Search the Community

Hello, Im having a problem with a website, where i get an rerror code when trying to go to check out. Here is the rerror code: HEUR:Trojan-PSW.Script.Generic. I also get this message: Prevented the download of a malicious file or other object designed to infect your computer with malware that will slow it down, destroy your system, or cause other problems. We protected you from downloading this object. You can safely close this window. The problem is that i have never had an issue with website before. here is link to the page https://www.hijabhus.com/quick-order. Could this maybe be a false flag?

[code] System: Kernel: 5.15.0-57-generic x86_64 bits: 64 compiler: gcc v: 11.3.0 Desktop: Cinnamon 5.6.5 tk: GTK 3.24.33 wm: muffin dm: LightDM Distro: Linux Mint 21.1 Vera base: Ubuntu 22.04 jammy Machine: Type: Desktop System: Micro-Star product: MS-7D42 v: 1.0 serial: <superuser required> Mobo: Micro-Star model: MAG B660M MORTAR WIFI DDR4 (MS-7D42) v: 1.0 serial: <superuser required> UEFI: American Megatrends LLC. v: 1.40 date: 05/19/2022 Battery: Device-1: hidpp_battery_0 model: Logitech Wireless Mouse serial: <filter> charge: 55% (should be ignored) status: Discharging Device-2: hidpp_battery_1 model: Logitech Wireless Keyboard serial: <filter> charge: 55% (should be ignored) status: Discharging CPU: Info: quad core model: 12th Gen Intel Core i3-12100 bits: 64 type: MT MCP arch: Alder Lake rev: 5 cache: L1: 320 KiB L2: 5 MiB L3: 12 MiB Speed (MHz): avg: 4183 high: 4286 min/max: 800/5500 cores: 1: 4286 2: 4251 3: 4178 4: 4136 5: 4138 6: 4105 7: 4251 8: 4125 bogomips: 52838 Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx Graphics: Device-1: Intel vendor: Micro-Star MSI driver: i915 v: kernel ports: active: HDMI-A-1 empty: DP-1, DP-2, HDMI-A-2, HDMI-A-3, HDMI-A-4 bus-ID: 00:02.0 chip-ID: 8086:4692 Display: x11 server: X.Org v: 1.21.1.3 driver: X: loaded: modesetting unloaded: fbdev,vesa gpu: i915 display-ID: :0 screens: 1 Screen-1: 0 s-res: 1920x1080 s-dpi: 96 Monitor-1: HDMI-1 mapped: HDMI-A-1 model: LG (GoldStar) W2363D res: 1920x1080 dpi: 96 diag: 587mm (23.1") OpenGL: renderer: Mesa Intel Graphics (ADL-S GT1) v: 4.6 Mesa 22.0.5 direct render: Yes Audio: Device-1: Intel vendor: Micro-Star MSI driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:7ad0 Sound Server-1: ALSA v: k5.15.0-57-generic running: yes Sound Server-2: PulseAudio v: 15.99.1 running: yes Sound Server-3: PipeWire v: 0.3.48 running: yes Network: Device-1: Intel driver: iwlwifi v: kernel port: N/A bus-ID: 00:14.3 chip-ID: 8086:7af0 IF: wlo1 state: down mac: <filter> Device-2: Realtek RTL8125 2.5GbE vendor: Micro-Star MSI driver: r8169 v: kernel pcie: speed: 5 GT/s lanes: 1 port: 4000 bus-ID: 