Xeno

Hello, the file was a .rar that I double clicked. I wasnt trying to execute it, I was trying to see whats inside of the archive. I've handled this issue on my own though. I've checked the hash of the executable (its unknown to Kaspersky or VT), meaning it would be placed in a restricted group. This archive was also password protected, and I never entered a password for it 🤦‍♂️. If you somehow can execute a password protected file without the password, let me know :D. Harlan, don't worry, I wont be messing with malware again. I've realized most of the times I do it, I ask for people's help to ensure i'm not infected and its not worth the time for them or for me.

Its also a password protected archive. Never put a password in at all but I still double clicked the archive.

Hello! I'm using Kaspersky Premium with a default deny intrusion prevention setup. I was looking at a obviously fake adobe file for malware analysis (just uploading to sandboxes) when I had the file on my PC and double clicked the archive to see what was inside. When I double clicked, it didnt show the inside of the archive (I tried this twice, still nothing), and I am a bit concerned that the file might have actually ran. I have checked Intrusion Prevention, no file called "setup.exe" (which is what the file is) is there. I have also scanned with: Kaspersky, Sophos, Malwarebytes, ESET, and Emsisoft, they have found nothing. Should I be concerned about a infection? I dont think intrusion prevention would just stop working suddenly, but I am a bit concerned since the file has zero virus total detections and wasnt picked up by Kaspersky via static detection. https:// tria . ge/231230-azz71aagaj/behavioral2 incase you need the file, here it is.

https://www.kaspersky.com/enterprise-security/wiki-section/products/emulator Is this a local emulator or like fully fledged threat emulation?

What Anti-Rootkit Technologies does Kaspersky Have? Im curious. Does System Watcher also stop rootkits being set up? What technologies are there to stop Rootkits?

What if the connection is established? I've seen this happen before. Does kaspersky protect against what the rat is capabile of aswell?

I mean what if like the connection is established, but it does malicious stuff? Can it detect the rat if the connection is established but the connection isnt detected via what the rat does?

Besides setting custom HIPS rules. Does kaspersky do anything to protect you if the connection is established?

Kaspersky has good scanners, signatures, and good protection against rats and backdoors. However, what happens if the connection is setup and they have access to your system? Are they able to just steal all your files with Kaspersky noticing, or will Kaspersky deal with it?

I was also looking around and a strain of stealer has like no detections from kaspersky on VT (yet have 50 detections) https://www.virustotal.com/gui/ip-address/77.105.147.140/relations all files are here - idk how to submit a report here.

Possible they made a exclusion to test just its termination abilities

I sent a email but they never responded lol

Is it a issue if I made the download a Triage link

I found another one and sent it via email aswell, lets hope they respond back. Not sure if its a issue that the download is a Triage link but that does work.

Couldnt it be possible though to stop unknown drivers - take the safe rather than sorry approach. In theory really, you shouldnt have unknown applications try to terminate Kaspersky.