Jump to content

Pica

Members
  • Posts

    24
  • Joined

  • Last visited

Posts posted by Pica

  1. 47 minutes ago, AragornPT said:
    ASUS is also guilty here. I don't like Armoury Crate and I'm forced to use Aura Sync to manage my rig. And latest Aura Sync is 2 years old. In Kaspersky's side, it's necessary to implement an exception for ASUS vulnerabilities. This behavior should be automatically configured but with user's possibility to create exceptions (for ex. atkexComSvc.exe  - ASUS Com service vulnerability trigger disabled by user option)
    Other securities suites also trigger ASUS as a vulnerability, but the users has always the option: "ok, I know that. Shut up and let them work."  ( A special note to BitDefender and Norton: they don't even recognize ASUS Service as a vulnerability, so Kaspersky is better then them, but a definitive "USER (CUSTOMER) HAVE THE LAST WORD" should be Kaspersky policy. 

     

    HW manufacturer's bundled software is buggy as a general rule, odd because they're the vendors for both the harware and the software so they should know best how to design software for their hardware.

    Someone at the Russian language forum noticed that this vital executable is classified as a trojan, after analyzing the traces he enabled. Normally that would count as a false positive, but the user is left completely ignorant of all this. There's not a single alert or anything unusual logged, the exe is still as trusted by KIS as ever. So since what we have is most likely just a program vulnerability, I 100% agree that Kaspersky shouldn't take an aggressive stance toward this file. They can notify the end user about its risky nature, but it should never be blocked without the users consent.

    Even if installing a new version of AiSuite3 or Armory Crate fixes this issue, how does that help those who have atkexComSvc.exe normally running in their systems but without those two other programs? I've looked into it but it's still unclear what all the places this exe comes from are and what it does, I know for certain I've never had AiSuite or the others installed. Some of these ASUS drivers such as AsIO.sys (that's usually found on newer computers with ASUS mobos) might be installed from the board firmware, some may come from driver CDs. It's difficult to keep track of these files and what should be safe to disable should an AV flag them as risky. My version of this exe is old, and there's no way to get a newer version of it without installing ASUS programs that I don't want. The installers could be unpacked, but that's probably more trouble than it's worth.

  2. On 8/12/2022 at 4:32 PM, Igor Kurzin said:

    There are vulnerabilities in some previous versions of Asus applications (Ai Suite, Armoury Crate), more information by the links: 

    https://www.opencve.io/cve/CVE-2018-18535 

    https://www.opencve.io/cve/CVE-2018-18536 

    https://github.com/hfiref0x/AsIo3Unlock 

    https://codeinsecurity.wordpress.com/2016/06/12/asus-uefi-update-driver-physical-memory-readwrite/ 

    https://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html 

    https://seclists.org/fulldisclosure/2018/Dec/34 

    Blocking these vulnerabilities by the Kaspersky product may cause malfunction(s) of Asus Ai Suite/ Armoury Crate. As a temporary solution the blocking rules will be disabled, a fix will be released on Monday 15.08.22 with bases.

    We will post an additional notification on Monday 15.08.22. 

    To apply the fix, you will need to update databases and restart PC. 

    We are researching another way to block the vulnerabilities without impacting Asus applications.

    The safety of Kaspersky users is still provided by the Kaspersky multi-layer protection. All types of threats, including viruses, worms, trojans, ransomware, rootkits and spyware are detected, isolated and deleted in real-time.

     

    Do these vulnerabilities show up in the vulnerability scan at all? atkexComSvc.exe does not, but the scope of that scan is "installed applications" so it's possible it goes under the radar. I do hope that this promised fix will also apply to this exe, it must be even more widespread than AiSuite or other ASUS applications if it's installed from ASUS driver bundles. increased error logging at boot is not welcome, that would be the minimum impact of this executable's blocking.

