Search the Community

Hello. When building any C++ project with pre/post build event actions, MSBuild is creating temporary cmd files to run these actions. These cmd files have random name every build and are located at: %localappdata%\Temp\MSBuildTemp One of my projects have pre-build event which does some stuff to prepare for the build. Every time I build my solution and this specific project, MSBuild creates new cmd file and Kaspersky asks my permission to grant this cmd a low-level disk access. Problem is that I cannot whitelist/trust this cmd specifically, it is different cmd file every time. However, the run sequence looks like this: Windows Logon Application > Windows Explorer > {My IDE processes} > MySolution.sln > {Randomly generated name}.exec.cmd This {Randomly generated name}.exec.cmd is located at %localappdata%\Temp\MSBuildTemp So I thought that maybe I can whitelist MySolution.sln in this case. It is recognized by Kaspersky as unique application/process, so it is displayed in Application list and I can configure Application Rules for VS solution (MySolution.sln). That's what I did so far: Added MySolution.sln to Trusted applications category in "Intrusion Prevention settings -> Manage applications" Added MySolution.sln to Trusted applications in "Advanced security settings -> Exclusions and actions on object detection -> Specify trusted applications" Made sure that it has permissions to "Perform low-level access to disk" Enabled these exclusions: Do not scan files before opening Do not monitor application activity Do not monitor child application activity Apply exclusion recursively Do not inherit restrictions from the parent process (application) From my understanding "Do not monitor child application activity" + "Apply exclusion recursively" should make Kaspresky to ignore these temporary cmd files generated by MSBuild, but it doesn't, I still get prompted every time I build my project. Is there something I can do about it? Would be nice if it was possible to whitelist applications located at certain paths (similar to how we can exclude folders by path mask) and do it not just globally, but also for computer resources specified in Intrusion Prevention settings. My winver: Windows 11 23H2 22631.3737 Kaspersky ver: 21.17.7.539(b)

Hi, thank you for reply. I tried to set it for several parent applications which show up in "Run sequence". Even the most top one, which is a system process (Windows Logon Application). I did it like this: And, of course, all these are in trusted category and they have permissions for low-level access to disk. I must add that this pre-build event runs .bat script which also runs another executable. Neither this bat script nor that executable show up in that prompt for access approval from Kaspersky, but just in case I also set both of them as trusted and made sure they have permissions for low-level disk access. Really weird.

Is it this setting? I thought it's affecting only scanning. Thing is, that in most other cases Intrusion Prevention works fine and as expected. For example, in "Manage resources" I created my own category under "Personal data". Let's say I called it "My Data". In "My Data" category, I set all application categories, including "Trusted" to "Ask user". And all apps by default inherits that. Now, let's say, I want to restrict other applications and processes from accessing Telegram's appdata (portable version) and whitelist only Telegram to access it. So I add new path like this under "My Data" category: C:\Telegram\tdata\* And whitelist telegram apps by "developer" category like this: Now, when I open Telegram - I still get asked if I should allow or block access. It is expected, because Telegram is being ran not by itself, but by Windows Explorer and run sequence appears like this: Windows Explorer -> Telegram What's weird is that for some apps/processes it appears in the Application list with new run sequence, so it can be configured. In case with Telegram it doesn't happen. So, the only way to stop these access prompts is to go to Telegram application settings in Kaspersky and enable "Do not inherit restrictions from parent process (application)" like this: Now it works as expected, whenever I run Telegram, even if it was started by Windows Explorer, it starts properly and doesn't ask me to allow or block it every time. But with scenario described in my first post, where it's low-level disk access in question, it doesn't work as expected.

Welcome to Kaspersky Community. Enabling those exclusions for the main app that generates the random new cmd files every time should do the trick 🤔 Is it Your main app placed in Trusted group or in a restriction group? Since by default trusted apps should have access without prompts for low-level disk access, see this capture, as an example:

On the other hand, when cutting a file from disk C to disk D. Technically you have to do a read on disk C, write to disk D, delete the original file on disk C. If I blocked the read permission, I theoretically shouldn't be able to copy or cut it, since I'm not allowed to read it, right? If an execute permission exists, the execution goes beyond a read, as it needs to be loaded into memory to execute. This would initially involve a disk read and a RAM write. It could block execution without restricting the read, allowing the file to be copied and cut.