03:00.0 chip-ID: 10ec:8125 IF: enp3s0 state: up speed: 100 Mbps duplex: full mac: <filter> Bluetooth: Device-1: Intel type: USB driver: btusb v: 0.8 bus-ID: 1-14:7 chip-ID: 8087:0033 Report: hciconfig ID: hci0 rfk-id: 0 state: up address: <filter> Drives: Local Storage: total: 589.69 GiB used: 14.44 GiB (2.4%) ID-1: /dev/nvme0n1 vendor: Kingston model: SKC3000S512G size: 476.94 GiB speed: 63.2 Gb/s lanes: 4 serial: <filter> temp: 23.9 C ID-2: /dev/sda vendor: A-Data model: SU650NS38 size: 111.79 GiB speed: 6.0 Gb/s serial: <filter> ID-3: /dev/sdb type: USB vendor: Silicon Power model: silicon -power size: 983 MiB serial: <filter> Partition: ID-1: / size: 237.08 GiB used: 14.41 GiB (6.1%) fs: ext4 dev: /dev/nvme0n1p5 ID-2: /boot/efi size: 95 MiB used: 30.2 MiB (31.8%) fs: vfat dev: /dev/nvme0n1p2 Swap: ID-1: swap-1 type: file size: 2 GiB used: 0 KiB (0.0%) priority: -2 file: /swapfile USB: Hub-1: 1-0:1 info: Hi-speed hub with single TT ports: 16 rev: 2.0 speed: 480 Mb/s chip-ID: 1d6b:0002 Device-1: 1-2:2 info: Micro Star MYSTIC LIGHT type: HID driver: hid-generic,usbhid rev: 1.1 speed: 12 Mb/s chip-ID: 1462:7d42 Hub-2: 1-3:3 info: Genesys Logic Hub ports: 4 rev: 2.1 speed: 480 Mb/s chip-ID: 05e3:0610 Device-1: 1-3.4:5 info: Kingston PS2232 flash drive controller type: Mass Storage driver: usb-storage rev: 2.0 speed: 480 Mb/s chip-ID: 13fe:1f23 Device-2: 1-8:4 info: Logitech Unifying Receiver type: Keyboard,Mouse driver: logitech-djreceiver,usbhid rev: 2.0 speed: 12 Mb/s chip-ID: 046d:c534 Hub-3: 1-11:6 info: Genesys Logic Hub ports: 4 rev: 2.0 speed: 480 Mb/s chip-ID: 05e3:0608 Device-1: 1-14:7 info: Intel type: Bluetooth driver: btusb rev: 2.0 speed: 12 Mb/s chip-ID: 8087:0033 Hub-4: 2-0:1 info: Super-speed hub ports: 9 rev: 3.1 speed: 20 Gb/s chip-ID: 1d6b:0003 Hub-5: 2-2:2 info: Genesys Logic USB3.2 Hub ports: 4 rev: 3.2 speed: 10 Gb/s chip-ID: 05e3:0625 Sensors: System Temperatures: cpu: 27.8 C mobo: N/A Fan Speeds (RPM): N/A Repos: Packages: apt: 2632 No active apt repos in: /etc/apt/sources.list Active apt repos in: /etc/apt/sources.list.d/official-package-repositories.list 1: deb http: //mirrors.powernet.com.ru/mint/packages vera main upstream import backport 2: deb http: //mirror.docker.ru/ubuntu jammy main restricted universe multiverse 3: deb http: //mirror.docker.ru/ubuntu jammy-updates main restricted universe multiverse 4: deb http: //mirror.docker.ru/ubuntu jammy-backports main restricted universe multiverse 5: deb http: //security.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse Info: Processes: 277 Uptime: 5m Memory: 31.08 GiB used: 1.5 GiB (4.8%) Init: systemd v: 249 runlevel: 5 Compilers: gcc: 11.3.0 alt: 11 Client: Unknown python3.10 client inxi: 3.3.13 [/code]

