Search the Community

Hi again, thanks for replying. I am searching in the actual vault (KPM app) not in the browser - (I know it sounds strange, it's really weird, presumably a bug). I have sync'd (it auto syncs but I checked also). I tried to take a screenshot to show you all is up to date but it seems that KPM cleverly prevents screenshots whilst open. You asked "iStorm cannot be found in the actual KPM vault application, on the computer", is that accurate please? " Yes, that is accurate. Autosave & autofill is ticked for 1. logins & password & 3. Bank cards (not 2. addresses). Thinking ahead, I thought you would recommend next that I reinstall this app on my PC so as I also use the iPhone and iPad KPM app every day I tried searching on that and it also doesn't appear there. The common denominator then is the website itself and the main thing I can think that's different to maybe all other sites is that it's mainly in Greek language (I have to use Google Chrome translate on the site). I did wonder whether it has saved in KPM in the Greek alphabet but when visiting the site the URL is in English as you can see from my screenshots. I did try translate and searching for 'καταιγίδα' in case but no luck. I have tried in KPM app scrolling down all entries to letter 'i' but there's nothing for istorm there. I am looking in 'all' and not 'favourites' It doesn't seem to appear in 'recents' but not all recent sites do (upon testing). Strangely when trying to log in on iPhone, tapping on the login name/email which displays the 'key' icon above the keyboard, on tapping the key which opens KPM app, it says 'no matching password' and 'show passwords' can't find it in search. Only the Chrome browser on PC recognises the website address and gives me the green KPM icon as per screenshots you've seen. I can't think of any other info to help identify this strange issue.

I kept using your product even after i realized you charge more to the people renewing the licenses than the new buyers (i guess you think old customers are there to be milked)... I kept using your product even after i realized your servers were still inside Ruzzia even after you announced you left that bog (it was already paid, the damage was done).... I kept using your product even after your "quick scan" was shutting down my pc, and so often that it even ended up roasting my SSD (sent all of the evidence i had to support, mostly circumstantial mind you, even with a video and they couldn't believe it was their fault). But the last straw was having my pc restart constantly and without warning, completely randomly, and just because enabling the VPN (no logs, no nothing, not even system dumps!, months and months troubleshooting, I only made the connection that the pc was crashing/hanging/restarting ONLY AFTER i enabled the VPN and not at a set time but randomly afterwards, even if it wasn't already running... uninstalled and the pc has not restarted ever again since, ¿what the hell else are you doing to my pc that i don't know of?). You had a good product, the competition probably is not as good as your product, but it is definitely good enough to make the jump and just leave these licenses unused. I am trying really hard not to express all the expletives i think you deserve, but you just are not worth my time anymore.

I could had a quick scan running on safe mode hard crash my system on demand, i even sent them the video. But sure, it is not destabilizing. And now my system is still not restarting randomly, i wonder why it is stable now.... So typing this was a massive waste of time. Thank you anyways. I bet Kaspersky is also grateful for your free service.

Thanks for that quick response. We've done a second scan and the summary lines of the report is attached. It looks like the dll is now gone.

@harlan4096, I remain confused. ?‍♂️ Please confirm or correct my interpretation of the Forum Guidelines, which state that posting live links is permitted, provided that they are not to a site or product in competition with K products. I don't profess to know what enhanced rights Moderators have, but my interpretation of the Forum Guidelines is that, as a Member, I could have posted a live link to AdwCleaner in your topic, assuming it was relevant to solving the member's problem . . . ? I also do not see any prohibition in the Forum Guidelines to members posting live links to other posts in these Forums . . . Just to give you some background, I got a warning PM from @Alexandru_BD, the Forum Administrator, of my previous antivirus solution Forums. It was one of the straws that broke this camel's back. I posted there just what you had posted here to assist one of their users. I am trying to seek clarity. I have no wish to be cautioned or banned. My online reputation is very important to me. I need to understand the rules here. Your response did not shed much light for me. Perhaps I am not as quick as I used to be . . . It would be wonderful if you could explicitly spell out the Forum Moderating and Admin Team's expectations. I did receive some good advice from @Flood and Flood's wife, in one of my early posts here, that it would be wise for me to be very cautious until I learned the dynamics of these Forums. I have been a member of enough Forums for long enough to know that there are always "Forum politics," as I term it. I have no interest in that. So, following that sage advice, I seek only clarity to avoid being cautioned or banned. Signing off now for the day. Have a great day. Regards, Phil

Hello all, Thank you for looking; I appreciate your time! KIS version 21.3.10.391 Win 10 Home x64 Build 19045 KIS has begun briefly crashing and restarting within seconds, both passively and especially during full scans. The crashes during scans happen at different points in the scan i.e. not at the same % completion / block of files being scanned. I can still complete quick scans, and background scans complete successfully. At first I could start a new full scan and it would complete most of the time; now it crashes at every full scan. When KIS crashes, I get a notification (as expected) from Windows Defender that I should turn on Virus Protection. There have been no significant changes to my OS environment other than Win and KIS updates. I have not installed any other programmes recently. I am not running any other AVP.