I have two newly purchased Samsung 980 Pro 2TB SSDs in my laptop, and I recently switched from Kaspersky Total Security to Kaspersky Premium. It turns out that Kaspersky is giving the message that "The health of the Samsung SSD 980 PRO 2TB hard drive has significantly decreased". Kaspersky reports that the health of the drives is 0% (critical) and suggests that I copy the data to another SSD(s). However, I did benchmarking tests on Samsung Magician, on Crystal disk, on Windows itself, and no other application complains of problems with SSDs. If it is a Kaspersky "bug" in relation to these models, I would like some manifestation.

Good morning, I am a long time user of Kaspersky’s security solutions. Recently, I was looking at the "Privacy and Security" tab in the settings of MacOS 13 (on a Mac with Apple Silicon) and noticed that for Kaspersky Antivirus (Standard edition) there are 2 separate applications: - Kaspersky (which I enabled when I installed the program) - Kaspersky System Extension / com.kaspersky.kav.sysext.systemextension (not enabled) The path to the second application brings me, in Finder, to Library -> System Extension and it's connected to an archive with the name "com.kaspersky.kav.sysext.systemextension". Just to be safe I scanned it and it was not detected as malicious by any EDR/Antivirus, but at the same time I did not find many informations on it online. My questions are: - What does "Kaspersky System Extension" do? - Should I enable it? The antivirus seems to be able to do full system scans/custom scans just fine and it does not ask for any more permission - Are there any other suggestions/information on this process that could help me? Thank you so much in advance!

Is it possible to block the execution of any executable (exe, bat, ps1) of disk D from Kaspersky Premium 21.15.8.493(a)? Windows 11 Enterprise 22H2, Build 22621.3085 My goal is to allow the execution of everything that is on disk C, and some folders on disk D, the rest that is restricted.

More detailed scenario: I don't want anyone to have permission to run any EXE files from the D:\Download folder and its subfolders. Otherwise, they can copy, cut, create, delete freely. This is my real goal! In the absence of an execute permission, I denied all read permission on the folder, regardless of the level of trust. This certainly blocks execution, and doesn't interfere with copying files. It only bothers me that the rule actually applies every time someone accesses the file list of the folder in question. My ultimate goal is to restrict the execution of any executable (exe, msi, bat, ps1, com) on the entire D disk. And only allow it to run on a certain folder on disk D. But I consider that the launch of the event by simply listing the files in a folder is so bulky, I think that by putting the whole disk, it could be chaos, perhaps a high consumption of CPU and RAM resources. An anticipatory speculation on my part.

@rqueizan It is obvious that the rule defined by you is wrong. You have applied "deny" to all groups (Trusted, Untrusted, High restriction and Low restriction) You can even do this for disk D, but you need to release fundamental applications like Microsoft so that Windows applications like explorer.exe can read all files on the disk. This is why Kaspersky defines this module only for advanced users. This is a complex component of Kaspersky and with it there are countless possibilities for using this component. My personal advice to you is: study the tutorial I gave you in more depth. (see that it's not that I don't want to help or assist you, it's that it's a component with countless possibilities and that requires a certain degree of knowledge of its operation)

@rqueizan Thanks for the feedback, and I'm glad you got it 👍 Thanks for the suggestions, but "Read" basically means "Run/Open". In your scenario, basically we have that on disk D no file with the ".exe" extension has read permission, that is, they do not have permissions to be read from disk D, therefore, they cannot be executed/opened.

Very much thank you for this letter and kind attention since the regional support did not yet returned me with an answer. 😞 But I still need to adress about my renewal subscription some notes as it is related to Kaspersky Internet Security if I continue to extend this license it might not be converted automatically as it seems to Kaspersky Standard so will have to be looking to do the old method in uninstalling all traces of KIS to install KS. I am still reading all documents you're brought and I don't mind losing 39 days left of my current license. In fact I've always been stepping into extend the uses for another year before the end of days just to be sure the extension will be granted. But in this situation is another picture since Kaspersky regional store have been selling me Kaspersky Internet Security since 2018 and the only way to argument about this term is through their support in my region which again still no response 😣. If I had to seek the old methods in uninstalling all traces of KIS on my disk and install fresh Kaspersky Standard will the interruption of the protection compromise me of anything in the short pause? I have in the last 5 months moved to a brand new computer with Windows 11 Professional 22H 64 bits and ever since I have downloaded/installed onto this machine Kaspersky Internet Security using My Kaspersky access and during use of the protection. It still present bugs that haven't solved ever since I was on Windows 7 Professional. Always wondered why the company rushed to KIS 21.3 when KIS 21.2 was functional and had no problems at least on my end.