  3. On 8/12/2022 at 4:32 PM, Igor Kurzin said:

    There are vulnerabilities in some previous versions of Asus applications (Ai Suite, Armoury Crate), more information by the links: 

    https://www.opencve.io/cve/CVE-2018-18535 

    https://www.opencve.io/cve/CVE-2018-18536 

    https://github.com/hfiref0x/AsIo3Unlock 

    https://codeinsecurity.wordpress.com/2016/06/12/asus-uefi-update-driver-physical-memory-readwrite/ 

    https://packetstormsecurity.com/files/150893/ASUS-Driver-Privilege-Escalation.html 

    https://seclists.org/fulldisclosure/2018/Dec/34 

    Blocking these vulnerabilities by the Kaspersky product may cause malfunction(s) of Asus Ai Suite/ Armoury Crate. As a temporary solution the blocking rules will be disabled, a fix will be released on Monday 15.08.22 with bases.

    We will post an additional notification on Monday 15.08.22. 

    To apply the fix, you will need to update databases and restart PC. 

    We are researching another way to block the vulnerabilities without impacting Asus applications.

    The safety of Kaspersky users is still provided by the Kaspersky multi-layer protection. All types of threats, including viruses, worms, trojans, ransomware, rootkits and spyware are detected, isolated and deleted in real-time.

     

    Do these vulnerabilities show up in the vulnerability scan at all? atkexComSvc.exe does not, but the scope of that scan is "installed applications" so it's possible it goes under the radar. I do hope that this promised fix will also apply to this exe, it must be even more widespread than AiSuite or other ASUS applications if it's installed from ASUS driver bundles. increased error logging at boot is not welcome, that would be the minimum impact of this executable's blocking.

    • Like 1
  4. The cause doesn't seem like a false positive detection because there are no unusual traces in KIS logs whatsoever, even the atkexComSvc.exe classification has stayed the same. Still fully trusted, signatures too. It would be interesting to know why KIS has decided to target this exe, and what module. But it's understandable if this information is never made public, the intricate workings of an antivirus software must remain a secret to malicious parties.

    Like I wrote, I'm not using any ASUS software so there's nothing to uninstall (except KIS) - this exe is not installed software, but instead it's launched at startup by an ASUS service. The only way to "unistall" it is to manually disable the service, delete its registry entries and finally delete the files themselves. If this issue never gets fixed officially I'll settle for disabling the service since it doesn't seem like an important one. Interestingly, AsSysCtrlService.exe is unaffected by this, it runs an "ASUS system control service" in the background, and this one must be the more vital one of the two for interactions between the mobo and OS.

  5. Databases are up to date, computer fully power cycled (off+boot). Issue is still present. Windows fast start is not enabled. No point in constant power cycling unless we get an official confirmation that a fix has been submitted to public update servers. And it should be too, ASUS software is too popular for Kaspersky to ignore. You will lose a lot of customers to Bitdefender unless this is fixed for good.

    • Like 1
  6. And it's worth noting that atkexComSvc.exe can't just be reinstalled like you would AiSuite, it's always bundled with their other softwares. It may be possible to disable this service, at your own risk. I don't know how vital it is but since it's currently being blocked from starting and isn't running in the background, it probably isn't needed for everyday use. However, if you use system monitoring programs or want to use ASUS motherboard firmware updating tools (such as the Intel ME tool that they released a few years ago) you may actually need this running.

    Installing AiSuite in an attempt to get a new version of this exe is no solution for those who don't want the software at all, in case someone seriously suggests it. AiSuite is also notoriously hard to uninstall cleanly.

  7. I knew it. Today when perusing the Windows 10 reliability history, I saw that atkexComSvc.exe (a piece of software that is installed as a service when you install AiSuite or chipset drivers from an ASUS CD etc) had failed to launch at boot. The last database updates were done on the 9th-10th of this month, but I only noticed this issue now when the system was booted. I don't even have AiSuite or any other ASUS software installed (nor have I ever) except for this executable which must've come from the drivers CD, I don't know for sure since this PC was built and prepped by a store.

    This file is needed by AiSuite and other ASUS software, so it's no wonder why they're malfunctioning now...

  8. So after my current license became active, I’ve been getting these “Sign-in to Kaspersky” popups soon after booting. My program version has stayed the same at 21.3.10.391(h). The “Do not remind me again” (or “ignore”) option which has been discussed before in closed topics is not there.

