Jump to content

Pica

Members
  • Posts

    24
  • Joined

  • Last visited

Reputation

5 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. HW manufacturer's bundled software is buggy as a general rule, odd because they're the vendors for both the harware and the software so they should know best how to design software for their hardware. Someone at the Russian language forum noticed that this vital executable is classified as a trojan, after analyzing the traces he enabled. Normally that would count as a false positive, but the user is left completely ignorant of all this. There's not a single alert or anything unusual logged, the exe is still as trusted by KIS as ever. So since what we have is most likely just a program vulnerability, I 100% agree that Kaspersky shouldn't take an aggressive stance toward this file. They can notify the end user about its risky nature, but it should never be blocked without the users consent. Even if installing a new version of AiSuite3 or Armory Crate fixes this issue, how does that help those who have atkexComSvc.exe normally running in their systems but without those two other programs? I've looked into it but it's still unclear what all the places this exe comes from are and what it does, I know for certain I've never had AiSuite or the others installed. Some of these ASUS drivers such as AsIO.sys (that's usually found on newer computers with ASUS mobos) might be installed from the board firmware, some may come from driver CDs. It's difficult to keep track of these files and what should be safe to disable should an AV flag them as risky. My version of this exe is old, and there's no way to get a newer version of it without installing ASUS programs that I don't want. The installers could be unpacked, but that's probably more trouble than it's worth.
  2. Do these vulnerabilities show up in the vulnerability scan at all? atkexComSvc.exe does not, but the scope of that scan is "installed applications" so it's possible it goes under the radar. I do hope that this promised fix will also apply to this exe, it must be even more widespread than AiSuite or other ASUS applications if it's installed from ASUS driver bundles. increased error logging at boot is not welcome, that would be the minimum impact of this executable's blocking.
  3. Do these vulnerabilities show up in the vulnerability scan at all? atkexComSvc.exe does not, but the scope of that scan is "installed applications" so it's possible it goes under the radar. I do hope that this promised fix will also apply to this exe, it must be even more widespread than AiSuite or other ASUS applications if it's installed from ASUS driver bundles. increased error logging at boot is not welcome, that would be the minimum impact of this executable's blocking.
  4. The cause doesn't seem like a false positive detection because there are no unusual traces in KIS logs whatsoever, even the atkexComSvc.exe classification has stayed the same. Still fully trusted, signatures too. It would be interesting to know why KIS has decided to target this exe, and what module. But it's understandable if this information is never made public, the intricate workings of an antivirus software must remain a secret to malicious parties. Like I wrote, I'm not using any ASUS software so there's nothing to uninstall (except KIS) - this exe is not installed software, but instead it's launched at startup by an ASUS service. The only way to "unistall" it is to manually disable the service, delete its registry entries and finally delete the files themselves. If this issue never gets fixed officially I'll settle for disabling the service since it doesn't seem like an important one. Interestingly, AsSysCtrlService.exe is unaffected by this, it runs an "ASUS system control service" in the background, and this one must be the more vital one of the two for interactions between the mobo and OS.
  5. Databases are up to date, computer fully power cycled (off+boot). Issue is still present. Windows fast start is not enabled. No point in constant power cycling unless we get an official confirmation that a fix has been submitted to public update servers. And it should be too, ASUS software is too popular for Kaspersky to ignore. You will lose a lot of customers to Bitdefender unless this is fixed for good.
  6. And it's worth noting that atkexComSvc.exe can't just be reinstalled like you would AiSuite, it's always bundled with their other softwares. It may be possible to disable this service, at your own risk. I don't know how vital it is but since it's currently being blocked from starting and isn't running in the background, it probably isn't needed for everyday use. However, if you use system monitoring programs or want to use ASUS motherboard firmware updating tools (such as the Intel ME tool that they released a few years ago) you may actually need this running. Installing AiSuite in an attempt to get a new version of this exe is no solution for those who don't want the software at all, in case someone seriously suggests it. AiSuite is also notoriously hard to uninstall cleanly.
  7. I knew it. Today when perusing the Windows 10 reliability history, I saw that atkexComSvc.exe (a piece of software that is installed as a service when you install AiSuite or chipset drivers from an ASUS CD etc) had failed to launch at boot. The last database updates were done on the 9th-10th of this month, but I only noticed this issue now when the system was booted. I don't even have AiSuite or any other ASUS software installed (nor have I ever) except for this executable which must've come from the drivers CD, I don't know for sure since this PC was built and prepped by a store. This file is needed by AiSuite and other ASUS software, so it's no wonder why they're malfunctioning now...
  8. The “Do Not Remind Me Again” option appeared on the third popup. It’s possible you need to click “Remind Me Later” a few times for that to happen.
  9. So after my current license became active, I’ve been getting these “Sign-in to Kaspersky” popups soon after booting. My program version has stayed the same at 21.3.10.391(h). The “Do not remind me again” (or “ignore”) option which has been discussed before in closed topics is not there. I understand Kaspersky wants everyone to create an account which has been mandatory for most of their competing products for a while, but until the day that it actually becomes mandatory for KIS, I’d prefer if I could shut those popups down for good.
  10. If I understand this sentence correctly, this file will be added to the list of trusted programs. Regards. Thanks. The detection connection may be a simple false positive, or perhaps the file has been used in an attack before because it was unsigned.
  11. The sha1 hash for the first file with issue: 09413d72fc4215f6d0e4b7e83b6fc2ed3c7e71d4 And for the second: 6f4980b379c975db1643d848882f81f1612a2b9b Path is C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.16.13405.0_x64__8wekyb3d8bbwe Windows keeps a few older versions of UWP apps in storage, new versions won’t overwrite the old. The files seem to be unsigned, which is not that uncommon for legit Windows files. But I’ve never had a KIS warning in logs about verification errors with other unsigned files, KIS would simply report that their signatures are missing and determine security restrictions based on other factors.
  12. Ever since Windows Store was udpated to its Win11 equivalent with a bunch of updates for pre-installed apps, this component of desktop app installer gets categorized as restricted because its signature can’t be verified. I’m apparently not the only one with this issue because every version of this file released since is classed 100% restricted at the KSN. Is this issue at Microsoft’s end or Kaspersky’s? KIS 21.3.10.391(g), Windows 10.
  13. See if you have the writing of traces enabled. Check “Support/Support Tools”.
  14. The clean-boot tutorial instructs to disable all 3rd party services, including KIS. It would only prove if there’s something in the system that is dragging down performance independently of KIS. If we wanted to find out if something in the system is influencing KIS, then it should be left running. The challenge would then be to find out just what KIS is doing during the activity. If there’s also some disk writing/reading going on, it would provide a hint. Mike K’s cursor blinking implied that a video driver may have been involved. It’s possible that the high load others in this thread have seen has to do with KIS’s system watcher or file antivirus functions. Whenever there’s high activity in the system KIS’s own CPU load starts to rise along with it, especially in the case of “demanding” operations such as Microsoft Office updates, and those seem to happen daily. I’ve witnessed Office updates paralyzing a very slow pre-Ryzen laptop, and on top of that there was KIS’s monitoring activity resulting in a 100% CPU load.
  15. I forgot the most important detail: the added CPU load persists until reboot/shutdown. If this is by design, then there’s something amiss with that design.
×
×
  • Create New...