-
Posts
1867 -
Joined
-
Last visited
Everything posted by Wesly.Zhang
-
Does KIS protect against fileless attacks?
Wesly.Zhang replied to Timur Born's topic in Kaspersky Internet Security
Hello, @Timur Born I think you have get the point, right? System watcher and AMSI protection function has this similar type protection. Regards -
Hello, @desbest Do you think you have downloaded and use a fake facebook message ? As I see, this software have a valid facebook.Inc digital certification. Please check the installation file whether has a digital certification or not. Flash32-32-0-0-465.ocx_333907.msi, Do you use flash player? If you use a chinese version flash player browsers plugin, you will encounter some bad AD, But it is maintained by a Chinese company authorized by adobe, so it will embed advertising features in this plug-in. It is a commercial software. If it is rashly defined as a malicious program, it will be warned by a lawyer's letter, which will involve judicial proceedings. I give you advice that uninstall flash play plugin, everything will be OK. Regards.
-
Hello, @Apal KL virus lab reply me the following information today: We will added new heuristic detections "HEUR:AdWare.Script.Generic". The following redirected URLs were added to blocklist: boustahe[.]com jashautchord[.]com itgiblean[.]com hetaruwg[.]com faiwastauk[.]com hauphuchaum[.]com jighucme[.]com mahaidroagra[.]com oataltaul[.]com oossautsid[.]com pignuwoa[.]com silsautsacmo[.]com taigrooh[.]net teeglimu[.]com thefreshposts[.]com thompaur[.]com tobaitsie[.]com totaltopposts[.]com zauglomo[.]net Regards.
-
求助:触碰卡巴斯基就会导致系统失去反应进而重启。 [ 已解决 / Solved ] [ 已关闭 / Closed ]
Wesly.Zhang replied to Blue_Pupils's topic in 家用产品支持
Hello, AMD 芯片出现此问题的,请在卡巴斯基产品中禁用 硬件虚拟化支持 临时解决系统蓝屏崩溃的问题。 -
“C:\Users\Fish\AppData\Local\Temp” %temp% folder? Yes. if the compile path could be changed to a normal path, such as D:/compiled_files. You can create a trusted rule via the following screenshot. Changing the path (directory) that Visual Studio uses to create its temporary batch files in is something that Microsoft would have to do. I have no control over that. There is no build setting or register value for that. It is apparently hard-coded (built into) Visual Studio itself. I could of course change my %temp% value to point to a different directory of course, BUT... There is no guarantee whatsoever that Visual Studio would honor it. Visual Studio might be hard-coded to always use %USERPROFILE%\AppData\Local\Temp. I don’t know. As I said above, Visual Studio is in control of itself, not me. I know of no way to force Visual Studio to use a different directory. Even if changing the location (directory) of where Visual Studio creates its batch files was possible, it would not resolve the underlying/root problem. It would only be moving the same problem to a new location. The original problem would still exist. It would simply exist at a different location. The problem that needs to be fixed is with Kaspersky, not Visual Studio. It keeps asking over and over and over again -- literally dozens and dozens of times each time I do a compile/build of my product (which has over 200 source files) -- whether or not <insert some program here> should be allowed to access <insert some file here>, which IMHO it shouldn’t be asking. If the program that is trying to access the file is “trusted” (i.e. has been determined by Kaspersky to be clean and not to contain any malware), then it should be allowed to access whatever freaking file it wants to access! Why should the user be bothered with an incredibly STUPID dialog asking an incredibly STUPID question? Kaspersky needs to be fixed. This new feature they only just recently introduced needs to be removed. It wasn’t designed/implemented correctly and is causing much grief for many users. Hello, As I think, Does this folder no change in every compile period? if Yes, You could set this exclusion rule: Any better after that? Regards.
-
I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page. Hello, @Apal Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here. BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page always shows the status of "Loading...". Regards. I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ?? Hello, Here it is in my side. Regards. But, before this patch, it used to block every pop up and redirects. Hello, Please access to this url and try to download the EICAR text file, Does KL product block downloading? It should be blocking to access. https://www.eicar.org/?page_id=3950 Regards.
