Thoughts
-
Posts
83 -
Joined
-
Last visited
Posts posted by Thoughts
-
-
Hello Bambina
I’m pleased you managed to get the two working together.
Regards. Thoughts
-
If Windows is mistakenly thinking a Kaspersky firewall is active then you could try the following:
In Kaspersky app click settings (cog icon bottom left). Under General / Autorun / Untick Launch Kaspersky Security Cloud at start up. Then reboot your computer. On restart go to Windows Security and check that Windows Firewall is now active (switch on if not). Windows Defender will also have switched back on but that’s ok. Now go back to the Kaspersky app, open Settings as before and re-tick Launch Kaspersky Security Cloud at start up and reboot your computer.
On restart go to Windows Security and confirm that Security Cloud and Windows Firewall are both now active. As mentioned; I use both together, as it’s designed to do.
-
Bambina - Are you or were you perhaps running Security Cloud in its 30 day trial mode?
If it is operating in trial mode then it will be functioning as Security Cloud Personal or Family which both include a dedicated firewall that would then disable Windows firewall.
If you had installed and were running Security Cloud - Free (not the trial version) then Windows Firewall won’t be disabled. I use Security Cloud Free + Windows Firewall.
Open the desktop app and check what it says it should tell you if it is simply Security Cloud - Free or Security Cloud Personal/Family in 30 day trial mode. Press Active, bottom right of the app, to see exactly what mode it’s running as. You can further verify this by going to your My Kaspersky Account page.
Security Cloud Free has its own dedicated download. Install instructions are lower down the page. https://usa.kaspersky.com/free-cloud-antivirus
-
Hello Flood
Appreciate your comment, I’ll leave it with the team.
Happy to close this thread.
Regards. Thoughts.
-
Hello Flood
Simply use the Thunderbird BrowseInTab extension and web pages open, as a tab, within Thunderbird’s own in-built browser. Nothing is further modified it’s simply using Thunderbird’s standard in-built browser, the same browser it uses to display all content.
https://addons.thunderbird.net/en-US/thunderbird/addon/browseintab/?src=search
As previously mentioned it is solely the AMTSO Phishing page test, Security Cloud doesn’t detect in Thunderbird. Every other AMTSO test and the Kaspersky Phishing page test are correctly detected by Security Cloud in Thunderbird’s browser.
Regard. Thoughts.
-
Hello Flood
Thank you, I was aware. As mentioned in an earlier post Thunderbird has its own in-built web browser so pages can be viewed completely ‘within’ Thunderbird (as a new tab) rather than needing to switch to an external third party browser.
If Thunderbird’s in-built browser is used, Security Cloud will correctly detect every AMTSO malware test with the sole exception of the Phishing page test.
Below is a copy of the image I posted earlier showing the unblocked AMTSO phishing page as seen within the Thunderbird browser. I tested this again today.
AMTSO Phishing Page Within Thunderbird Browser As you can see web pages are opened as tabs directly ‘within’ Thunderbird. FYI, as mentioned in an earlier post, if Kaspersky’s Phising Page test is opened in Thunderbird it ‘is’ correctly detected by Security Cloud. It’s purely the AMTSO Phishing Page test that Security Cloud fails to detect in the Thunderbird browser.
Regards. Thoughts
-
Hello Igor
As an update I today re-tested all AMTSO tests in the Thunderbird embedded browser and of the two previously failed tests, Phishing and Drive by, the Drive by test is now correctly detected. This just leaves the phishing page test as the sole AMTSO test not detected by Security Cloud from within the Thunderbird embedded browser.
Regards Thoughts.
-
Hello Flood
Thank you, I can also confirm the Drive By test works in Firefox, Firefox ESR, Google Chrome and Thunderbird’s embedded browser.
Every other AMTSO test is correctly detected by Kaspersky Security Cloud in the above browsers with the sole exception of the Phishing page test which is not detected within Thunderbird’s embedded browser. I only mentioned this as a complete picture, not a new issue, as Kaspersky engineers are fully aware of this matter and it’s currently being investigated.
So in terms of pure browsers, all AMTSO tests are correctly detected.
-
As general question, Edge Chromium is listed as being supported by Internet Security.
From Kaspersky Support site https://support.kaspersky.com/common/safemoney/12782
Microsoft Edge based on Chromium 77.x–80.x and later*.
*Compatibility with later browser versions is possible but not guaranteed.