@focussss This is a strange issue 🤔 , for privacy reasons we don't request system logs but you may consider to check on your side your system e.g. : Full Kaspersky scan System File Checker → ' sfc /scannow ' Disk Surface Check → ' chkdsk /f ' Please create a restore point before proceeding ! Also and FYI , this community can't fix bugs.

Just pitching in with my info. I've been having the same problem for days. Except my application database does indeed update automatically (but I have Windows 10) It happens every two days, so I've been trying to track patterns. Patterns discovered: It only happens when I have Firefox open (I don't have Chrome, like some users above) Every time it's happened, I've had Twitter open. So, if it's website-related, I've narrowed it down to that, in my case. Disk usage for Kaspersky Service 21.15 spikes up to 70+% causing total disk usage to reach or approach 100% when this happens. (I'm keeping the Task Manager open at all times precisely to try to figure out what's going on) The first time it happened to me was Nov 21, with KIS 21.3. I upgraded (clean install with reboots in between) to Kaspersky Premium 21.15 on December 12. Didn't have a Kaspersky auto-restart problem for one month. Then, on Dec. 21st, it started again, and has been happening once a day every 2 days. OS and Software info: Windows 10 x64 Home, 22H2 Kaspersky Premium 21.15.8.493(a) Firefox (version number doesn't affect it); Extensions: Kasp, AdBlock Plus, No Script Additional info: I ran chkdsk /f /r twice, and System File checker, once, after the Nov. incident Kaspersky Performance monitor says my Drive Health is 100% "Healthy and nearly as good as new" Just adding my info/investigations to the thread in case it helps people figure out what's going on. My screencaps:

Unfortunately I´ve got nothing but troubles since Sonoma relating to interaction with Kaspersky app. Randomly total disk access is lost when you turn on the Mac. Erasing Kaspersky from total disk access in settings and giving again permission does not solve the problem. Clean installation again and again does not solve the problem. Occasionally Kaspersky detects as not activated Safari´s extension in the app interface, but the extension is checked in Safari´s settings. So, it is really working or not ¿? And finally... In Mac OS toolbar at the top of the screen when Kaspersky app is active is shown "Nëw application" instead of "Kaspersky". At least for me, something is wrong between Sonoma and Kaspersky app.

@nexon Do you know if I clicked "Disinfect and restart"? Well, in fact, some samples even infected the machine... I'm not here for discussion, I just tried to help you and provide you with the experience I experienced (I don't pretend to be the owner of reason) The folder was created on my D disk on February 14th, but the samples inside the folder were downloaded between yesterday and today 👍😉

i almost forgot about the topic ? , but after doing a deep digging it wasn't the virtual disk setup so the main program purpose was to get the unallocated part of the HDD to show up in my case i am having a 3tb seagate but it's an old patch which cannot be formatted fully above 2tb so here is what happens i can format 2tb but beyond that the 746 gb remains unallocated so the way to get around it was using this virtual disk setup , once it shows up the anti virus keeps on crashing , i tried the virtual disk setup after i disconnected this 3tb HDD and it worked just fine ''anti virus while the virtual disk setup was installed'' so the main issue here is the unallocated 746 GB once it gets showen up the anti virus crashes any idea how to fix it ?