-
I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page. Hello, @Apal Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here. BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page always shows the status of "Loading...". Regards. I mean Is it blocking in your case, or, keeps loading, or, showing that fake gui ?? Hello, Here it is in my side. Regards.
-
As I explained earlier, that is impossible to do. The batch file in question is dynamically created each time a compile is done, and each time the temporary filename is different. Hello, @Fish Which folder does it created? %temp% folder? if the compile path could be changed to a normal path, such as D:/compiled_files. You can create a trusted rule via the following screenshot. Regards.
-
I hope you all can understand my problem with these screenshots. See in the last screenshot it has been redirected to a new page. Hello, @Apal Now, I know which place is related to the issue. I see some remote js files have been involved in this website. The related issue is that y2mate.com use a bad Advertisers or the purpose itself is not simple. One remote JS file is a fake av GUI. the others is ad page. So I will report this case to KL, Let them determine the reputation score of this website. If I receive any reply, I will post here. BTW. In my side, the redirection hasn’t been blocked just like you. But the product block the remote js file which been loaded by browsers. It will seem that the redirection page always shows the status of "Loading...". Regards.
-
Hello, @Fish I already have the “Perform recommended actions automatically” unchecked, Do you know uncheck this item means you will use Interactive mode. If some application listed to low restrict group want to do some behavior trigger application control rule will popup this information and need your decision. If you want to handle this information. you should go to application control function and enter manage applcation, then, expand low restrict , find the rule for this bat file and move it to trusted group or double chick this rule and go to exclusion tab to set a exclusion for this bat file. Regards.
-
Hello, I think you should use a vpn services. 😉 Regards.
-
Hello, Which place do you think it has redirection link? Could you take a screenshot on it? I see its html code doesn’t have any redirection object. Regards.
-
Hello, Do you contact kaspersky support? which sound card do you use, Does it have a control center software? what process name of it? Regards.
-
Hello, @Metin Please try to disable some chrome addones to check whether some websites JS file is related to them or not. Regards.
-
关于系统监控添加白名单后还是被删除的问题 [ 已解决 / Solved ] [ 已关闭 / Closed ]
Wesly.Zhang replied to henry1321's topic in 家用产品支持
Hello, Link这个里面描述的内容请仔细看清楚,不要在不必要的地方填写 * 号。 -
Hello, 你的计算机的 CPU 用的是 AMD 还是 Intel 的?
-
谢谢你的回复。 我想确认下,你的意思是这是误报,我的私人笔记本以及家里WiFi是安全的是吗? Hello, 这个并未是误报,应该是准确的报告了 TCP端口扫描(PortScan.TCP) 的这个行为,目前是被阻止的。个人版产品有个选项是能够忽略这个检测的,就如 @Yliven 说的那样。 你好,我今天个人电脑也收到了攻击提示,详情如下,区别是私人电脑的卡巴斯基个人版显示为未处理,而非已阻止。场景是一样的,也是开机链接到wifi的瞬间显示攻击提示。 我想请问: 根据您的回复,我还是不确定该警报是否代表我的wifi有安全风险?在更改设置为忽略之前,我想再确认一下。我不是IT专业,我理解为现在显示的攻击并非来自于我自己的两个电脑,而是路由器。能否请您确认一下,这个端口扫描是否代表着真正的安全风险?还是由于路由器设置带来的false positive警报?我也登录了路由器的设置界面,并恢复了原始设置,也电话了电信部门,他们回复说我的网络活动显示正常,重新设置/分配了我的网络端口,建议我看一下有没有改善。 关于个人版产品的忽略检测的选项,我没有找到该选项,我的私人笔记本的卡巴版本为21.2.16.590C。 再次感谢! Hello, 如果是个人版产品,在 卡巴斯基 设置,保护,反网络攻击 设置 里面将该设置去除即可。 目前最新的个人版产品的版本号为 21.3.10.391(e)。
-
谢谢你的回复。 我想确认下,你的意思是这是误报,我的私人笔记本以及家里WiFi是安全的是吗? Hello, 这个并未是误报,应该是准确的报告了 TCP端口扫描(PortScan.TCP) 的这个行为,目前是被阻止的。个人版产品有个选项是能够忽略这个检测的,就如 @Yliven 说的那样。