Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Pica

  1. HW manufacturer's bundled software is buggy as a general rule, odd because they're the vendors for both the harware and the software so they should know best how to design software for their hardware. Someone at the Russian language forum noticed that this vital executable is classified as a trojan, after analyzing the traces he enabled. Normally that would count as a false positive, but the user is left completely ignorant of all this. There's not a single alert or anything unusual logged, the exe is still as trusted by KIS as ever. So since what we have is most likely just a program vulnerability, I 100% agree that Kaspersky shouldn't take an aggressive stance toward this file. They can notify the end user about its risky nature, but it should never be blocked without the users consent. Even if installing a new version of AiSuite3 or Armory Crate fixes this issue, how does that help those who have atkexComSvc.exe normally running in their systems but without those two other programs? I've looked into it but it's still unclear what all the places this exe comes from are and what it does, I know for certain I've never had AiSuite or the others installed. Some of these ASUS drivers such as AsIO.sys (that's usually found on newer computers with ASUS mobos) might be installed from the board firmware, some may come from driver CDs. It's difficult to keep track of these files and what should be safe to disable should an AV flag them as risky. My version of this exe is old, and there's no way to get a newer version of it without installing ASUS programs that I don't want. The installers could be unpacked, but that's probably more trouble than it's worth.
  2. Do these vulnerabilities show up in the vulnerability scan at all? atkexComSvc.exe does not, but the scope of that scan is "installed applications" so it's possible it goes under the radar. I do hope that this promised fix will also apply to this exe, it must be even more widespread than AiSuite or other ASUS applications if it's installed from ASUS driver bundles. increased error logging at boot is not welcome, that would be the minimum impact of this executable's blocking.
  3. Do these vulnerabilities show up in the vulnerability scan at all? atkexComSvc.exe does not, but the scope of that scan is "installed applications" so it's possible it goes under the radar. I do hope that this promised fix will also apply to this exe, it must be even more widespread than AiSuite or other ASUS applications if it's installed from ASUS driver bundles. increased error logging at boot is not welcome, that would be the minimum impact of this executable's blocking.
  4. The cause doesn't seem like a false positive detection because there are no unusual traces in KIS logs whatsoever, even the atkexComSvc.exe classification has stayed the same. Still fully trusted, signatures too. It would be interesting to know why KIS has decided to target this exe, and what module. But it's understandable if this information is never made public, the intricate workings of an antivirus software must remain a secret to malicious parties. Like I wrote, I'm not using any ASUS software so there's nothing to uninstall (except KIS) - this exe is not installed software, but instead it's launched at startup by an ASUS service. The only way to "unistall" it is to manually disable the service, delete its registry entries and finally delete the files themselves. If this issue never gets fixed officially I'll settle for disabling the service since it doesn't seem like an important one. Interestingly, AsSysCtrlService.exe is unaffected by this, it runs an "ASUS system control service" in the background, and this one must be the more vital one of the two for interactions between the mobo and OS.
  5. Databases are up to date, computer fully power cycled (off+boot). Issue is still present. Windows fast start is not enabled. No point in constant power cycling unless we get an official confirmation that a fix has been submitted to public update servers. And it should be too, ASUS software is too popular for Kaspersky to ignore. You will lose a lot of customers to Bitdefender unless this is fixed for good.
  6. And it's worth noting that atkexComSvc.exe can't just be reinstalled like you would AiSuite, it's always bundled with their other softwares. It may be possible to disable this service, at your own risk. I don't know how vital it is but since it's currently being blocked from starting and isn't running in the background, it probably isn't needed for everyday use. However, if you use system monitoring programs or want to use ASUS motherboard firmware updating tools (such as the Intel ME tool that they released a few years ago) you may actually need this running. Installing AiSuite in an attempt to get a new version of this exe is no solution for those who don't want the software at all, in case someone seriously suggests it. AiSuite is also notoriously hard to uninstall cleanly.
  7. I knew it. Today when perusing the Windows 10 reliability history, I saw that atkexComSvc.exe (a piece of software that is installed as a service when you install AiSuite or chipset drivers from an ASUS CD etc) had failed to launch at boot. The last database updates were done on the 9th-10th of this month, but I only noticed this issue now when the system was booted. I don't even have AiSuite or any other ASUS software installed (nor have I ever) except for this executable which must've come from the drivers CD, I don't know for sure since this PC was built and prepped by a store. This file is needed by AiSuite and other ASUS software, so it's no wonder why they're malfunctioning now...
  8. The “Do Not Remind Me Again” option appeared on the third popup. It’s possible you need to click “Remind Me Later” a few times for that to happen.
  9. So after my current license became active, I’ve been getting these “Sign-in to Kaspersky” popups soon after booting. My program version has stayed the same at The “Do not remind me again” (or “ignore”) option which has been discussed before in closed topics is not there. I understand Kaspersky wants everyone to create an account which has been mandatory for most of their competing products for a while, but until the day that it actually becomes mandatory for KIS, I’d prefer if I could shut those popups down for good.
  10. If I understand this sentence correctly, this file will be added to the list of trusted programs. Regards. Thanks. The detection connection may be a simple false positive, or perhaps the file has been used in an attack before because it was unsigned.
  11. The sha1 hash for the first file with issue: 09413d72fc4215f6d0e4b7e83b6fc2ed3c7e71d4 And for the second: 6f4980b379c975db1643d848882f81f1612a2b9b Path is C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.16.13405.0_x64__8wekyb3d8bbwe Windows keeps a few older versions of UWP apps in storage, new versions won’t overwrite the old. The files seem to be unsigned, which is not that uncommon for legit Windows files. But I’ve never had a KIS warning in logs about verification errors with other unsigned files, KIS would simply report that their signatures are missing and determine security restrictions based on other factors.