Here are the content of the log file found in C:\ProgramData\Kaspersky Lab\AVP21.3\Traces There are also dmp files created. 05:03:14.480 [4D50:5B94] INF [DumpWriter] === Logging started at local time Fri Dec 16 13:03:14 2022 (UTC+08:00) by ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe" -splash], product version 21.3.10.391 (ReleaseState), OS version 10.0.19045.0, log filename C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.dumpwriter.log 05:03:14.480 [4D50:31D8] INF [DumpWriter] [GlobalScopeAsyncEventProcessor] Worker thread started 05:03:14.480 [4D50:5B94] INF [DumpWriter] Verifier is loaded: 0 05:03:14.480 [4D50:31D8] INF [DumpWriter] [GlobalScopeAsyncEventProcessor] New event added to list, continue waiting 05:07:10.943 [4D50:5628] INF [DumpWriter] Preparing to write dump C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp 05:07:10.944 [4D50:5628] INF [DumpWriter] Dump writer callback invoked, exception code 0xe0434352, event DUMP_WRITE_STARTING, full dump path C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp, result DW_OK 05:07:10.944 [4D50:5628] INF [DumpWriter] TryStartKldwProcessFromAnotherThread: starting [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe] with args [-s 4476 -p 19792 -lp KAV] 05:07:10.944 [4D50:51E8] INF [DumpWriter] KldwAsyncStarterThread started 05:07:10.951 [4D50:51E8] INF [DumpWriter] CreateKldwProcessAsProtectedProcess(C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe, -s 4476 -p 19792 -lp KAV) start error 0x00000000 05:07:10.951 [4D50:51E8] INF [DumpWriter] KldwAsyncStarterThread stopped 05:07:10.952 [4D50:5628] INF [DumpWriter] TryStartKldwProcessFromAnotherThread: process has started, pid 25628 [641c], handle 0x152c 05:07:10.964 [641C:4258] INF [kldw] === Logging started at local time Fri Dec 16 13:07:10 2022 (UTC+08:00) by ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe" -s 4476 -p 19792 -lp KAV], product version 21.3.10.391 (ReleaseState), OS version 10.0.19045.0, log filename C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.dumpwriter.log 05:07:10.964 [641C:4258] INF [kldw] Started 05:07:10.964 [641C:4258] INF [kldw] Load of "C:\WINDOWS\system32\dbghelp.dll" succeeded 05:07:10.965 [641C:4258] INF [kldw] isValidInheritedHandle: 1 05:07:10.965 [641C:4258] INF [kldw] Dumps folder cleanup started: max dumps count = 15, required free space = 200 Mb 05:07:10.965 [641C:4258] INF [kldw] Search file mask: 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV*.dmp' 05:07:10.965 [641C:4258] INF [kldw] No dump files were found 05:07:10.966 [641C:4258] INF [kldw] GetDiskFreeSpaceEx: free space for disk with 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\' folder is 117389336576 bytes 05:07:10.966 [641C:4258] INF [kldw] == Successful == 05:07:10.966 [641C:4258] INF [kldw] Load of "C:\WINDOWS\system32\dbghelp.dll" succeeded 05:07:10.967 [641C:4258] INF [kldw] Writing C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp... 05:07:10.967 [641C:4258] INF [kldw] SetDebugPrivilege: Debug privilege acquired 05:07:10.968 [641C:4258] INF [kldw] Generated metadata Json { "isManualDump": "0", "assertDescription": "", "productName": "kav21", "productVersion": "21.3.10.391", "patch": "j", "workflowId": "kav21", "workflowContext": "", "tag": "GUI", "dumpType": "Full", "dumpId": "BB01AD23-44F6-044E-9894-258AAEFD2C39", "originalExceptionCode": "0xE0434352", "osPlatform": "x64" } 05:07:10.969 [641C:4258] INF [kldw] Signaled about writing dumps 05:07:10.969 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 16 05:07:10.969 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 17 05:07:10.969 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 11 05:07:10.969 [641C:4258] INF [kldw] MinidumpCallback: Start writing dump using custom callback 05:07:10.969 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 15 05:07:10.974 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 6 05:07:11.200 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 10 05:07:11.212 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 10 05:07:11.636 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 13 05:07:11.637 [641C:4258] INF [kldw] MinidumpCallback: Finish writing dump using custom callback 05:07:11.637 [641C:4258] INF [kldw] MinidumpCallback: Received callback of type 7 05:07:11.637 [641C:4258] INF [kldw] MinidumpCallback: The user-mode minidump has been successfully completed 05:07:11.962 [641C:4258] INF [kldw] Finished writing dumps 05:07:11.962 [641C:4258] INF [kldw] Writing C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp succeeded (502253196 bytes). 05:07:11.966 [641C:4258] INF [kldw] GetCrashInfoFromProcess: \Device\HarddiskVolume6\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe, Kernelbase.dll.mui 05:07:11.967 [641C:4258] INF [kldw] Dumps folder cleanup started: max dumps count = 15, required free space = 200 Mb 05:07:11.967 [641C:4258] INF [kldw] Search file mask: 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV*.dmp' 05:07:11.967 [641C:4258] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp', size : 502253196 bytes, pid: 19792, indexInSequence: 0 05:07:11.968 [641C:4258] INF [kldw] GetDiskFreeSpaceEx: free space for disk with 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\' folder is 116887031808 bytes 05:07:11.968 [641C:4258] INF [kldw] == Successful == 05:07:11.968 [4D50:5628] INF [DumpWriter] kldw process finished writing dumps 05:07:11.968 [641C:4258] INF [kldw] Abort event signaled 05:07:11.969 [641C:4258] INF [kldw] Processing finished 05:07:11.970 [641C:4258] INF [kldw] Stopped with result 0 05:07:11.971 [4D50:5628] INF [DumpWriter] Dump writer callback invoked, exception code 0xe0434352, event DUMP_ON_SPECIAL_EXCEPTION_CREATED, full dump path [empty], result DW_OK 05:07:12.225 [1DAC:2F10] INF [DumpWriter] === Logging started at local time Fri Dec 16 13:07:12 2022 (UTC+08:00) by ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe" -hidden], product version 21.3.10.391 (ReleaseState), OS version 