Ok...seems like is only affecting 'quick/full scans'. Ran another 'selective scan' or path file and it did save on report page.

[code] System: Kernel: 5.15.0-57-generic x86_64 bits: 64 compiler: gcc v: 11.3.0 Desktop: Cinnamon 5.6.5 tk: GTK 3.24.33 wm: muffin dm: LightDM Distro: Linux Mint 21.1 Vera base: Ubuntu 22.04 jammy Machine: Type: Desktop System: Micro-Star product: MS-7D42 v: 1.0 serial: <superuser required> Mobo: Micro-Star model: MAG B660M MORTAR WIFI DDR4 (MS-7D42) v: 1.0 serial: <superuser required> UEFI: American Megatrends LLC. v: 1.40 date: 05/19/2022 Battery: Device-1: hidpp_battery_0 model: Logitech Wireless Mouse serial: <filter> charge: 55% (should be ignored) status: Discharging Device-2: hidpp_battery_1 model: Logitech Wireless Keyboard serial: <filter> charge: 55% (should be ignored) status: Discharging CPU: Info: quad core model: 12th Gen Intel Core i3-12100 bits: 64 type: MT MCP arch: Alder Lake rev: 5 cache: L1: 320 KiB L2: 5 MiB L3: 12 MiB Speed (MHz): avg: 4183 high: 4286 min/max: 800/5500 cores: 1: 4286 2: 4251 3: 4178 4: 4136 5: 4138 6: 4105 7: 4251 8: 4125 bogomips: 52838 Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx Graphics: Device-1: Intel vendor: Micro-Star MSI driver: i915 v: kernel ports: active: HDMI-A-1 empty: DP-1, DP-2, HDMI-A-2, HDMI-A-3, HDMI-A-4 bus-ID: 00:02.0 chip-ID: 8086:4692 Display: x11 server: X.Org v: 1.21.1.3 driver: X: loaded: modesetting unloaded: fbdev,vesa gpu: i915 display-ID: :0 screens: 1 Screen-1: 0 s-res: 1920x1080 s-dpi: 96 Monitor-1: HDMI-1 mapped: HDMI-A-1 model: LG (GoldStar) W2363D res: 1920x1080 dpi: 96 diag: 587mm (23.1") OpenGL: renderer: Mesa Intel Graphics (ADL-S GT1) v: 4.6 Mesa 22.0.5 direct render: Yes Audio: Device-1: Intel vendor: Micro-Star MSI driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:7ad0 Sound Server-1: ALSA v: k5.15.0-57-generic running: yes Sound Server-2: PulseAudio v: 15.99.1 running: yes Sound Server-3: PipeWire v: 0.3.48 running: yes Network: Device-1: Intel driver: iwlwifi v: kernel port: N/A bus-ID: 00:14.3 chip-ID: 8086:7af0 IF: wlo1 state: down mac: <filter> Device-2: Realtek RTL8125 2.5GbE vendor: Micro-Star MSI driver: r8169 v: kernel pcie: speed: 5 GT/s lanes: 1 port: 4000 bus-ID: 03:00.0 chip-ID: 10ec:8125 IF: enp3s0 state: up speed: 100 Mbps duplex: full mac: <filter> Bluetooth: Device-1: Intel type: USB driver: btusb v: 0.8 bus-ID: 1-14:7 chip-ID: 8087:0033 Report: hciconfig ID: hci0 rfk-id: 0 state: up address: <filter> Drives: Local Storage: total: 589.69 GiB used: 14.44 GiB (2.4%) ID-1: /dev/nvme0n1 vendor: Kingston model: SKC3000S512G size: 476.94 GiB speed: 63.2 Gb/s lanes: 4 serial: <filter> temp: 23.9 C ID-2: /dev/sda vendor: A-Data model: SU650NS38 size: 111.79 GiB speed: 6.0 Gb/s serial: <filter> ID-3: /dev/sdb type: USB vendor: Silicon Power model: silicon -power size: 983 MiB serial: <filter> Partition: ID-1: / size: 237.08 GiB used: 14.41 GiB (6.1%) fs: ext4 dev: /dev/nvme0n1p5 ID-2: /boot/efi size: 95 MiB used: 30.2 MiB (31.8%) fs: vfat dev: /dev/nvme0n1p2 Swap: ID-1: swap-1 type: file size: 2 GiB used: 0 KiB (0.0%) priority: -2 file: /swapfile USB: Hub-1: 1-0:1 info: Hi-speed hub with single TT ports: 16 rev: 2.0 speed: 480 Mb/s chip-ID: 1d6b:0002 Device-1: 1-2:2 info: Micro Star MYSTIC LIGHT type: HID driver: hid-generic,usbhid rev: 1.1 speed: 12 Mb/s chip-ID: 1462:7d42 Hub-2: 1-3:3 info: Genesys Logic Hub ports: 4 rev: 2.1 speed: 480 Mb/s chip-ID: 05e3:0610 Device-1: 1-3.4:5 info: Kingston PS2232 flash drive controller type: Mass Storage driver: usb-storage rev: 2.0 speed: 480 Mb/s chip-ID: 13fe:1f23 Device-2: 1-8:4 info: Logitech Unifying Receiver type: Keyboard,Mouse driver: logitech-djreceiver,usbhid rev: 2.0 speed: 12 Mb/s chip-ID: 046d:c534 Hub-3: 1-11:6 info: Genesys Logic Hub ports: 4 rev: 2.0 speed: 480 Mb/s chip-ID: 05e3:0608 Device-1: 1-14:7 info: Intel type: Bluetooth driver: btusb rev: 2.0 speed: 12 Mb/s chip-ID: 8087:0033 Hub-4: 2-0:1 info: Super-speed hub ports: 9 rev: 3.1 speed: 20 Gb/s chip-ID: 1d6b:0003 Hub-5: 2-2:2 info: Genesys Logic USB3.2 Hub ports: 4 rev: 3.2 speed: 10 Gb/s chip-ID: 05e3:0625 Sensors: System Temperatures: cpu: 27.8 C mobo: N/A Fan Speeds (RPM): N/A Repos: Packages: apt: 2632 No active apt repos in: /etc/apt/sources.list Active apt repos in: /etc/apt/sources.list.d/official-package-repositories.list 1: deb http: //mirrors.powernet.com.ru/mint/packages vera main upstream import backport 2: deb http: //mirror.docker.ru/ubuntu jammy main restricted universe multiverse 3: deb http: //mirror.docker.ru/ubuntu jammy-updates main restricted universe multiverse 4: deb http: //mirror.docker.ru/ubuntu jammy-backports main restricted universe multiverse 5: deb http: //security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse Info: Processes: 277 Uptime: 5m Memory: 31.08 GiB used: 1.5 GiB (4.8%) Init: systemd v: 249 runlevel: 5 Compilers: gcc: 11.3.0 alt: 11 Client: Unknown python3.10 client inxi: 3.3.13 [/code]

