Wesly.Zhang

Hello, @Timur Born I think you have get the point, right? System watcher and AMSI protection function has this similar type protection. Regards

Hello, @desbest Do you think you have downloaded and use a fake facebook message ? As I see, this software have a valid facebook.Inc digital certification. Please check the installation file whether has a digital certification or not. Flash32-32-0-0-465.ocx_333907.msi, Do you use flash player? If you use a chinese version flash player browsers plugin, you will encounter some bad AD, But it is maintained by a Chinese company authorized by adobe, so it will embed advertising features in this plug-in. It is a commercial software. If it is rashly defined as a malicious program, it will be warned by a lawyer's letter, which will involve judicial proceedings. I give you advice that uninstall flash play plugin, everything will be OK. Regards.

Hello, @Apal KL virus lab reply me the following information today: We will added new heuristic detections "HEUR:AdWare.Script.Generic". The following redirected URLs were added to blocklist: boustahe[.]com jashautchord[.]com itgiblean[.]com hetaruwg[.]com faiwastauk[.]com hauphuchaum[.]com jighucme[.]com mahaidroagra[.]com oataltaul[.]com oossautsid[.]com pignuwoa[.]com silsautsacmo[.]com taigrooh[.]net teeglimu[.]com thefreshposts[.]com thompaur[.]com tobaitsie[.]com totaltopposts[.]com zauglomo[.]net Regards.

Hello， 请你右击相关浏览器，选择 属性 后，检查下这个文件的启动路径时什么？截图告知。

Hello, AMD 芯片出现此问题的，请在卡巴斯基产品中禁用 硬件虚拟化支持 临时解决系统蓝屏崩溃的问题。

THANK YOU, Wesly.Zhang!! That worked perfectly!! :))) I’m extremely embarrassed that I did not think of trying that. :( PROBLEM RESOLVED! Closing Issue. Thank you again. Hi @Fish You are welcome! :)))

“C:\Users\Fish\AppData\Local\Temp” %temp% folder? Yes. if the compile path could be changed to a normal path, such as D:/compiled_files. You can create a trusted rule via the following screenshot. Changing the path (directory) that Visual Studio uses to create its temporary batch files in is something that Microsoft would have to do. I have no control over that. There is no build setting or register value for that. It is apparently hard-coded (built into) Visual Studio itself. I could of course change my %temp% value to point to a different directory of course, BUT... There is no guarantee whatsoever that Visual Studio would honor it. Visual Studio might be hard-coded to always use %USERPROFILE%\AppData\Local\Temp. I don’t know. As I said above, Visual Studio is in control of itself, not me. I know of no way to force Visual Studio to use a different directory. Even if changing the location (directory) of where Visual Studio creates its batch files was possible, it would not resolve the underlying/root problem. It would only be moving the same problem to a new location. The original problem would still exist. It would simply exist at a different location. The problem that needs to be fixed is with Kaspersky, not Visual Studio. It keeps asking over and over and over again -- literally dozens and dozens of times each time I do a compile/build of my product (which has over 200 source files) -- whether or not <insert some program here> should be allowed to access <insert some file here>, which IMHO it shouldn’t be asking. If the program that is trying to access the file is “trusted” (i.e. has been determined by Kaspersky to be clean and not to contain any malware), then it should be allowed to access whatever freaking file it wants to access! Why should the user be bothered with an incredibly STUPID dialog asking an incredibly STUPID question? Kaspersky needs to be fixed. This new feature they only just recently introduced needs to be removed. It wasn’t designed/implemented correctly and is causing much grief for many users. Hello, As I think, Does this folder no change in every compile period? if Yes, You could set this exclusion rule: Any better after that? Regards.

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page. Hello, @Apal Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here. BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page always shows the status of "Loading...". Regards. I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ?? Hello, Here it is in my side. Regards. But, before this patch, it used to block every pop up and redirects. Hello, Please access to this url and try to download the EICAR text file, Does KL product block downloading? It should be blocking to access. https://www.eicar.org/?page_id=3950 Regards.

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page. Hello, @Apal Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here. BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page always shows the status of "Loading...". Regards. I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ?? Hello, Here it is in my side. Regards.