10.0.19045.0, log filename C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.dumpwriter.log 05:07:12.225 [1DAC:2F10] INF [DumpWriter] Verifier is loaded: 0 05:07:12.225 [1DAC:6560] INF [DumpWriter] [GlobalScopeAsyncEventProcessor] Worker thread started 05:07:12.225 [1DAC:6560] INF [DumpWriter] [GlobalScopeAsyncEventProcessor] New event added to list, continue waiting 05:09:50.853 [1DAC:4B48] INF [DumpWriter] Preparing to write dump C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.09_7596.GUI0.full.dmp 05:09:50.862 [1DAC:4B48] INF [DumpWriter] Dump writer callback invoked, exception code 0xe0434352, event DUMP_WRITE_STARTING, full dump path C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.09_7596.GUI0.full.dmp, result DW_OK 05:09:50.862 [1DAC:4B48] INF [DumpWriter] TryStartKldwProcessFromAnotherThread: starting [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe] with args [-s 1228 -p 7596 -lp KAV] 05:09:50.862 [1DAC:518C] INF [DumpWriter] KldwAsyncStarterThread started 05:09:50.863 [1DAC:518C] INF [DumpWriter] CreateKldwProcessAsProtectedProcess(C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe, -s 1228 -p 7596 -lp KAV) start error 0x00000000 05:09:50.863 [1DAC:518C] INF [DumpWriter] KldwAsyncStarterThread stopped 05:09:50.863 [1DAC:4B48] INF [DumpWriter] TryStartKldwProcessFromAnotherThread: process has started, pid 10232 [27f8], handle 0x110c 05:09:50.870 [27F8:B88] INF [kldw] === Logging started at local time Fri Dec 16 13:09:50 2022 (UTC+08:00) by ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe" -s 1228 -p 7596 -lp KAV], product version 21.3.10.391 (ReleaseState), OS version 10.0.19045.0, log filename C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.dumpwriter.log 05:09:50.870 [27F8:B88] INF [kldw] Started 05:09:50.870 [27F8:B88] INF [kldw] Load of "C:\WINDOWS\system32\dbghelp.dll" succeeded 05:09:50.871 [27F8:B88] INF [kldw] isValidInheritedHandle: 1 05:09:50.871 [27F8:B88] INF [kldw] Dumps folder cleanup started: max dumps count = 15, required free space = 200 Mb 05:09:50.871 [27F8:B88] INF [kldw] Search file mask: 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV*.dmp' 05:09:50.872 [27F8:B88] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp', size : 502253196 bytes, pid: 19792, indexInSequence: 0 05:09:50.872 [27F8:B88] INF [kldw] GetDiskFreeSpaceEx: free space for disk with 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\' folder is 116886073344 bytes 05:09:50.872 [27F8:B88] INF [kldw] == Successful == 05:09:50.872 [27F8:B88] INF [kldw] Load of "C:\WINDOWS\system32\dbghelp.dll" succeeded 05:09:50.873 [27F8:B88] INF [kldw] Writing C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.09_7596.GUI0.full.dmp... 05:09:50.873 [27F8:B88] INF [kldw] SetDebugPrivilege: Debug privilege acquired 05:09:50.874 [27F8:B88] INF [kldw] Generated metadata Json { "isManualDump": "0", "assertDescription": "", "productName": "kav21", "productVersion": "21.3.10.391", "patch": "j", "workflowId": "kav21", "workflowContext": "", "tag": "GUI", "dumpType": "Full", "dumpId": "9D985E7C-42EB-FE4F-97A5-D8C492079DBF", "originalExceptionCode": "0xE0434352", "osPlatform": "x64" } 05:09:50.875 [27F8:B88] INF [kldw] Signaled about writing dumps 05:09:50.875 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 16 05:09:50.875 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 17 05:09:50.875 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 11 05:09:50.875 [27F8:B88] INF [kldw] MinidumpCallback: Start writing dump using custom callback 05:09:50.875 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 15 05:09:50.880 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 6 05:09:51.046 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 10 05:09:51.057 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 10 05:09:51.293 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 13 05:09:51.294 [27F8:B88] INF [kldw] MinidumpCallback: Finish writing dump using custom callback 05:09:51.294 [27F8:B88] INF [kldw] MinidumpCallback: Received callback of type 7 05:09:51.294 [27F8:B88] INF [kldw] MinidumpCallback: The user-mode minidump has been successfully completed 05:09:51.555 [27F8:B88] INF [kldw] Finished writing dumps 05:09:51.555 [27F8:B88] INF [kldw] Writing C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.09_7596.GUI0.full.dmp succeeded (485171060 bytes). 05:09:51.560 [27F8:B88] INF [kldw] GetCrashInfoFromProcess: \Device\HarddiskVolume6\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe, Kernelbase.dll.mui 05:09:51.560 [27F8:B88] INF [kldw] Dumps folder cleanup started: max dumps count = 15, required free space = 200 Mb 05:09:51.561 [27F8:B88] INF [kldw] Search file mask: 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV*.dmp' 05:09:51.561 [27F8:B88] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp', size : 502253196 bytes, pid: 19792, indexInSequence: 0 05:09:51.561 [27F8:B88] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.09_7596.GUI0.full.dmp', size : 485171060 bytes, pid: 7596, indexInSequence: 0 05:09:51.562 [27F8:B88] INF [kldw] GetDiskFreeSpaceEx: free space for disk with 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\' folder is 116400865280 bytes 05:09:51.562 [27F8:B88] INF [kldw] == Successful == 05:09:51.562 [1DAC:4B48] INF [DumpWriter] kldw process finished writing dumps 05:09:51.562 [27F8:B88] INF [kldw] Abort event signaled 05:09:51.563 [27F8:B88] INF [kldw] Processing finished 05:09:51.563 [27F8:B88] INF [kldw] Stopped with result 0 05:09:51.565 [1DAC:4B48] INF [DumpWriter] Dump writer callback invoked, exception code 0xe0434352, event DUMP_ON_SPECIAL_EXCEPTION_CREATED, full dump path [empty], result DW_OK 05:09:51.678 [51AC:1E18] INF [DumpWriter] === Logging started at local time Fri Dec 16 13:09:51 2022 (UTC+08:00) by ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe" -hidden], product version 21.3.10.391 (ReleaseState), OS version 10.0.19045.0, log filename C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.dumpwriter.log 