Is there any update on the "MR17" update? I certainly have many, many large files on the filesystems being scanned if that's the case. I've been experiencing this issue for what feels like a year or more now. Exact same symptoms as commonly reported over the last year or two. Full scan will always cause an application crash however, even when manual. System idle for many days will eventually cause a crash. Sometimes application can recover, other times application will fail to launch due to what appears to be the Kaspersky windows service locking up and cannot be restarted or stopped due to security and requires a reboot. I'm not totally comfortable submitting traces and have been watching from the sidelines.

Your app is a disgrace Kaspersky. It has been quiet for 2 days, I thought that was it, and I was minding my own business watching a movie on amazon prime when what did I get? A big popup on the bottom right covering a quarter of the screen asking me if I wanted to install Kaspersky on my mobile. Sure, there was an option for "don't ask me this again" but I have no idea how many more different messages I am going to get before this stops happening, or if it WILL stop. I am going back to the combo of defender and Malwarebytes and getting a refund on Kaspersky for a second time. There won't be a third. I have compiled a list of grievances I have with the operation of the product, that I wanted to talk to support about, specifically how you can't enable outbound internet connection notifications without enabling the main app interaction notification which notifies you about EVERYTHING an app tries to do (launch, modify registry, access said folder, etc etc). All I want is an "this app is trying to access the internet, deny or allow" but I have to click 9 different allows just to get ONE game to run, it's crazy. So anyone who wants to keep their sanity just disables all outbound notifications. Sure you can trust an app but not even that is foolproof, I have trusted HD Sentinel 100 times and it disappears from trusted on every launch and I get registry access popups, so I just gave up and disabled those notifications. Why you don't have a "depth of notifications" and for example "alert on internet access only attempt" option, in SUCH a deep program, I have no idea. You've made the outbound notifications all but useless as it stands. And who wants to completely trust every app on their system anyway? I had been compiling all the data and how it could be made more user friendly but I don't think there's a point. At this stage the program is as bad as Mcafee and Norton in the spam department and doing the things I specifically want an AV app to NEVER do. I have no idea why someone like Kaspersky who I always trusted and respected would resort to these childish tactics, but, that's it for me. All I want to know is how to remove the program with NO trace in my registry and without messing anything up that would make me think I need to format and re install windows 11. Anyone with knowledge on that? How to truly and completely uninstall this adware? (it's adware by its very definition, as I have unticked all the notification popups and it's still behaving as adware would, as I have explained. Advertising the mobile app while I am on a PC, is adware. I took pics for proof also).

