for max protection in Kaspersky Internet Security. In first attachment “settings for max protection 00.jpg”, in low restricted and high restricted parts, in network column, you will see that network connection is question mark and when we click on it, it writes in the bottom: “” you will be prompted for a decision if the “perform recommend actions automatically” check box is cleared (Settings window, the General section). If this check box is selected,the executable file is allowed to perform the action. ”” . If we choose “perform recommended actions automatically” , then the network connection will be allowed for low restricted and high restricted applications if i didn’t misunderstand, of course if no malign actions are detected by kaspersky. As far as we know, rat programs can be used for good purposes or for bad purposes. This is like a knife: we can use that knife for kitchen works for good intentions, or we can kill a person with that knife,too, for bad purposes. 🙂 Rat programs are like that. If we want to be protected maximum by kaspersky, then we must uncheck “perform recommended actions automatically” check box as in the attachment “settings for max protection 01.jpg”.. Of course, for not technical users, this option can be a little pain, because every low restricted , high restricted applications will give a warning for your decision, but low restricted and high restricted programs cannot use network without your knowledge in this way.. and most probably, that hacker wouldn’t be able to penetrate in his pc, in this way.. By the way, in fact, while we are using kaspersky with “perform recommended actions automaticaly” option, this network connection for low and high restricted applications can be made by kaspersky team in a way so that kaspersky asks users for their decisions,too, for max protection..I hope in future versions, this situation will be considered by kasperky.. I forgot to say,that’s why i edited, of course, if a user wants to use kaspersky in automatic mode and if a user doesn’t want low and high restricted programs to use his network, then in application manager, manage applications part, that user can adjust low restricted and high restricted parts from “question mark” to “deny” so that low and high restricted applications won’t use network. This is an option,too. :) Best wishes..
  11. Hello, Flood Thank you for information you provided. I hope they increase “browser configuration” capability for all browsers in soon future,in future versions.. The products must renew some features according to recent conditions of life, to be updated so that they can be competing with other friendly rivals. This is always so in life. They are little bit late in renewing this feature “browser configuration”.. :) I’m happy that they are aware of the issue.. Thanks for info again.. Best wishes..
  12. Andrew, thanks for your answer.. 🙂 Wouldn’t it be better to increase the detection capability for all browsers in future versions of Kaspersky? why only in Internet explorer? does this have a special reason for that? ;) Nowadays, we don’t even use IE so much, there are many browsers on market.. And IE is not so popular in recent times. Chrome is used more, for example.. Browser configurations in all browsers would be better in my opinion.. Sincerely
  13. Hello, There is a question in my mind which stuck. As you see in attachments, in Kaspersky’s “browser configuration” part, it writes “helps securely configure Internet explorer”. and in “pc cleaner” part, it writes “helps you delete unnecessary applications and inside of it, it says “detect applications and browser extensions that were installed or modified by mistake or without your knowledge.We will help you delete or fix them in order to protect your data”. In browser configuration part ,does Kaspersky only detect in IE or in all browsers? if it detects only in IE, then does this mean that pc cleaner just works for IE? My mind got little confused about this subject. I know that Kaspersky protects all browsers as protection, but in these 2 parts, it’s not so clear about which browser or browsers it detects. And if “browser configuration” only detects in IE, wouldn’t it be better to increase its detection capability for all browsers? 🙂 Thanks for your reply from now.. Sincerely
  14. hi, harlan4096, at least this report interface looks better than now. But in KIS 2020, i got used to see that report view and it was more userfriendly and more simple, in my opinion. Some people may like detailed reports, some people may like simple reports as i like,too. 🙂 Wouldn’t it be better to switch between 2 modes (simple (as in KIS 2020), detailed (as in KIS 2021) modes) ? 🙂 The users would use the mode they like.. 🙂 I wish they see my suggestion, and they change it to dual mode in report interface in the future.. Sincerely..
  15. Hi, Nexon, That’s why i had suggested dual mode in report interface in my post “report interface has been redone”. This report interface is very complex to be seen. In KIS 2020, it was more visual and more target-focus. This report is not handy,in my opinion.. Best regards
  16. Hello, Flood wanted me to update this topic. :) After patch b, all button unvisibility problems and “report interface wasn’t seen as it must be seen” problem got solved. They are all fixed now in my pc.. Thanks to kaspersky team.. Best wishes..
  17. Hi, I had button invisibility problems and report interface was not seen regularly. After patch b, they are all fixed now, thanks to god. :) All problems are solved.. I wanted to inform you from here, gentlemen.. Best wishes..
  18. Hello, The Support replied me: Dear user, Our producer Department states that bug work has been started on this situation. This is expected to be corrected in future updates. Thank you for the information you provided and the understanding you showed. The Support’s last reply was in this way.. I thanked to them in my reply. I hope this fix is applied in very soon future.. By the way, I thank you,too, for your patience,replies and concerns.. Best wishes..