05:09:51.679 [51AC:2874] INF [DumpWriter] [GlobalScopeAsyncEventProcessor] Worker thread started 05:09:51.679 [51AC:2874] INF [DumpWriter] [GlobalScopeAsyncEventProcessor] New event added to list, continue waiting 05:09:51.679 [51AC:1E18] INF [DumpWriter] Verifier is loaded: 0 05:31:14.185 [51AC:1D18] INF [DumpWriter] Preparing to write dump C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.31_20908.GUI0.full.dmp 05:31:14.185 [51AC:1D18] INF [DumpWriter] Dump writer callback invoked, exception code 0xe0434352, event DUMP_WRITE_STARTING, full dump path C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.31_20908.GUI0.full.dmp, result DW_OK 05:31:14.185 [51AC:1D18] INF [DumpWriter] TryStartKldwProcessFromAnotherThread: starting [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe] with args [-s 3720 -p 20908 -lp KAV] 05:31:14.185 [51AC:5E7C] INF [DumpWriter] KldwAsyncStarterThread started 05:31:14.186 [51AC:5E7C] INF [DumpWriter] CreateKldwProcessAsProtectedProcess(C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe, -s 3720 -p 20908 -lp KAV) start error 0x00000000 05:31:14.187 [51AC:5E7C] INF [DumpWriter] KldwAsyncStarterThread stopped 05:31:14.187 [51AC:1D18] INF [DumpWriter] TryStartKldwProcessFromAnotherThread: process has started, pid 19424 [4be0], handle 0x4d8 05:31:14.193 [4BE0:5C64] INF [kldw] === Logging started at local time Fri Dec 16 13:31:14 2022 (UTC+08:00) by ["C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\kldw.exe" -s 3720 -p 20908 -lp KAV], product version 21.3.10.391 (ReleaseState), OS version 10.0.19045.0, log filename C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.dumpwriter.log 05:31:14.193 [4BE0:5C64] INF [kldw] Started 05:31:14.194 [4BE0:5C64] INF [kldw] Load of "C:\WINDOWS\system32\dbghelp.dll" succeeded 05:31:14.194 [4BE0:5C64] INF [kldw] isValidInheritedHandle: 1 05:31:14.194 [4BE0:5C64] INF [kldw] Dumps folder cleanup started: max dumps count = 15, required free space = 200 Mb 05:31:14.195 [4BE0:5C64] INF [kldw] Search file mask: 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV*.dmp' 05:31:14.195 [4BE0:5C64] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp', size : 502253196 bytes, pid: 19792, indexInSequence: 0 05:31:14.195 [4BE0:5C64] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.09_7596.GUI0.full.dmp', size : 485171060 bytes, pid: 7596, indexInSequence: 0 05:31:14.195 [4BE0:5C64] INF [kldw] GetDiskFreeSpaceEx: free space for disk with 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\' folder is 116360073216 bytes 05:31:14.196 [4BE0:5C64] INF [kldw] == Successful == 05:31:14.196 [4BE0:5C64] INF [kldw] Load of "C:\WINDOWS\system32\dbghelp.dll" succeeded 05:31:14.196 [4BE0:5C64] INF [kldw] Writing C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.31_20908.GUI0.full.dmp... 05:31:14.197 [4BE0:5C64] INF [kldw] SetDebugPrivilege: Debug privilege acquired 05:31:14.198 [4BE0:5C64] INF [kldw] Generated metadata Json { "isManualDump": "0", "assertDescription": "", "productName": "kav21", "productVersion": "21.3.10.391", "patch": "j", "workflowId": "kav21", "workflowContext": "", "tag": "GUI", "dumpType": "Full", "dumpId": "38ACC727-C1F2-BA43-A9F7-9D6E9CA99E35", "originalExceptionCode": "0xE0434352", "osPlatform": "x64" } 05:31:14.199 [4BE0:5C64] INF [kldw] Signaled about writing dumps 05:31:14.199 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 16 05:31:14.199 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 17 05:31:14.199 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 11 05:31:14.200 [4BE0:5C64] INF [kldw] MinidumpCallback: Start writing dump using custom callback 05:31:14.200 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 15 05:31:14.205 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 6 05:31:14.376 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 10 05:31:14.386 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 10 05:31:14.612 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 13 05:31:14.612 [4BE0:5C64] INF [kldw] MinidumpCallback: Finish writing dump using custom callback 05:31:14.613 [4BE0:5C64] INF [kldw] MinidumpCallback: Received callback of type 7 05:31:14.613 [4BE0:5C64] INF [kldw] MinidumpCallback: The user-mode minidump has been successfully completed 05:31:14.864 [4BE0:5C64] INF [kldw] Finished writing dumps 05:31:14.864 [4BE0:5C64] INF [kldw] Writing C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV.21.3.10.391j_12.16_13.31_20908.GUI0.full.dmp succeeded (462210506 bytes). 05:31:14.869 [4BE0:5C64] INF [kldw] GetCrashInfoFromProcess: \Device\HarddiskVolume6\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\avpui.exe, Kernelbase.dll.mui 05:31:14.870 [4BE0:5C64] INF [kldw] Dumps folder cleanup started: max dumps count = 15, required free space = 200 Mb 05:31:14.870 [4BE0:5C64] INF [kldw] Search file mask: 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\KAV*.dmp' 05:31:14.870 [4BE0:5C64] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.07_19792.GUI0.full.dmp', size : 502253196 bytes, pid: 19792, indexInSequence: 0 05:31:14.870 [4BE0:5C64] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.09_7596.GUI0.full.dmp', size : 485171060 bytes, pid: 7596, indexInSequence: 0 05:31:14.871 [4BE0:5C64] INF [kldw] Previous dump file found: 'KAV.21.3.10.391j_12.16_13.31_20908.GUI0.full.dmp', size : 462210506 bytes, pid: 20908, indexInSequence: 0 05:31:14.871 [4BE0:5C64] INF [kldw] GetDiskFreeSpaceEx: free space for disk with 'C:\ProgramData\Kaspersky Lab\AVP21.3\Traces\' folder is 115662983168 bytes 05:31:14.871 [4BE0:5C64] INF [kldw] == Successful == 05:31:14.871 [51AC:1D18] INF [DumpWriter] kldw process finished writing dumps 05:31:14.872 [4BE0:5C64] INF [kldw] Abort event signaled 05:31:14.872 [4BE0:5C64] INF [kldw] Processing finished 05:31:14.872 [4BE0:5C64] INF [kldw] Stopped with result 0 05:31:14.874 [51AC:1D18] INF [DumpWriter] Dump writer callback invoked, exception code 0xe0434352, event DUMP_ON_SPECIAL_EXCEPTION_CREATED, full dump path [empty], result DW_OK