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Description FDE precheck is a utility used for advanced Full Disk Encryption compatibility testing. It contains latest drivers which will be implemented in future KES releases. FDE precheck also collects diagnostic data used to fix compatibility issues. Inability to use laptop keyboard and\or touch-pad is one of the most frequently met issues. Using FDE precheck you can understand if compatibility issue was already fixed and will be included in next release or it should be addressed. You can download latest FDE precheck utility using following links: For KES 11 - https://support.kaspersky.com/14328 System requirements Single operating system should be installed on the test machine, FDE Precheck can't properly function on a host with multiple operating systems. Use administrative account to run the utility. Read before proceeding Decrypt the test host and remove Kaspersky Endpoint Security and AES module. Do a backup of the critical data on the test machine. Follow the test sequence exactly as stated below. Do not manually stop the execution of the utility. The system will automatically restart several times, it is an expected behavior. Plug in laptop. Do not run test on battery. Failure to comply with steps above may lead to unpredictable consequences. Test sequence Make sure machine decrypted does not have KES or AES module installed not running any KL drivers has no critical data plugged in Reboot. Copy and unpack fde_precheck.zip archive. Run elevated fde_precheck.exe (either by right-clicking and choosing Run as administrator or by starting it from an elevated command prompt). If the program will not find any incompatibilities the following message box will appear: Press Yes, to initiate installation of the encryption drivers and initiation of the test. Wait for the automatic reboot, then login using the administrative user as was done earlier. Press OK on the pop-up that will appear shortly after the reboot: Press Yes in the UAC window if it will appear shortly after. Wait for several minutes (up to 10-15 minutes) until next automatic reboot will occur. Do not initiate reboot manually! It will be done automatically. Manual reboot at this stage may result in corruption of the OS. All preparations are run in background, it is normal that there will be no indication of activity on the desktop. After automatic reboot you will see the preboot agent, and it will require human presence to complete those tests. If possible, record the whole process on a camera of smartphone. You will be asked to enter random keystrokes using the keyboard and mouse. In case of successful keystroke registration you will see something like that: Just follow the instructions that will appear on the screen and press "NEXT >" when done with each test. In case FDE Precheck Preboot agent will fail booting or will freeze at some point, please take photo of the error message, or record the whole process on a camera and reboot the machine if necessary. OS will boot either way. Login using the administrative account that was used earlier. At this point drivers will be removed in the background and host will be rebooted one last time automatically. Wait for several minutes (up to 10-15 minutes) until next automatic reboot will occur. Do not initiate reboot manually! It will be done automatically. Manual reboot at this stage may result in corruption of the OS. All preparations are run in background, it is normal that there will be no indication of activity on desktop. The following three files are always created. All three files are mandatory to provide for analysis. fde_precheck_report.txt fde_precheck.log (will be located in the folder with fde_precheck.exe) Description of what have happened during tests (with screenshots and video if possible).

Dear Sir, Thank you very much for your quick respose. I couldn't find this particular page - yashasviworld . com/products?id=7&data_from=brand&page=1 as mentioned in your reply. Can you please confirm whether this script is in database or in Webpage.

Hello @Wesly.Zhang, 100%. We raised an incident, the TS agent said it cannot be disabled, the TS Supervisor said it cannot be disabled, they also sent it to HQ, the HQ experts said it cannot be disabled. HQ response in total was: quote On-screen keyboard is not a component that can be disabled, it is additional feature that customer can launch (or not) via hotkey combination. Hotkey combination can be disable opening on-screen keyboard feature in Settings - Additional - uncheck option "Open On-Screen keyboard by typing CTRL+SHIFT+ALT+P". end quote Unchecking the hotkey sequence does not disable On-screen/virtual keyboard. Why? Because it’s impossible to do so. There is no disable On-screen/virtual keyboard option in any of Kaspersky’s home AV. Have you found a way to disable On-screen/virtual keyboard, (apart from a registry hack) @Wesly.Zhang ? Thank you🙏 Flood🐳+🐋

Hello I can launch the rescue disk from the USB thumbstick but when I try to launch the Kasperky Rescue Tool it will not launch, nothing happens. I tried to double click the icon and also right click then execute but nothing happens. I tried from the limited graphic mode option also and the same result. The only thing I can do from the GUI is restart it. I attached the hardware information file to this thread. My aim was to scan UEFI for any embedded malware or rootkits. Also I have Kaspersky AV is that sufficient enough to scan UEFI for malware or rootkits? Forgot to mention getting these errors in popup boxes: plugin “Date Time” unexpectedly left panel plugin “Keyboard Layouts” unexpectedly left panel plugin “CPU Graph” unexpectedly left the panel Also I was able to launch the USB from another PC and it had me accept a EULA agreement. The computer I can’t launch it from did not have the EULA agreement on the screen… maybe its a resolution issue and the EULA is not on the screen for me to accept. Only thing I can think of is to disable my Video card in EUFI and plug directly into the integrated graphics port...unless there is another way to change resolution on the fly without me disabling my graphics card…. ??? Thanks for any help.