I use Security Cloud which follows the same browser support and was able to add the browser extension to Edge Chromium.
-
Hello new11
Thank you for doing that.
-
Hello Berny
So it’s clear, I asked as I was confused by Flood’s comment which was:
Kaspersky Technical Support is only available if Kaspersky software is licensed.
I fully appreciate the limitations as a free license holder and was simply seeking clarification, which Flood kindly gave.
Regards.
-
Hello Flood
The Thunderbird browser issue Igor Kurzin asked me to submit trace files for. Are Kaspersky waiting for me to purchase a license before it can be looked into?
I am aware of the limitations as a free license holder, but after your comment I am now unclear where things stand in relation to that specific matter. I am more than happy to wait as long as required, I was simply seeking clarification.
Thank you.
-
Hello Flood
Kaspersky Technical Support is only available if Kaspersky software is licensed.
What do you mean, by technical support and what do you mean by licensed?
-
Hello Berny - The EICAR file itself ‘is’ detected by Kaspersky.
My question was when I click on Launch Test on this page
https://www.amtso.org/feature-settings-check-drive-by-download-test/
The page isn’t blocked, as also reported by Questioning2. Every other AMTSO test page gets correctly blocked (in Firefox and Chrome) just not the one above.
As mentioned by Flood, I have a similar matter currently with Igor and I’m happy to leave things as they are and see what Igor finds.
-
Hello Flood thank you. As mentioned Kaspersky correctly detects the EICAR test file if I create it on my computer.
The question was, when this test is launched https://www.amtso.org/feature-settings-check-drive-by-download-test/ there is no warning pop up. I’m not sure if there is supposed to be a pop up warning. The download I assume is blocked as it never appears, but I was simply curious as to whether Kaspersky (or any AV) is supposed to show a pop up warning or not. The blocked page in the YouTube video does not appear if I click on Launch Test.
If you get a chance have a go yourself and let me know if after clicking on Launch Test you see any pop up or a blocked page. I was only chipping in and simply curious.
-
Berny - Thank you. Yes that was the file I created and was the one the AMTSO drive-by test page was attempting (but failed) to download.
Is there a reason Kaspersky didn’t show a warning pop up on the drive-by test? The file wasn’t downloaded so it was correctly blocked, but the lack of any Kaspersky pop up (as happened on all the other AMTSO tests) was unexpected. Might Firefox or Chrome have blocked it before Kaspersky?
-
Below is the text shown before you launch the AMTSO drive-by test.
When you click on this button, a simulated “drive-by download” is initiated: a new web page will open and the EICAR test file will attempt to be downloaded.
If you are able to download this 68 byte test file successfully, your anti-malware solution is NOT configured correctly or DOES NOT conform with industry best practice.
As you can see, you are expected to see the next web page, it is the file download that should be blocked by Kaspersky not the web page itself. When I checked again, both Firefox and Google Chrome behaved the same and no file was downloaded.
-
Kaspersky Security Cloud Free 20.0.14.1085(k)
If it is of any help, I checked out the AMTSO pages and using Firefox 77.01 [64Bit] (Kaspersky extension installed). Kaspersky correctly detected and blocked every page tested (See drive by test below).
For this test Detects drive-by downloads of malware
https://www.amtso.org/feature-settings-check-drive-by-download-test/
The page didn’t show as blocked, but nothing was downloaded which, from reading the web page, appears to be the correct response. A failure would be if the file ‘was’ downloaded. As a further check I created a copy of the EICAR test file (that would have been downloaded if Kaspersky had failed) and my test file was instantly detected by Kaspersky.
The Drive-by test is a bit confusing because unlike the other tests no warning is shown. It would seem that, that is the correct response as the test is whether a file can be downloaded. It’s NOT about the page being blocked.
-
It’s rather primitive but below is a mock up of how it might appear.
-
Sure, here is one by AxCrypt which makes 7 options accessible from a single context menu line. Right clicking a file or folder will show this.
A grouped context menu offers greater flexibility for the software, while markedly reducing context menu clutter for the user.
-
Hope it’s OK to chip in on this. Context menus can get very long and Kaspersky on its own adds three items. I can’t speak for new11, but for myself it would be helpful if Reputation in KSN and Application Advisor could be hidden, leaving only Scan for viruses visible. An alternative would be to create a group, so Kaspersky Security Cloud > was the only visible item, then moving right showed all available options.
Sorry for chipping in.