  19. hello, The Support replied me: Dear user, 1) Our producers point out that the situation may be due to your system. 2) You mentioned that you installed it in VMware, is the same situation happening on your host machine? 3) In VMware, please change the system settings to English: Settings-Time & Language - Language, check status. 4)Please check the status on the new Windows user account on your virtual machine. My answer (translated from yandex translator,i couldn’t write all these again in English, sorry,i just corrected some translation problems :) ) : 1) if its reason is from my system, why does the virtual machine look the same? It can't be a software conflict or a problem, because virtual machines have an isolated environment. It uses only the same hardware; it installs its own drivers for the same hardware while installing the operating system within the virtual machine. Settings on the main pc, installed software, or any software problems that may occur on main pc do not affect the virtual machine. Even if we don't consider the virtual machine, if it's a problem with my system, I sent you the GSI reports, The trace reports. Can't you work out what the problem is by studying those reports? As far as I'm concerned, some computers with certain hardware seem to have problems in the phase of software coding that could cause problems in KIS 2021. Because I do not have any hardware problems on my computer, they all work properly, if we look at the softwares in my pc as a software conflict, even if there were problems on main pc, on the virtual machine then this situation should not have happened. I also removed Webroot, Zemana, and Malwarebytes from the host, which may be a problem, and did all the necessary steps which you mentioned. If the result hasn't changed, then wouldn't it be more accurate to re-examine the program code than to search a problem on my pc? I don’t know if the this problem facer is only me, but it would also be a good idea to have a PC that has the same hardware features of my pc and the same brand of my pc and you can also try it on another computer that has the same hardware features,just to examine this situation, if you have an opportunity to do so... thank you... 2) on VMware I had installed KIS2021 English version and later i installed Turkish version of KIS 2021 and on the main machine I installed the latest English, and aaccording to your request,i installed Turkish version of KIS 2021. The button problems and “report interface does not appear as requested” problem in both the main machine and on VMWare , on both versions (English,Turkish of KIS 2021) exist. 3) I looked at the setting you said in WMware, the default application language is set to Turkish. I just did it in English, like you said. The change of the language settings does not affect the button problems already, but I tried to do what you say, there is no changing situation. 4) I am already in the administrator account on the Virtual Machine. I don't think this will change even if I create a new account, but I did what you said and opened the KIS 2021 interface from the account I created and the problematic buttons remain invisible still. I'm sending you its picture in the attachment. Kindest regards I wanted to inform you about what happened up to this hour.. I began not to think this problem will be solved in my pc. The producers think the problem is at my pc, but they can’t even find what the problem is and can’t even solve the problem if it’s from my system. This is ironic situation of them.. Anyway.. If i get an answer,i inform from here.. Best wishes..
  20. Hello, The Support wanted me to do these: 1) Please install Turkish version from which we sent its link. 2) please create a new GSI report and please send it to us. 3) please create new traces report. To disable traces report: Boot system in safe mode > run regedit (Registry) and go to> HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\AVP21.1\Trace\Default set DriversLogEnable and TraceFileEnable to 0 I uninstalled KIS 2021 and installed its Turkish version and I sent new GSI report and traces report.I attached the files to here,too. For traces report, you can download from this link: https://yadi.sk/d/16QKXJb3tFIz2w I wanted to inform you about what happened up to this hour. :) Sincerely
  21. In the begining of my communication to Support, I gave a very detailed information to Support. They know all the details, andrew75.. I think, they first tried to eliminate these problematic issues in my pc, maybe they already knew these steps wouldn’t be a cure.. In the end, they will come to conclusion they must examine other areas (program codes) rather than my pc,i guess.. We will see what will happen.. :)
  22. Hello, Let me give the information about what happened : The support gave me some instructions to let me do them and to let me check if the application button problem gets fixed or not.. The instructions were: with http://media.kaspersky.com/utilities/ConsumerUtilities/kavremvr.exe tool , remove Kaspersky Internet Security and Kaspersky Secure Connection Uninstall Malwarebytes version 4.1.2.73 - 4.1.2.73, Webroot SecureAnywhere - 9.0.28.48, Zemana AntiMalware 3.2.27. Boot system in safe mode and please remove the following files: C:\WINDOWS\System32\drivers\gfiark.sys C:\WINDOWS\System32\drivers\trufos.sys C:\WINDOWS\System32\drivers\npf.sys Boot to normal mode, make sure there are no folders: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.1\ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.1 (1)\ Please update your operating system: https://www.microsoft.com/tr-tr/software-download/windows10 Install KIS 2021 and check the situation please. I did all of them exactly as they said. and the problem continues. We will see what Support will say after all :) I did all these in vain, lol, anyway.. I wanted to inform you.. Best wishes
  23. That stop button was missing as in the attachment. :) I uninstalled and reinstalled KIS 2021 just to be able to stop enable traces . :) Support will solve the problem, most probably,i guess.. I’ll keep informing from here, Flood.. Best wishes..
  24. Hello, Support wanted me to send them my GSI logs and wanted me to enable traces in support → support tools → enable trace button and requested me to restart computer and send them my trace report. The weird thing is: i couldn’t stop enable trace ,too, because that stop button was missing,too. lol. I again uninstalled and reinstalled KIS 2021 just to be able to stop enable traces. 🙂 In the end, it looks that Support will come to conclusion that because of my installed applications , this button problems occured, lol…Virtual machine has an isolated environment from main pc and the operating system in virtual machine cannot be bound to main pc’s settings,installations, only uses same hardware,that’s all. Why is this same problem in virtual machine,then, this is weird.. Anyway, i just wanted to inform you what happened up to now.. Best wishes..
×
×
  • Create New...