It appears that all Kaspersky extensions ✅ can in fact be installed without searching for them through the Chrome/Edge/Firefox extension stores! I was only aware of this now and I will explain it below since it wasn't very clear even to me who I've been using Kaspersky products for many years. To install Kaspersky Protection extension: Open your Kaspersky for Windows app, search for "extension" in the search box, and there you will find all the extension-related info. I already had all the extensions installed, so I made a quick test by deleting KP extension for Firefox, but it was still stuck to "On" even when I restarted Kaspersky Plus & Firefox. However, once I restarted both apps I got a Windows pop up from Kaspersky Plus asking to install the extension for Firefox. If you weren't successful with installing the extension this way, just install it through the link here (link is alive when writing this post): https://chromewebstore.google.com/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm For more info: https://support.kaspersky.com/common/start/12782#block4 To install Kaspersky Password Manager extension: Open your KPM for Windows > Settings > Browsers, then just click on install from there. I tested it on Firefox by deleting my extension then re-installing it through here. It started downloading the extension by itself and I was able to install it like usual. Hopefully things will continue working nicely like this for all of us who are not living in USA! I can't verify if this will work for US-residents, so maybe someone try this and let us know? Thanks to everyone who tried to help. This thread is now solved.

I woke up Thursday morning to find UltraAV on my PC and didn't know what it was or where it came from. A quick search of the name and I was able to figure out what happened from all the irate people that were in my same situation. To say I am beyond disappointed in Kaspersky is an understatement. I swore by your product for almost a decade and was pretty pissed off when I found out about the US forcing you out of the market. That said, this little stunt with UAV destroyed any sympathy or good will I had for you guys. My PC crashed 8 times in two days and locked-up or failed to reboot countless times. Attempts to roll back to restore points failed, attempts to restore a backup image failed. I lost 1/2 a day from work screwing with the PC until finally I was able to boot it into safe mode and remove that abomination of an AV utility. I now get to lose my Saturday tomorrow doing the same on my kids and wife's PCs. I cannot stress in any more plain English than this move royally pissed me off. Please fire any bone-headed executives or managers s that approved or followed orders to execute such a stupid action without so much as a popup asking people if they were OK with installing a third party's utility.

Your app is a disgrace Kaspersky. It has been quiet for 2 days, I thought that was it, and I was minding my own business watching a movie on amazon prime when what did I get? A big popup on the bottom right covering a quarter of the screen asking me if I wanted to install Kaspersky on my mobile. Sure, there was an option for "don't ask me this again" but I have no idea how many more different messages I am going to get before this stops happening, or if it WILL stop. I am going back to the combo of defender and Malwarebytes and getting a refund on Kaspersky for a second time. There won't be a third. I have compiled a list of grievances I have with the operation of the product, that I wanted to talk to support about, specifically how you can't enable outbound internet connection notifications without enabling the main app interaction notification which notifies you about EVERYTHING an app tries to do (launch, modify registry, access said folder, etc etc). All I want is an "this app is trying to access the internet, deny or allow" but I have to click 9 different allows just to get ONE game to run, it's crazy. So anyone who wants to keep their sanity just disables all outbound notifications. Sure you can trust an app but not even that is foolproof, I have trusted HD Sentinel 100 times and it disappears from trusted on every launch and I get registry access popups, so I just gave up and disabled those notifications. Why you don't have a "depth of notifications" and for example "alert on internet access only attempt" option, in SUCH a deep program, I have no idea. You've made the outbound notifications all but useless as it stands. And who wants to completely trust every app on their system anyway? I had been compiling all the data and how it could be made more user friendly but I don't think there's a point. At this stage the program is as bad as Mcafee and Norton in the spam department and doing the things I specifically want an AV app to NEVER do. I have no idea why someone like Kaspersky who I always trusted and respected would resort to these childish tactics, but, that's it for me. All I want to know is how to remove the program with NO trace in my registry and without messing anything up that would make me think I need to format and re install windows 11. Anyone with knowledge on that? How to truly and completely uninstall this adware? (it's adware by its very definition, as I have unticked all the notification popups and it's still behaving as adware would, as I have explained. Advertising the mobile app while I am on a PC, is adware. I took pics for proof also).