-
For real-time protection Kaspersky Security Cloud should be used alone.
Second opinion scanners and cleaners are generally ok as they are not providing real-time protection as your Kaspersky Security Cloud is. I personally would only use a second opinion scanner if Kaspersky’s own scanner couldn’t resolve an actual issue. It’s easy to end up chasing your own tale, seeing different detection results as more problematic than they might be.
-
Thunderbird 68.9.0 [64Bit] - Latest standard release version from Thunderbird.net. If you look at the first and second images you will see the web pages are displayed ‘within’ Thunderbird itself. Thunderbird has its own in-built web browser (since the beginning I believe) and you are now able to open web pages in Thunderbird’s tabs. Thunderbird was listed in the Web report I attached and each instance was me opening a web page tab. Receiving the phishing test e-mails were not detected by Kaspersky.
As mentioned; the odd thing is the Kaspersky Phishing test URL ‘is’ detected within Thunderbird (web page), as well as Firefox, whereas the AMTSO Phishing URL is ‘only’ detected in Firefox.
It would seem Security Cloud ‘is’ seeing the web page URL in Thunderbird (for it to block the Kaspersky URL) but the AMTSO URL isn’t triggering it for some reason.
Do you know of any other non-Kaspersky phishing test URLs I could try? If they behave the same as Kaspersky it would point to the AMTSO URL being the reason. If other phishing test URL’s (you know should be detected) are also ignored in Thunderbird it might narrow things down.
Thanks again for any help.
-
Tests and images as requested.
Image 1 below - Kaspersky Phishing Test URL opened in Thunderbird browser (detected and blocked)
Image 1 above - Kaspersky Phishing Test URL opened in Thunderbird browser (detected and blocked)
Image 2 below - AMTSO Phishing Test URL opened in Thunderbird browser (not detected or blocked)
Image 2 AMTSO Phishing Test URL opened in Thunderbird browser (not detected or blocked)
Image 3 below - Kaspersky Phishing Test URL sent as e-mail with URL in both subject line and body of e-mail. As you can see (along with the AMTSO URL e-mail below it) neither were marked as spam.
The two tabs you see next to Calendar in Image 3 (Kaspersky Security Cloud & Feature Settings Check - Ph...) are the two web pages of the Thunderbird browser showing the blocked page from the Kaspersky URL and the unblocked page from the AMTSO URL.
Image 3 Kaspersky Phishing Test URL sent as e-mail with URL in both subject line and body of e-mail.
If the AMTSO and Kaspersky URLs are opened in Firefox browser, both are correctly detected and blocked.
Firefox AMTSO URL Firefox Kaspersky URL Also attached is the Web Report exported from Kaspersky Security Cloud. As you will see Kaspersky AV detects the Kaspersky Phishing URL in both Thunderbird and Firefox. The AMTSO Phishing URL is ‘only’ detected in Firefox it is never detected within the Thunderbird app.
The fact Kaspersky’s Phishing test URL is detected and blocked, if opened in Thunderbird’s browser, is reassuring. I’m just concerned about the non-detection of either e-mail as SPAM and that the AMTSO Phishing test URL is not detected in Thunderbird at all. Shulte mentioned that certain test URL’s are not detected because the AV system doesn’t consider them dangerous (which makes sense) and maybe the AMTSO is one such URL (but it was still detected in Firefox).
As a further test I also sent the test e-mails from unconnected accounts (just to ensure ‘e-mailing myself’ was not a factor) and in every case the Phishing e-mails were ‘not’ marked as spam. As further information Kaspersky Security Cloud was active at all times and had been updated. Also no VPNs were active during testing.
Is there anything I should/could do to ensure phishing e-mails are marked as spam? And is there a reason why Kaspersky detects the AMTSO phishing test URL correctly in Firefox but not in Thunderbird?
Thanks again for any help.
Kaspersky Security Cloud & Windows Defender Cloud-delivered protection
in Kaspersky Security Cloud
Posted
Kaspersky Security Cloud Free
Windows 10 Pro – 1909 64Bit
Do Kaspersky recommend leaving Windows Defender Cloud-delivered protection switched On or Off?
As I use Kaspersky, Windows Defender real-time protection is obviously not active, but Cloud-delivered protection and Automatic sample submission can still be switched on and off.
I have Cloud-delivered protection enabled and Automatic sample submission switched off. What Defender settings do Kaspersky recommend? Never had any issues, just curious.
Thank you. Thoughts