  12. Ever since Windows Store was udpated to its Win11 equivalent with a bunch of updates for pre-installed apps, this component of desktop app installer gets categorized as restricted because its signature can’t be verified. I’m apparently not the only one with this issue because every version of this file released since is classed 100% restricted at the KSN. Is this issue at Microsoft’s end or Kaspersky’s? KIS, Windows 10.
  13. See if you have the writing of traces enabled. Check “Support/Support Tools”.
  14. The clean-boot tutorial instructs to disable all 3rd party services, including KIS. It would only prove if there’s something in the system that is dragging down performance independently of KIS. If we wanted to find out if something in the system is influencing KIS, then it should be left running. The challenge would then be to find out just what KIS is doing during the activity. If there’s also some disk writing/reading going on, it would provide a hint. Mike K’s cursor blinking implied that a video driver may have been involved. It’s possible that the high load others in this thread have seen has to do with KIS’s system watcher or file antivirus functions. Whenever there’s high activity in the system KIS’s own CPU load starts to rise along with it, especially in the case of “demanding” operations such as Microsoft Office updates, and those seem to happen daily. I’ve witnessed Office updates paralyzing a very slow pre-Ryzen laptop, and on top of that there was KIS’s monitoring activity resulting in a 100% CPU load.
  15. I forgot the most important detail: the added CPU load persists until reboot/shutdown. If this is by design, then there’s something amiss with that design.
  16. There’s a certain development that started with the 2020 version and is still present in I monitor my computer’s resource usage very carefully and notice if anything changes. The development mentioned is a slight elevation of CPU activity from either Kaspersky Lab Launcher service or avpui.exe, and sometimes Windows task manager itself whenever KIS produces a popup, such as a detection, or when I choose the “Scan” menu from the interface’s dashboard. I need not even start a scan to trigger it, but context menu scanning is still unaffected. The change is insignificant in my case, but with a slower system it might not be when a user is multitasking. I wish Kaspersky would look into this.
  17. I’m not seeing that increase in CPU usage here after running Quick Scan and Vulnerability Scan both with their subsequent banner and action center entries. My desktop PC has a Ryzen 5 2600 CPU and the current CPU usage for both avp.exe and avpui.exe is 0%. If you add the “CPU Time” column in Task Manager, total avp.exe usage is 15m49s and avpui.exe is 1m39s whereas System Idle Process is 62hr15m00s approx (keep in mind that each real time second is 12 CPU Time seconds as the CPU is of the 6 cores / 12 threads kind). I should’ve been more specific, the increase I see is less than a percentage. Avpui.exe usually idles at 0.0% CPU but when affected it will fluctuate between that and anything between 1.0%, usually something closer to 0. It depends on CPU speed and threading capabilities how noticeable it is. Version was affected also, I noticed this first when it displayed a popup about trying the quick scan. I removed that and installed clean.
  18. This bothered me too, but the Windows notification center getting cluttered needlessly for things like context menu scans without detections was not the worst issue. It turns out that the KIS interface’s (avpui.exe) CPU usage increases slightly because of handling those notifications that go through Windows notifications system, and it never goes down to normal levels until reboot. Same happens with other KIS notifications such as advertisement popups. As for OP’s issue, the KIS settings/interface/notification settings simply needs to have those missing options (save in local report, notify on screen) added in “Scan”, in the “informational” section. As simple as that.
  19. I installed this version clean while keeping the necessary data from the previous installation of version 20. Now I see that there are report events in the file anti-virus section for different .msi files that are present in the system or removable drives. I scanned one of them located on a removable drive, and the reports about it ceased, I had two of those events from different days when I plugged the drive in. The files are all safe, some are installers for programs like Evince, and some for things like Nvidia PhysX. In the system they are located in C:/Windows/Installer. Should KIS be reporting these events if logging of all events is not enabled? I tried to find the setting that enables that but I couldn’t find it anymore, did it use to be in Settings/Reports and quarantine?
  20. The new KIS'19 plugin is there and fully functional, when I launched the browser it displayed the notification on the main menu button that a new plugin is attempting to install itself which then took me to the addons tab to confirm the installation, nothing unusual about it. The plugin's name (in troubleshooting information) begins with "light_plugin" and ends with "@kaspersky.com", that's different from the old I think.
  21. Today I uninstalled KIS 2017 and installed 2019 afterwards while keeping program settings etc, but Firefox still displays what probably is a broken link to the previous plugin. When I click on it it displays a message almost identical to this, it only lacks the part about the typing errors, maybe due to changes in FF, it's from an old post. I'd take a screenshot of it but it's not in english. https://discourse-paas-production-content.s3.amazonaws.com/original/2X/f/f9c5c54590e18a23c41a36746e7f08cb39b15fa7.png How do I remove this leftover from FF without reinstalling it clean?
  22. Ok, thanks. KIS 2017 n-patch release notes say that it adds compatibility to Win build 1809 that I think has similar Defender Security Center behavior as 1903 and likely other upcoming builds (3rd party AV's must register properly to it), but yes it's better to just use KIS 2019.
  23. KIS has been working great with my current build of windows (1803) but there's no official statement whether the 'n' patch adds compatibility with Win 1903's security center. I know I should install the latest KIS anyway but I'd rather wait for it to receive more patches first.
  • Create New...