Thanks for the quick explanation but i did same steps like you. Downloaded to my Windows computer (Windows 10 - i don't think it's relevant with 10 or 11) and not detected. And then i copied that from Downloads to Desktop and still not detected. Not deleted. I wish i would record a video about this but i only took screenshot. By the way console_zero.exe needs some libraries like in that error. Malware is downloading some libraries and executing itself. If you want re-procedure the attack simulation i can help you. Also we prepared a report an analysis report about this malware type. Anyway, let's wait the final verdict and see how it's going. But as i said before i copied the malware and it didn't detect. My KP version is 21.18.5.438(a)

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. This article is about Kaspersky Endpoint Security for Windows (KES for Windows) Description FDE precheck is a utility used for advanced Full Disk Encryption compatibility testing. It contains latest drivers which will be implemented in future KES releases. FDE precheck also collects diagnostic data used to fix compatibility issues. Inability to use laptop keyboard and\or touch-pad is one of the most frequently met issues. Using FDE precheck you can understand if compatibility issue was already fixed and will be included in next release or it should be addressed. You can download latest FDE precheck utility using following links: For KES 11 - https://support.kaspersky.com/14328 System requirements Single operating system should be installed on the test machine, FDE Precheck can't properly function on a host with multiple operating systems. Use administrative account to run the utility. Read before proceeding Decrypt the test host and remove Kaspersky Endpoint Security and AES module. Do a backup of the critical data on the test machine. Follow the test sequence exactly as stated below. Do not manually stop the execution of the utility. The system will automatically restart several times, it is an expected behavior. Plug in laptop. Do not run test on battery. Failure to comply with steps above may lead to unpredictable consequences. Test sequence Make sure machine decrypted does not have KES or AES module installed not running any KL drivers has no critical data plugged in Reboot. Copy and unpack fde_precheck.zip archive. Run elevated fde_precheck.exe (either by right-clicking and choosing Run as administrator or by starting it from an elevated command prompt). If the program will not find any incompatibilities the following message box will appear: Press Yes, to initiate installation of the encryption drivers and initiation of the test. Wait for the automatic reboot, then login using the administrative user as was done earlier. Press OK on the pop-up that will appear shortly after the reboot: Press Yes in the UAC window if it will appear shortly after. Wait for several minutes (up to 10-15 minutes) until next automatic reboot will occur. Do not initiate reboot manually! It will be done automatically. Manual reboot at this stage may result in corruption of the OS. All preparations are run in background, it is normal that there will be no indication of activity on the desktop. After automatic reboot you will see the preboot agent, and it will require human presence to complete those tests. If possible, record the whole process on a camera of smartphone. You will be asked to enter random keystrokes using the keyboard and mouse. In case of successful keystroke registration you will see something like that: Just follow the instructions that will appear on the screen and press "NEXT >" when done with each test. In case FDE Precheck Preboot agent will fail booting or will freeze at some point, please take photo of the error message, or record the whole process on a camera and reboot the machine if necessary. OS will boot either way. Login using the administrative account that was used earlier. At this point drivers will be removed in the background and host will be rebooted one last time automatically. Wait for several minutes (up to 10-15 minutes) until next automatic reboot will occur. Do not initiate reboot manually! It will be done automatically. Manual reboot at this stage may result in corruption of the OS. All preparations are run in background, it is normal that there will be no indication of activity on desktop. The following three files are always created. All three files are mandatory to provide for analysis. fde_precheck_report.txt fde_precheck.log (will be located in the folder with fde_precheck.exe) Description of what have happened during tests (with screenshots and video if possible).