Hello @KIS21User, Welcome back! 1. Don't be frightened! 2. Spinme is shipped with the Touchpal default keyboard. 3. IF you haven't already -> back up the phone: contacts, sms, calendars, whatever you consider important! 4. Disable the TouchPal keyboard and replace it with the Gboard – the Google Keyboard app, follow the steps below: Open the phone Settings menu. Tap on Settings Scroll thru to find Apps or Apps manager. Tap on Apps, or App Manager. Find and tap on TouchPal. The Apps screen with all the installed apps will open. Scroll thru until you find the TouchPal app. Tap on Touchpal to open TouchPal Details Select Force Stop -> allow it to STOP. Select Uninstall -> allow the uninstall to complete. At that point Google Keyboard should have replaced Touchpal? Shutdown, power OFF, the phone, leave it OFF for 3 minutes. Power ON, login. Check if the Spinme issue is resolved? Yes? Excellent, work, well done? No?, IF KIS is a Premium subscription, not Free, Beta, or Trial, please contact Support, on the support page, select either Chat or Email, then fill in Malware, I suspect my device is infected; Support may request logs, traces & other data; they will guide you. Please share the outcome with the Community, when it's available? Regarding: Is there a chance Kaspersky for Android will receive an update that erases this thing? The distributors of the patches for Touchpal should not be distributing "dirty' patches. And maybe preventing TouchPal from downloading unwanted apps in the future? IF you log the case with Support, you may wish to discuss this with them. Thank you? Flood?+?

Hello @cesarD, Thank you for posting back & the information! IF (you) are taking screenprints with the Safe Money browser open & pressing the Print-Screen Key on the Keyboard - according to the experts from HQ this is working exactly as per design = it's working properly in all elements, however, IF (you're) using a *print-screen* function from a third-party application & the Safe Money browser & the images shows an image(s), i.e., the screen is not black - according to the HQ experts - this is *not* working as designed. This information is also documented for v21.3, v21.6, v21.7 etc, etc.... Thank you? Flood?+?

Hello @cesarD & @nexon, We've discussed this issue in a logged case - in the past with HQ: SafeMoney & PrintScreen do work & SafeMoney, On-Screen Keyboard & PrintScreen also do work, i.e. screen-prints are not *black*. HQ experts advised: "software-based screen capture activities are blocked. The ability to take a screenshot is only possible by physically pressing the "PrtScr" key when it is needed by the user at the computer." @cesarD, we agree with @nexon, IF Kaspersky Standand is available in (your) region, it's advisable to upgrade. The software is available to download from this link: https://www.kaspersky.com/downloads#update-product. Kaspersky has replaced KIS & with Kaspersky Standard, there's no information available atm as to when KIS will be withdrawn; information about the *new* software range can be read here: Kaspersky: Basic, Standard, Plus, Premium - info & FAQ, by Danila T. Any questions or issues, please post back? Thank you? Flood?+?