    I understand Kaspersky wants everyone to create an account which has been mandatory for most of their competing products for a while, but until the day that it actually becomes mandatory for KIS, I’d prefer if I could shut those popups down for good.

  9. hello, @Pica 

    Could you provide sha1 code for the file and file path?

    Regards.

     

    The sha1 hash for the first file with issue: 09413d72fc4215f6d0e4b7e83b6fc2ed3c7e71d4

    And for the second: 6f4980b379c975db1643d848882f81f1612a2b9b

    Path is C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.16.13405.0_x64__8wekyb3d8bbwe

     

    Windows keeps a few older versions of UWP apps in storage, new versions won’t overwrite the old. The files seem to be unsigned, which is not that uncommon for legit Windows files. But I’ve never had a KIS warning in logs about verification errors with other unsigned files, KIS would simply report that their signatures are missing and determine security restrictions based on other factors.

  10. Ever since Windows Store was udpated to its Win11 equivalent with a bunch of updates for pre-installed apps, this component of desktop app installer gets categorized as restricted because its signature can’t be verified. I’m apparently not the only one with this issue because every version of this file released since is classed 100% restricted at the KSN. Is this issue at Microsoft’s end or Kaspersky’s?

    KIS 21.3.10.391(g), Windows 10.

  11.  

    Link

     

    So, heavy writing onto SSD/disk apparently isn't new.  By far.  But above is for Windows.

    I’m seeing kavd write almost as much to disk as it reads, more than all other processes on my system combined.  Under macOS.  Any ideas?

    0.1TB, though the system rebooted not long ago - uptime is 7 hrs.

    What madness!

     

    See if you have the writing of traces enabled. Check “Support/Support Tools”.

  12. The clean-boot tutorial instructs to disable all 3rd party services, including KIS. It would only prove if there’s something in the system that is dragging down performance independently of KIS. If we wanted to find out if something in the system is influencing KIS, then it should be left running. The challenge would then be to find out just what KIS is doing during the activity. If there’s also some disk writing/reading going on, it would provide a hint. Mike K’s cursor blinking implied that a video driver may have been involved.

     

    It’s possible that the high load others in this thread have seen has to do with KIS’s system watcher or file antivirus functions. Whenever there’s high activity in the system KIS’s own CPU load starts to rise along with it, especially in the case of “demanding” operations such as Microsoft Office updates, and those seem to happen daily. I’ve witnessed Office updates paralyzing a very slow pre-Ryzen laptop, and on top of that there was KIS’s monitoring activity resulting in a 100% CPU load.

  13. There’s a certain development that started with the 2020 version and is still present in 21.3.10.391(f). I monitor my computer’s resource usage very carefully and notice if anything changes. The development mentioned is a slight elevation of CPU activity from either Kaspersky Lab Launcher service or avpui.exe, and sometimes Windows task manager itself whenever KIS produces a popup, such as a detection, or when I choose the “Scan” menu from the interface’s dashboard. I need not even start a scan to trigger it, but context menu scanning is still unaffected. The change is insignificant in my case, but with a slower system it might not be when a user is multitasking.

     

    I wish Kaspersky would look into this.

     

    I forgot the most important detail: the added CPU load persists until reboot/shutdown. If this is by design, then there’s something amiss with that design.

  14. There’s a certain development that started with the 2020 version and is still present in 21.3.10.391(f). I monitor my computer’s resource usage very carefully and notice if anything changes. The development mentioned is a slight elevation of CPU activity from either Kaspersky Lab Launcher service or avpui.exe, and sometimes Windows task manager itself whenever KIS produces a popup, such as a detection, or when I choose the “Scan” menu from the interface’s dashboard. I need not even start a scan to trigger it, but context menu scanning is still unaffected. The change is insignificant in my case, but with a slower system it might not be when a user is multitasking.

     

    I wish Kaspersky would look into this.