Hum that's a weird behavior, since I also use W11 + KPremium 21.14 and is running smoothly... Check the health of Your main system hard disk, run a ScanDisk and/or some kind of surface test -> Hard Disk Sentinel. Also, is there any other security solution installed in the system that may be causing an incompatibility issue with K.?

What the hell is going on. I have just spent £90 replacing a drive KP reported as failing. Now I get this report today: The hard drive ST2000LM007-1R8174 — Seagate Expansion Drive (O:). with running on the device mike-pc (Desktop) is not working optimally and it may fail soon. We recommend that you back up your important data. Health indicators as of 20 February 2023: - Disk status: 30% — Bad - Disk temperature: 19 °C — Good - Disk run time: 25011 hours - Power-ons: 475 times If this is KP going mad and making false reports, I am going to cancel my new licence and look elsewhere. This is NOT FUNNY

So I have just wasted £90 replacing a drive thats good!!! and now, another one. The hard drive ST2000LM007-1R8174 — Seagate Expansion Drive (O:). with running on the device mike-pc (Desktop) is not working optimally and it may fail soon. We recommend that you back up your important data. Health indicators as of 20 February 2023: - Disk status: 30% — Bad - Disk temperature: 19 °C — Good - Disk run time: 25011 hours - Power-ons: 475 times