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Using EDR, you may encounter an issue where you're unable to view incident card regarding a detection in KSC Web Console. It looks like this: Here we will discuss known causes of such behavior (several products are involved, so causes may be different). Possible causes and solutions MDR In MDR, incidents are to be viewed using the dedicated MDR Console, and KSC version 13 and newer with configured MDR plug-in. KSC 12.* Web Console will not receive the data; this is expected behavior. KES+KEA If you first install KES without EA component, and then a standalone KEA package, KES EDRO integration will be disabled and killchain will not work. Here is a quick way to determine if KEA was installed as a component of KES. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] "AntiAPTFeature" = "1" If the value is 0, proceed to the workaround to enable the component as described below. To fix this, we ran Change application components task on the host, enabling Endpoint Agent in KES. If KES/KEA integration is configured correctly, we can find the following in KES traces: 12:08:37.426 0x2a18 INF edr_etw Start processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, recordId = 6, taskId = 1128, result = 0 12:08:37.426 0x2a18 INF edr_etw Start processing actions = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, action = 4, recordId = 6, taskId = 1128, edrAction = 3489660999, result = 0 12:08:37.442 0x2a18 INF edr_etw Killchain is enabled! 12:08:37.442 0x2a18 INF edr_etw SystemWatcher is running! 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect end 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds end 12:08:37.442 0x2a18 INF edr_etw Finish processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com threat status = 1, recordId = 6, taskId = 1128,result = 0 12:08:37.458 0x1f18 INF edr_etw Finish processing AV detect result = 0 Searching for ThreatID in KEA traces: 12:08:37.426 0x2a18 INF amfcd ThreatsProcessingEventsLogic::OnTreatActionImpl: ctx:0x23d68510 [TI 0x1b8dd490: id = 0x6, : tdid = {7F620459-6C51-9E46-9A5D-689A9B0D0098}, name = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, add info: <none>, 0x0] 0x4 0x0 KES+KEA (upgrade from KESB to EDR Optimum) EDR Optimum requires KSC 12.1 or newer to work. This includes the Network Agent, which is a part of KSC, and is generally installed on the host alongside KES. Using an outdated version of Network Agent (10.5, 11, etc.) will lead to the mentioned error when opening incident cards. If Network Agents were not upgraded along KSC, it's better upgrading them for EDR Optimum. KES 11.7+ Check that EDR Optimum feature is enabled in registry (GSI > Registry > HKLM_Software_Wow6432Node_KasperskyLab.reg.txt ). [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] EdrOptimumFeature = 1 If value is 0, run Change application components task on the host, enabling EDR Optimum in KES. Also in traces (*.SRV.log) you can search for sentence bundles::InstalledFeaturesProvider::InstalledFeaturesProvider and check that EDROptimumFeature is there, for instance in example below such component is missing KES.21.9.6.465_05.18_14.00_3952.SRV.log 11:00:36.897 0x26a0 INF bundles::InstalledFeaturesProvider::InstalledFeaturesProvider{ 3 (AVScannerAndCoreFeature) 28 (AdaptiveAnomaliesControlFeature) 0 (AdminKitConnectorFeature) 24 (AdvancedThreatProtectionFeature) 27 (AmsiFeature) 7 (ApplicationControlFeature) 17 (BehaviorDetectionFeature) 30 (CloudControlFeature) 4 (CriticalScanTask) 6 (DeviceControlFeature) 23 (EssentialThreatProtectionFeature) 11 (ExploitPreventionFeature) 8 (FileThreatProtectionFeature) 19 (FirewallFeature) 5 (FullScanTask) 2 (HostIntrusionPreventionFeature) 16 (MailThreatProtectionFeature) 14 (NetworkThreatProtectionFeature) 12 (RemediationEngineFeature) 25 (SecurityControlsFeature) 18 (UpdaterTask) 21 (WebControlFeature) 20 (WebThreatProtectionFeature) 22 (WholeProductFeature) } KSWS+KEA The same rule applies: KEA component needs to be installed in KSWS. KSWS does not have a "Change application components" task in KSC, so this has to be taken into account during KSWS deployment. Here is a quick way to determine if KEA was installed as a component of KSWS. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\Software\Wow6432Node\KasperskyLab\\WSEE\11.0\Install] "Features"="AntiCryptorNAS=0;AntiCryptor=0;AntiExploit=0;AppCtrl=0;AVProtection=0;DevCtrl=0;Fim=0;Firewall=0;ICAPProt=0;IDS=0;Ksn=0;LogInspector=0;Oas=0;Ods=0;RamDisk=0;RPCProt=0;ScriptChecker=0;Soyuz=0;WebGW=0" (Soyuz needs to be set to 1) If Soyuz is set to 0, apply workaround to enable it. KSWS allows to change its components locally or via cli. Here is the example of how to set Soyuz=1 when KEA was installed not as a component of KSWS: 1. Locate ks4ws_x64.msi or ks4ws.msi (depends on OS architecture) 2. Create custom installation package based on ks4ws_x64.msi or ks4ws.msi from p.1 with parameters as per screenshot (add UNLOCK_PASSWORD= if KSWS is protected by password in policy) 3. Deploy package on problematic servers with KSWS and KEA, then check registry that Soyuz=1 4. Check host's properties at KSC side - EDRO should be in Running state in KEA If KSWS/KEA integration is configured correctly, we can find the following in KSWS traces: 19:57:04.577 7a8 1310 info [edr] Published ThreadDetected: VerdictName : HEUR:Win32.Generic.Suspicious.Access RecordId : 0 DatabaseTime : 18446744073709551615 ThreatId : {ffb58079-6d8d-4a62-8ab0-021ff4ed61c5} IsSilent : false Technology : 3489661023 ProcessingMode : 3489660948 ObjectType : 3489660934 ObjectName : C:\Windows\System32\wbem\WmiPrvSE.exe Md5 : e1bce838cd2695999ab34215bf94b501 Sha256 : 1d7b11c9deddad4f77e5b7f01dddda04f3747e512e0aa23d39e4226854d26ca2 UniquepProcessId: 0xf7c807730e051a0d NativePid : 3360 CommandLine : AmsiScanType : AmsiScanBlob : FileCreationTime: 1601-01-06T23:09:56.075520800Z Searching for ThreatID in KEA traces: 19:57:05.583 704 9b0 debug [bl] ThreatsHandler: detect v2 verdictName: HEUR:Win32.Generic.Suspicious.Access detectTechnology: 0xd000005f processingMode: 0xd0000014 objectType: 0xd0000006 objectName: C:\Windows\System32\wbem\WmiPrvSE.exe nativePid: 3360 uniquePid: 17854528913448180237 nativePidTelemetry: 3360 uniquePidTelemetry: 17854528913448180237 downloaderUniqueFileId: <none> downloadUrl: <none> isSilentDetect: false threatId: ffb58079-6d8d-4a62-8ab0-021ff4ed61c5 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59675, processed=59675, dropped=0, queueBytes=191 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59676, processed=59676, dropped=0, queueBytes=132 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59677, processed=59677, dropped=0, queueBytes=371 19:57:05.583 704 9b0 debug [bl] Threats Handler: event processed, id = 2 19:57:05.584 704 1fc debug [killchain] Message discarded: name = ThreatDetect The verdict is Message discarded, this means the detection won't trigger killchain generation. No such entries can be found in traces, which might mean that EPP integration is not configured correctly (EDR component is disabled in KSWS). Check killchain presence on the host If all pre-requisites are met, it's worth checking if killchain files are actually created on the host. To check that, run cmd.exe as Administrator and check the c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects folder contents. Archives with <threat_id>.zip names should be present in the folder: C:\WINDOWS\system32>dir "c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects" Volume in drive C has no label. Volume Serial Number is 8010-ADC0 Directory of c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects 08/16/2021 12:20 PM <DIR> . 08/16/2021 12:20 PM <DIR> .. 08/16/2021 09:34 AM 636 0349c190-4ac3-4da4-9b64-07835298660f.zip //this is an archive with killchain info 08/16/2021 12:18 PM 696 1d306aa7-f37f-4ab2-969e-d337d398a995.zip 08/16/2021 09:34 AM 637 23a5dc93-5776-43c8-b949-79c102aa1184.zip 08/16/2021 12:19 PM 691 27bc9ea3-200b-49d2-b8b0-df7954cd428a.zip 08/16/2021 12:19 PM 683 40673c70-9e8e-420f-b5ce-65b406862b94.zip 08/16/2021 12:19 PM 688 590b6e30-4509-4b25-bdb0-062f89b7e062.zip 08/16/2021 12:20 PM 693 67993612-dc82-45a2-9e5b-74756adc46eb.zip 08/16/2021 12:20 PM 685 6a892bd1-f452-42d0-80b0-cb953cd7fc26.zip 08/16/2021 12:19 PM 686 a63fbafa-fcef-46f7-935f-42be4392a172.zip 08/16/2021 12:19 PM 699 d9d4f5eb-42b2-4460-8f8a-eb63bbef8791.zip 08/16/2021 12:19 PM 686 f6042624-9840-4a6e-9b30-9270cce22236.zip 11 File(s) 7,480 bytes 2 Dir(s) 240,763,092,992 bytes free