Thank you for the quick reply. I work with customers. This is a bad handoff 100% that KAV doesn't know what to do. As the software is continuing to re-install on its own, despite deleting the files out of the UAV folder and Uninstall, how is it installing over and over? Are they coming through my connect with KAV in a sense? This is extremely suspicious, and not secure. Check here for others with the same issue https://www.reddit.com/r/antivirus/

Hello @viper69, Welcome! Unfortunately we don't have any guidelines for UltraAV, nor the total force silent migration, but, having a quick look at the UltraAV website they have: How to uninstall Ultra Antivirus on Windows 11 -> we have *no idea* if that will remove the software permanently - all we can suggest is to please follow it & if there's any issues please log a request with Kaspersky Customer Service - https://support.kaspersky.com/b2c#contacts , they have access to (your) subscription & private information, for privacy reasons, the Kaspersky Community doesn't -> on the support page, select either Email or Chat, then fill in the template as shown - *select (your) Kaspersky software (1) from the drop-down list*; (there's no templates available to address UltraAV issues); please include a *detailed history*: *Also - IF requesting Chat request the operator email (you) a copy of the chat transcript *before* ending the chat - otherwise (you'll) have no record of the chat* *IF they tell (you) to contact UltraAV, please do that as well, again, unfortunately we don't have any guidelines for their support system but the support link is: https://support.ultrasecureav.com/hc/en-us/requests/new. Please share the outcome with the Community, when it's available? Thank you? Flood?+?

Hello @i_salazar, Welcome! As a test, with (our) KTS set at Default settings, we ran two Quick scans, one after the other, the KTS Scan report images shows the result; noting, we made no changes between running the two scans . Quick Scan. Scans objects that are loaded when the operating system starts as well as system memory, boot files & temporary Internet files . This scan does not require a lot of time to complete → Some of these are dynamic, e.g. temporary Internet files, i.e. change all the time. Do not be concerned, if the scan result is clean the system is fine. Best practice tips: After installing KTS: Run a manual Database update. Shutdown, power OFF system using Shutdown, not Restart, power on., login. Make sure KTS is running. Check version & patch(x) x = letter - on the Windows Taskbar, or hidden icons, rightclick the Kaspersky icon, select About ? (Always try to have the software on the latest available patch). Check & make sure all Windows updates have a Successfully applied status. Run a Full scan, allow it to complete - do not use the computer while it's running - this is a one time scan - unless, at a later date there's a virus or malware attack that requires a full scan. After the Full scan completes, and assuming no detections, go to Quick scan, if you wish you may run a Quick scan or simply change the following setting: Scan optimization, Scan only new and changed files. We also suggest changing the same setting in the Full scan, but, only after, running the very first Full scan. Enable KSN. (ioo) After the *first* full scan, only run a full scan if a *situation* requires it. Run a Quick scan monthly. Keep KSN running always. 💥Important icons in the Scan Window: Top righthand corner: ? opens Help documentation specific to Scanning the computer, || ? = Help documentation, in all Kaspersky software. Gear⚙ icon: opens Settings Report📄 icon: opens Reports. Reports window: top right hand corner, SAVE function, can save any report as a text file (always a big help if submitting a topic here in the Community) Left hand side column, lists 16 KTS Reports, column can be collapsed. Middle section: Filter by date. Filter by value in any cell. Search by event record text. Sort the list by each report column. Change the order and arrangement of columns that are displayed in the report. Middle section, IF screen printing, & (you) wish to hide sensitive info, rightclick the column heading, uncheck the column that needs to be hidden. Report event importance levels are used in reports: Informational events that generally do not contain important information. Warnings. Events that you need to pay attention to, since they contain information about important situations that KTS encounters when running. Critical events. Critically important events that indicate that KTS has encountered problems affecting its ability to run or vulnerabilities affecting the protection level of the user's computer. Any questions, please post back? Thank you🙏 Flood🐳+🐋

I don't understand. Your link takes me to my account and my Kaspersky Plus subscription, but the only options there are to cancel the subscription. That looks increasingly likely. On my desktop, Kaspersky says it is still "preparing to launch the application". It's been doing that for the past hour. What should I do? PS: I am in Europe, your website says: "Kaspersky Standard, Plus, and Premium do not require activation codes."