Hello, 1) About disk access - try to update macOS up to 14.1 and check problem. This is a problem on the macOS side. You need to contact Apple support, if problem persists. 2) Kaspersky detects as not activated Safari - Known problem. The problem is still being analyzed. 3) "Nëw application" - This is a problem on the macOS side. But we'll try to fix that on our side.

Hello @Mr.ApplePie, Welcome! In the top left of the image, the words 'New Application' (1) in our image - is presented by the OS - it's not a virus; it's showing (you) that Kaspersky has updated to Kaspersky's new software, Kaspersky Premium (2) in our image. Kaspersky Premium requires full disk access to function properly, read the documentation: Kaspersky for Mac, Start application for the first time, Grant permissions: "The Kaspersky application will not work properly without granting these permissions. You must grant all permissions in the Essential Protection window." Regarding: "Mac name was also randomly changed", not enough information to comment..... Has the Mac named changed more than once *automatically* since Kaspersky Premium has been active & is the Mac name still *automatically* changing? Thank you🙏 Flood🐳+🐋

Hello. I am not sure if it was my Mac os updating to the latest or if it's a virus but when I use Kaspersky, the name in the top right corner has been changed to 'New Application' and Kaspersky asked me to provide full disk access. Kaspersky said it detected a malicious file and removed it I hope this isn't the affect of a virus. My Mac name was also randomly changed..

Also, what about to check system hard disk health -> run a ScanDisk, HardDisk Sentinel scan?