Thanks , yeah sorry for being paranoid . I finally managed to launch the KasperSky Plus . Only because i launched the VPN on my windows machine . It's a very cool software indeed ! I still sent a request for refund to customer support since i can't always rely on vpn , i hope they can understand my paranoid and weird words . Anyways i have a small problem now , I am trying to connect to offsec 's website using Kali linux 's virtual machine , but the vpn keeps failling (Openvpn) . However the vpn on my windows machine works perfectly fine , Any idea if kaspersky implements any kind of protections against the traffic coming out from Kali or the virtual machine itself ?? Thanks

That's an enough powered system to get those issues are getting ? About the detection of Your 1st post: PowerShell it's a Windows legit app, but it's true that it can be abused to execute malicious activity in the system, Kaspersky in those cases, can't delete PowerShell for obvious reasons, but blocks the malicious activity or any other malicious files spawned about that abuse... I never run Full Scans in my system, that's so crazy at best, and in a new system with all new files it may take hours... I run Quick Scans adding in the scope the folders: And with these tweaked settings: Security Level -> Extreme And enabling these settings: In Full Scan settings, you may enable this settings, to run it faster the later scannings: Just because progress remains at 1% for a long time does not mean that it has stopped or frozen there, that % may eventually be updated

1.Modified firmware found The modified firmware may contain critical security vulnerabilities. Some apps could get additional permissions and send your sensitive data to third parties. The modified firmware could cause an irreversible device malfunction. 找到修改后的固件 修改后的固件可能包含严重的安全漏洞。某些应用可能会获得其他权限，并将您的敏感数据发送给第三方。修改后的固件可能会导致不可逆转的设备故障。 2.Turn off accessibility for unknown apps Accessibility gives an app access to the data that you enter, such as text or web addresses, and gives it access to the keyboard and microphone. For your data security, you are advised to turn off accessibility for unknown apps. 关闭未知应用的辅助功能 辅助功能使应用能够访问您输入的数据（如文本或网址），并允许其访问键盘和麦克风。为了您的数据安全，建议您关闭未知应用程序的可访问性。 怎么在，在设备上本地修复此问题

thank you for the quick response but sorry i think i might have incorrectly descibed about the issue i can launch steam or epic games but it doesn't have an internet connection. it says it cant reach the servers but after disabling it it can. the website of steam do work fine just the app doesn't so it doesn't let me launch games either