As I explained earlier, that is impossible to do. The batch file in question is dynamically created each time a compile is done, and each time the temporary filename is different. Hello, @Fish Which folder does it created? %temp% folder? if the compile path could be changed to a normal path, such as D:/compiled_files. You can create a trusted rule via the following screenshot. Regards.

I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page. Hello, @Apal Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here. BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page always shows the status of "Loading...". Regards.

Hello, @Fish I already have the “Perform recommended actions automatically” unchecked, Do you know uncheck this item means you will use Interactive mode. If some application listed to low restrict group want to do some behavior trigger application control rule will popup this information and need your decision. If you want to handle this information. you should go to application control function and enter manage applcation, then, expand low restrict , find the rule for this bat file and move it to trusted group or double chick this rule and go to exclusion tab to set a exclusion for this bat file. Regards.

Hello, I think you should use a vpn services. 😉 Regards.

Hello, Which place do you think it has redirection link? Could you take a screenshot on it? I see its html code doesn’t have any redirection object. Regards.

Hello, Do you contact kaspersky support? which sound card do you use, Does it have a control center software? what process name of it? Regards.

Hello, You should check the certification chain whether it has been injected some other certificates to decode the encryption network traffic or not. LinkI think you should following the above topic to check the certification chain. Regards.

Hello, I did not notice this phenomenon. Do you try to uninstall the product and re-install it to check this situation again? Regards.

chrome是有视频音效设置的😶 Hello, 首先我这里没有重现你这个问题，其次按照默认设置，你是否启用了 无痕浏览 ？另外，反广告 设置中是否启用了什么规则，请禁用它们后在看看。另外，请观察完全退出 IDM 后是否存在这个问题。

Hello， 请您重置卡巴斯基设置后在看下。经过测试火狐浏览器，我这里没有这个问题，请观察这个问题是否与浏览器其他附加组件存在不兼容性问题。 另外我这里火狐浏览器本身就没有你那个选项。你用的什么浏览器？

Hello, @Metin Please try to disable some chrome addones to check whether some websites JS file is related to them or not. Regards.

Hello, If you don't use KSC, You can uninstall it. Any better? Regards.

Hello， Link这个里面描述的内容请仔细看清楚，不要在不必要的地方填写 * 号。

Hello， 你的计算机的 CPU 用的是 AMD 还是 Intel 的？

谢谢你的回复。 我想确认下，你的意思是这是误报，我的私人笔记本以及家里WiFi是安全的是吗？ Hello, 这个并未是误报，应该是准确的报告了 TCP端口扫描（PortScan.TCP） 的这个行为，目前是被阻止的。个人版产品有个选项是能够忽略这个检测的，就如 @Yliven 说的那样。 你好，我今天个人电脑也收到了攻击提示，详情如下，区别是私人电脑的卡巴斯基个人版显示为未处理，而非已阻止。场景是一样的，也是开机链接到wifi的瞬间显示攻击提示。 我想请问： 根据您的回复，我还是不确定该警报是否代表我的wifi有安全风险？在更改设置为忽略之前，我想再确认一下。我不是IT专业，我理解为现在显示的攻击并非来自于我自己的两个电脑，而是路由器。能否请您确认一下，这个端口扫描是否代表着真正的安全风险？还是由于路由器设置带来的false positive警报？我也登录了路由器的设置界面，并恢复了原始设置，也电话了电信部门，他们回复说我的网络活动显示正常，重新设置/分配了我的网络端口，建议我看一下有没有改善。 关于个人版产品的忽略检测的选项，我没有找到该选项，我的私人笔记本的卡巴版本为21.2.16.590C。 再次感谢！ Hello， 如果是个人版产品，在 卡巴斯基 设置，保护，反网络攻击 设置 里面将该设置去除即可。 目前最新的个人版产品的版本号为 21.3.10.391(e)。

谢谢你的回复。 我想确认下，你的意思是这是误报，我的私人笔记本以及家里WiFi是安全的是吗？ Hello, 这个并未是误报，应该是准确的报告了 TCP端口扫描（PortScan.TCP） 的这个行为，目前是被阻止的。个人版产品有个选项是能够忽略这个检测的，就如 @Yliven 说的那样。