Wesly.Zhang

Hello, I know this issue is related to safe money function now. How about your keyboard driver information? Does it have a third party driver? I update previous post, Please re-check it and answer my question. 😉 Regards.

Hello, I am confused that what’s the relation of Kaspersky Secure Connection, Do you mean Kaspersky VPN? This issue occur with KSDE (Kaspersky VPN) and safe money? And what’s the information in this place, Does it same to me or …...? Please let us know. Regards.

Hello, What is “google chrome secure connection” ? Regards.

Hello, The biometric fingerprint recognition technology and the initial API call of the camera to recognize the face may trigger this detection. Regards.

Hello, You mean this? Regards.

Hello, For answer your question, You should do the following step to analyse which svchost.exe (Host Process for Windows Services) do this behavior. When this popup windows display, you should record this process PID. I use Edge browser to explain how to do. For your situation, It should svchost.exe. There are so many svchost.exe, according to the PID, you should find the related svchost.exe, right-click it and select go to service(s). you will find the services name. Please tell us the services name. Regards.

Hello, Please check the website certification via the following method such as chromium edge. First, Set the website to the exclusive rule. Second, check the website certification. Third, Check the certification is like me or not, Please feed back the result and tell us what is it from your side. Regards.

Hello, Do you confirm this website is safe? Regards.

Hi @Wesly.Zhang, Please find the sample as the link below : https://drive.google.com/drive/folders/1nfP833vfKxMJyTwTL4HcUV8-87uqfOpO?usp=sharing ._readme is message of attacker and other is .xlsx file that locked by .moqs extension. Hope we can get solution, and also all DJVU ransomeware can destroyed Thanks before Hello, I see this file you have attached in google driver is a infected file ,not ransomware original file (maybe a exe, xls, word file with vba script). Regards.

Hello, Do you contact KL support now? If you are convince, Could you attach KL product installation logs file to here? Go to %temp% folder. search “kl-install-xxxxxx” such name file and zip it and upload to here. Regards.

Hello, Do you have the ransomware sample? Regards

Hello, Do you have a application named “realtek audio console” or “realtek audio control”? what’s the sound card information? Regards.

Hi @Wesly.Zhang is there a way to make or add for example qbittorrent in a system watcher white list ? i tried to add in the exclusion and truested apps , but it did not fix it thanks Hello, Could you take a screenshot about your settings? Let’s check the settings. Regards.

I am familiar with the method to bypass this senseless detection, and I do know what you’re talking about, but this is not the point here. And no, it is definitely not my problem. I only ask KL to do two things: (1) Enable users to hide/deactivate such hints. (2) Remove the software updater SUMo from the list of incompatible programs. Anyway, now I know it’s pointless to discuss this matter here. I have opened another support ticket, hoping that KL can do something about it. If not, well, either SUMo or KIS will have to be removed from my computer due to the alledged compatibility issue. And I already know that SUMo will definitely not be the program to be removed. Hello, I think this magic information will suitable for you. One to delete, one to change value If you want to clear some place. I personally think sumo is not a related to Ring0 level application. This program doesn't have a driver file. But The reason for KL listing in the Incompatible Software list is that it may take effect with software updater function. It is only my personally idea. Regards.

I would also give you some “magic information”. We are talking about “Deactivate Incompatible Programs/Software Hint” in this thread. You need to use your eyes to read this thread before replying. Thank you. Hello, I understand very well what this topic discusses. I provide a hint method to solve the “Deactivate Incompatible Programs/Software Hint ”by handle detection rule for it. I tell you the detection rule for “incompatible Programs/Software Hint” related to Malwarebytes. As for the method to bypass the detection, I will not explain the method here. Those who understand will naturally already know how to do it. You don't understand what I mean, that's your problem. Not me. Regards.

Hello, This is not a bug need KL to fix, guy. I give you a magic information. I think you should know what you need to do…… You need to use your brain to solve the problem. Solve the problem in a curve way. Regards.

Hello, First, This server could not prove that it is e.crackfold.com; its security certificate expired 12 days ago. So KL doesn't make mistake to report certification issue. The browser tell me the same result. But crackfold.com is OK. Does this information related to imap.billhall.net which belong to your email service provider??? billhall.net <----------------> crackfold.com ??? Could you run windows update once to update system root certification first in order to try to update certification and login email services via http://webmail.billhall.net/ , that’s OK without any problem? Second. I think if you can, please notice email manager to handle this problem. They need update its email certification to resolve the problem. Third. As a temporary workaround. You can do two methods, Please choose a method that can solve the problem and set it up. Go to KL product Settings → Network settings → trusted address → add billhall.net. Does it work? if no, go ahead.Set thunderbird.exe to trusted application and set “Do not scan encrypted network traffic”. But please notice this is not a very good method.Regards.

Hello, @mantra This folder save system watcher function log file (similar a database file). the behavior of any application will be logged in this file. So this situation will occur. The reason for frequent disk reads and writes is that there are some behaviors in the running applications every moment. Regards.

Hello, @Brown pirate Now, You have the “correct answer”, why do you ask the answer here? unclear meaning…… It is your freedom to disable powershell or not.

Hello @dags1 Do you know Topaz Impression2 & Luminar AI want to access the website url? If you know you can set a exclusion rule to avoid kaspersky VPN proxy the network traffic in order to occur this issue. Regards.

Hello, Which location area do you choose in Kaspersky VPN? Please switch location area to your country if it have. Topaz Impression2 & Luminar AI plugs maybe has limit in usage location. Regards.

Hello, This detection appear very often. After disinfection, this detection will happen again and again… What I know is that there is a program that attempts to expand the memory and write code in the explorer.exe process. In general, This detection is a false positive. such as a Third-party input methods (sougou input methods) or a other AV product or anti-malware tool which operate system memory. If you encounter this issue very often, Please notice above information and close or uninstall application to check. A very inportmant information reply back from KL virus analyst: Is there a file named “svchost.exe” in my document folder. This information has been provided in past two years. But I think you can not find the file in that folder. But you can try, if you find this behavior, please tell me know. Regards.

Hello, I think you can delete all files and folders in this folder without any problem. 😉 Regards.

Hello, Do you mean this Israeli group and its Candiru’s hacking tool ? https://www.justandroid.net/2021/07/16/microsoft-says-israeli-group-created-and-sold-tools-to-hack-windows/ Regards.

Hello, What’s the sha1 hash value of these files in %systemroot%\WINDOWS\System32\drivers ? NETIO.SYS fwpkclnt.sys win32k.sys Regards.