Every second word about MBAM. Please stop. This is kaspersky forum not MBAM.. You wrote that you are experienced in many forums but you need learn basics on forum. If antivirus is not included in av comparatives test that means company of anitivirus dont want test it because they know that it is in poor shape (means bad protection, or mabye bad performance, many false positives etc).. I really dont want mentione a company bud i remember one german company was verry popular 20 years back... But now is missing in tests (still exists company but in tests is missing) why? Read above... As we wrote every antivirus have a special part (kaspersky have great detection behavioral, ksn cloud, Quick detection, anti ransomware detection etc)

Hello Berny, In the past i tested this version you suggested me to download but i had some problems with onscreen keyboard, and the issue was i can't put some accents on some fields from my Home Banking! My last name as an accent and my user name needs this accent to work. I asked some help in the topic bellow. "My onscreen keyboard doesn't work on my bank site i can't fill the user and password using onscreen keyboard." And the conclusion was i had to get back to previous version Kaspersky security cloud free because there was no European version available at that time! That's the reason why i asked if you know something. Best regards. Hugop

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Description and cautions This article describes how to configure dump for capturing memory dumps, including application memory. To create a memory dump of a virtual machine: HOWTO: Get a memory dump of a virtual machine from its hypervisor. Details The recommended text editor is nano, below is a quick tutorial on how to use it if you are using it for the first time. Quick description of nano's basic functions Configure kdump Altlinux There is no kdump-tools package in the default repository, so it has to be downloaded from the sisyphus repository: Go to https://packages.altlinux.org/en/sisyphus/srpms/kdump-tools/ In List of rpms provided by this srpm select the kdump-tools package for the required architecture (can be checked by running uname -m) Download the package from the Download link Install it by running apt-get update && apt-get install <path to the downloaded rpm> After that, follow the Debian instruction from Edit /etc/default/kdump-tools step Red Hat based distributions (tested on Fedora 38, Rocky Linux 9, Red OS) Install kexec-tools sudo dnf install kexec-tools Edit /etc/kdump.conf. In the configuration file edit the core_collector setting: option -d should be set to 17 instead of 31 Edit /etc/default/grub. Edit GRUB_CMDLINE_LINUX, add crashkernel=256M to reserve enough RAM for the dump kernel to run, and nmi_watchdog=1, to capture a dump in case of a system hang Run sudo grub2-mkconfig -o /boot/grub2/grub.cfg Reboot Enable kdump service sudo systemctl enable --now kdump.service Debian based distributions (tested on Debian, Astra CE, Alt Linux) Install kdump-tools sudo apt update && sudo apt install kdump-tools -y Edit /etc/default/kdump-tools. In the configuration file edit the MAKEDUMP_ARGS variable: option -d should be set to 17 instead of 31 Configure the bootloader In /etc/default/grub edit GRUB_CMDLINE_LINUX_DEFAULT, add nmi_watchdog=1 to capture a dump in case of a system hang In /etc/default/grub.d/kdump-tools.cfg change crashkernel value to 384M-:256M (default is 384M-:128M) Expected result: GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT crashkernel=384M-:256M" Save and run sudo update-grub SUSE Linux Install kdump sudo zypper in kdump kexec-tools Edit /etc/sysconfig/kdump Change KDUMP_DUMPLEVEL variable to 17 Edit /etc/default/grub Edit GRUB_CMDLINE_LINUX_DEFAULT, add crashkernel=256M to reserve enough RAM for the dump kernel to run, and nmi_watchdog=1, to capture a dump in case of a system hang Update the bootloader configuration sudo grub2-mkconfig -o /boot/grub2/grub.cfg Reboot Enable kdump service sudo systemctl enable --now kdump.service Configure SysRq dump trigger To enable SysRq trigger, these key combinations 'kernel.sysrq = 8'(without quotes) has to be added to /etc/sysctl.conf. In SUSE the value of kernel.sysrq has to be changed in /usr/lib/sysctl.d/50-default.conf instead of /etc/sysctl.conf Reboot or run sudo sysctl --system After the set up above is complete, to manually trigger a dump press Alt+SysRq, Alt+C. Alternatively: echo 8 | sudo tee /proc/sys/kernel/sysrq (Command above is only needed if kernel.sysrq is not set in /etc/sysctl.conf) echo c | sudo tee /proc/sysrq-trigger Location of the dump files may vary between different Linux versions, it is configurable in the kdump configuration file. In Debian based distributions it is set by KDUMP_COREDIR variable. In Red Hat based distributions it is set by the path setting, generally the default location is /var/crash. Make sure that the dump folder has enough free space for the dump to be written. You may search by filemask: vmcore.