  15. This bothered me too, but the Windows notification center getting cluttered for silly things like context menu scans was not the worst issue. It turns out that the KIS interface’s (avpui.exe) CPU usage increases slightly because of handling those notifications that go through Windows notifications system, and it never goes down to normal levels until reboot. Same happens with other KIS notifications such as advertisement popups.

    As for OP’s issue, the KIS settings/interface/notification settings simply needs to have those missing options (save in local report, notify on screen) added in “Scan”, in the “informational” section. As simple as that.

     

    I’m not seeing that increase in CPU usage here after running Quick Scan and Vulnerability Scan both with their subsequent banner and action center entries.  My desktop PC has a Ryzen 5 2600 CPU and the current CPU usage for both avp.exe and avpui.exe is 0%.  If you add the “CPU Time” column in Task Manager, total avp.exe usage is 15m49s and avpui.exe is 1m39s whereas System Idle Process is 62hr15m00s approx (keep in mind that each real time second is 12 CPU Time seconds as the CPU is of the 6 cores / 12 threads kind).

     

    I should’ve been more specific, the increase I see is less than a percentage. Avpui.exe usually idles at 0.0% CPU but when affected it will fluctuate between that and anything between 1.0%, usually something closer to 0. It depends on CPU speed and threading capabilities how noticeable it is.

     

    Version 21.2.16.590c was affected also, I noticed this first when it displayed a popup about trying the quick scan. I removed that and installed 21.3.10.391 clean.

  16. This bothered me too, but the Windows notification center getting cluttered needlessly for things like context menu scans without detections was not the worst issue. It turns out that the KIS interface’s (avpui.exe) CPU usage increases slightly because of handling those notifications that go through Windows notifications system, and it never goes down to normal levels until reboot. Same happens with other KIS notifications such as advertisement popups.

     

    As for OP’s issue, the KIS settings/interface/notification settings simply needs to have those missing options (save in local report, notify on screen) added in “Scan”, in the “informational” section. As simple as that.

  17. I installed this version clean while keeping the necessary data from the previous installation of version 20. Now I see that there are report events in the file anti-virus section for different .msi files that are present in the system or removable drives. I scanned one of them located on a removable drive, and the reports about it ceased, I had two of those events from different days when I plugged the drive in. The files are all safe, some are installers for programs like Evince, and some for things like Nvidia PhysX. In the system they are located in C:/Windows/Installer.

    Should KIS be reporting these events if logging of all events is not enabled? I tried to find the setting that enables that but I couldn’t find it anymore, did it use to be in Settings/Reports and quarantine?

  18. Hello Pica, Thanks for posting back. May we have images of: "notification on the main menu button that a new plugin is attempting to install itself* &"plugin's name begins with "light_plugin" and ends with "@kaspersky.com" ", and a GSI https://support.kaspersky.com/common/diagnostics/3632#block7 please? Thanks!
    I did a Firefox reset and it seems to have fixed the problem.
  19. Hello Pica, Welcome! The image present does not clearly indicate a Kaspersky Addon/extension. Please help us with the following information: Please open a Firefox browser, in the url field enter: about:addons or from the Firefox menu, select Addons, on the Addons page, Manage your extensions, please check if Kaspersky Protection extension is there, please check the status of the extension? Please post back as we have more info to provide however we need clarity about the issue to do so. Many thanks!
    The new KIS'19 plugin is there and fully functional, when I launched the browser it displayed the notification on the main menu button that a new plugin is attempting to install itself which then took me to the addons tab to confirm the installation, nothing unusual about it. The plugin's name (in troubleshooting information) begins with "light_plugin" and ends with "@kaspersky.com", that's different from the old I think.
  20. Today I uninstalled KIS 2017 and installed 2019 afterwards while keeping program settings etc, but Firefox still displays what probably is a broken link to the previous plugin. When I click on it it displays a message almost identical to this, it only lacks the part about the typing errors, maybe due to changes in FF, it's from an old post. I'd take a screenshot of it but it's not in english. https://discourse-paas-production-content.s3.amazonaws.com/original/2X/f/f9c5c54590e18a23c41a36746e7f08cb39b15fa7.png How do I remove this leftover from FF without reinstalling it clean?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.