[Проверка соединений браузера, когда защита отключена]

По логике, когда защита отключена, никаких проверок быть не должно: максимум, что должен делать анти-вирус - это защищать себя (self-protection concept). 

Чтобы избежать этих неочевидных проверок соединений браузера, когда защита отключена, приходится вносить целевые браузеры в список исключений.

Прошу исправить эту ошибку и добавить явную опцию "Проверять сетевые соединения даже при отключенной защите", отключенную по умолчанию.

Проявляется в версиях 21.х.х для Windows [Version 10.0.22621.3155].

 

Благодарю за разработку и поддержку!

Радости, Счастья и Удовлетворённости! Ресурсов для благополучной жизни!)

[Security Cloud Web-Antivirus blocks AdGuard VPN extension]

OS & software are all up-to-date.

It is not browser problem, it is problem of KSC Web-Antivirus & any browser VPN extension interaction.

The right HTTPS chain can't be created: browser <-> VPN extension <-> KSC Web-Antivirus.

[Security Cloud Web-Antivirus blocks AdGuard VPN extension]

Security Cloud 21.3.10.391(j) blocks AdGuard VPN extension.

If KSC Exclusions are setup to exclude HTTPS traffic check for IP adresses: 0.0.0.0, 127.0.0.0, 192.168.0.0 for Opera browser and then applied - it hangs Kaspersky Anti-Virus Service, which begins to consume ~20-25% of CPU :

Description
The program avpui.exe version 21.3.12.434 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 Process ID: 413c
 Start Time: 01d905bbd868b8a4
 Termination Time: 27
 Application Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
 Report Id: 12723c1f-8045-4af8-8857-a2d3bbe9827d
 Faulting package full name: 
 Faulting package-relative application ID: 
 Hang type: Unknown

Remedy: Let AdGuard VPN program and/or browser extension to hook traffic and set connection earlier than KSC Web-Antivirus. After pause & resume KSC protection the problem disappeared / Disable Web-Antivirus in KSC.

It would be nice to have predefined setup presets for most popular VPN programs & browser extensions. It would be nice, that KSC scans & automatically adjusts such settings to be compatible & compliant with the software VPN providers, and shows notification to user about possible incompatibilities & problems.

Is it possible to make special exclusion page/option for browser extensions, where user can choose browser and extension and all the exclusions (don't check traffic of Chrome browser flowing via AdGuard VPN extension, for e.g.)?

 

 

Thank you for development & support.

Joy, Happiness and Satisfaction! Resources for prosperous life!)

[Too long memory check]

\Microsoft\Windows\Maps MapsUpdateTask via Scheduler might be temporary disabled, until ongoing MicroSoft patch.

[Too long memory check]

Seems bug in Microsoft MapsBingGeo service. Under this service was created 67000 the same BITS tasks. To delete these tasks you need to call “bitsadmin /reset”.

 

Thank you for development & support!

It helped, but I wonder why does it affect KVRT so dramatically?
And I wish you integrate automated telemetry and recovery (like ‘Waas Medic Agent‘ tends to be).

[Too long memory check]

Seems bug in Microsoft MapsBingGeo service. Under this service was created 67000 the same BITS tasks. To delete these tasks you need to call “bitsadmin /reset”.

Additionally BITS service should be restarted to remove all jobs.
 

C:\WINDOWS\system32>bitsadmin /list /allusers /verbose

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Listed 0 job(s).
 

[Too long memory check]

Seems bug in Microsoft MapsBingGeo service. Under this service was created 67000 the same BITS tasks. To delete these tasks you need to call “bitsadmin /reset”.

Looks like it barely helps? :

C:\WINDOWS\system32>bitsadmin /reset

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

C:\WINDOWS\system32> bitsadmin /list /allusers /verbose

...
 

        125296 / 125296 WORKING https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=10,1133,9898045,0 -> C:\ProgramData\Microsoft\MapData\\mapscache\BitsTemp\{B30C3DA0-C5DF-4E46-9978-C71C2A8464AA}.tmp
        77213 / 77213 WORKING https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=10,1133,39592177,0 -> C:\ProgramData\Microsoft\MapData\\mapscache\BitsTemp\{4C6476AD-9F67-4074-965A-B248C5C0FE5C}.tmp
        79610 / 79610 WORKING https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=10,1133,39592179,0 -> C:\ProgramData\Microsoft\MapData\\mapscache\BitsTemp\{E5B48F9C-529E-4AE5-B021-F808E2BA84E9}.tmp
        72212 / 72212 WORKING https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=10,1133,39592182,0 -> C:\ProgramData\Microsoft\MapData\\mapscache\BitsTemp\{F14CE86F-DF51-48AD-B312-DF39114E62B4}.tmp
NOTIFICATION COMMAND LINE: none
owner MIC integrity level: SYSTEM
owner elevated ?           true
This job is read-only to the current CMD window because the job's mandatory
integrity level of SYSTEM is higher than the window's level of HIGH.
Peercaching flags
         Enable download from peers      :false
         Enable serving to peers         :false

CUSTOM HEADERS: NULL

Listed 1 job(s).

 

[Too long memory check]

They absent, the only files are:

{6E749465-4698-4379-A20E-EE68B7E552E8}.tmp

{8BE12DE8-9BF9-45BA-B4E7-493F3D872C6B}.tmp

Ok, send them.

It’s impossible to attach files to personal message. 

[Too long memory check]

C:\ProgramData\Microsoft\MapData\mapscache\BitsTemp\{F14CE86F-DF51-48AD-B312-DF39114E62B4}.tmp
C:\ProgramData\Microsoft\MapData\mapscache\BitsTemp\{7822CED5-4B8E-4EE7-A538-7C1AE17CFD9A}.tmp

Please send to me a personal message with this files in the password protected archive.

They absent, the only files are:

{6E749465-4698-4379-A20E-EE68B7E552E8}.tmp

{8BE12DE8-9BF9-45BA-B4E7-493F3D872C6B}.tmp

[Too long memory check]

Please run the console under administrator and call “bitsadmin /list /allusers /verbose > C:\bits.log” command. It will probably take a long time like scanning of KVRT “System memory”. And send the resulting C:\bits.log file.

 

[Too long memory check]

And there is another strange behaviour of KVRT - it tends to write access to \Device\Harddisk0\DR0 and is blocked by Windows Defender.

[Too long memory check]

Hello.

Please provide traces https://support.kaspersky.com/15677

It would be nice to have automated telemetry in the tool.

The size of traces is huge 1.5Gb , though it is 7zipped into 9 volumes by 5Mb allowed here per attachment and zipped as .7z is prohibited.

[Too long memory check]

No traces, dir is empty.

[Too long memory check]

 

 

16Gb RAM was always checked for a few minutes, situation has changed due to recent Windows update to Windows 10 21H1 x64 to version 10.0.19043.1110 .

At the same time in VirtualBox guest Windows 10/11 there is no such problem.

FYI.