Also @emrerencber, Check / reset: Keyboard shortcuts? Check: Keyboard shortcuts in apps? Check: Windows keyboard shortcuts for accessibility? Re "I can't navigate the program interface with Tab and Shift Tab keys, I can't hear Kaspersky's system tray settings"; we're not convinced the root cause is Kaspersky?

@kdoiwu43n Welcome. Please see → "Previous application launch failed" error message appears

Hello @hugop Welcome! Apologies for the delay responding, it took a little while to install Kaspersky Free?. Using Kaspersky Free, 2.1.85.452(b), Firefox Version 108.0.1, Kaspersky virtual keyboard was fully functional in all fields on https://www.particulares.santander.pt/pagina/indice/0,,276_1_2,00.html; we cannot replicate the issue: A. Which Windows OS & build, refer: How to find the version of your operating system? Does the issue repeat in Chrome & Edge? Does the issue repeat with Windows Virtual Keyboard? Does the issue repeat if any browser, FF, Edge, Chrome, are run in Incognito or Private mode? Which extensions (other than Kaspersky) are installed in the Firefox browser please? B. Please do the following: Open the Kaspersky app, select the Settings⚙icon, in the lower left corner of the app. Select Manage settings. Select Export. The Save window opens. Specify a name for the configuration file and select Save. The Kaspersky application settings are now saved in the configuration file. Return to Manage settings. Select Restore to run the Restore Wizard, allow the process to complete. Shutdown the computer using Shutdown, not Restart, power on the computer by pressing the power button, login. Make sure Kaspersky Free is running, do not import the original configuration Kaspersky settings at this stage, start Firefox, go to santander.pt & recheck the issue with the virtual keyboard? Please share the outcome with the Community when it's available? Thank you? Flood?+? Resources: How to export settings How to import settings

Hi, @Carlos O 71 You should use the EN keyboard layout. Only this keyboard layout is supported in this form. You can use on-screen keyboard if hardware keyboard does not contain EN layout. Thank you for feedback, in upcoming product update we will automatically notify the users about supported keyboard layout. Thanks!

Hi Flood and Flood's wife, Thanks again and here is my comments with more details ? 1, Apologies, is Safari browser being used by *default*, IF no, it should be! (not Safe browser, we were working on a Safe browser issue at the same time as working on (your) issue, we're so sorry!). --- my kid does not use Sarari, he uses Chrome, OperGX etc. 2, We understand the reports may not be accurately reflecting time used but *to set your expectations - we are not at the end - yet* - It is not just not accurate, it is not working at all. I have tried to deleted the old profile, created a new "Kid" and set up from step one and as of today, the result remains the same, on the ThinkBook15 (windows 11 Pro) there is no record at all, but my kid told me he used the ThinkBook15 for over an hour for homework. This windows PC is actually my main concern as Safe Kids is all I have, unlike the IOS, I have screen time as back up. The main reason to purchase safe kids is mainly for Windows based system, and it gets really frustrating now ? 3, *Please answer from (our) previous post* - how is Settings -> in APPLICATION MONITORING configured - Allowed, Forbidden or Restricted? They are set up differently per category, a quick screenshot is below 4,For *iOS*, when the install was done & *Screen Time* was configured, was the instruction at the very bottom of the page followed: How to set up Kaspersky Safe Kids using the Screen Time API after updating to version 1.87.0.XXX ? IF *no* - it must be done! Thanks, I will go through these instructions, but for all IOS systems, I have no problems I will uninstall the safe kids on the ThinkBook and re-install again, see how it goes.

I use AOL Desktop Gold for my e-mail. A few days ago the gold app would not launch. After trying many remedies, I turned off the Kaspersky protection and tried again. To my surprise, the Aol Gold app did launch finally so it is obvious that the Kaspersky app is blocking the launch. And after I get the aol gold app running (works fine) I then turn the Kaspersky app back on while using it. To my surprise once again, the text in all my inbox e-mails is blank so once again the Kaspersky is doing this. If I shut the Kaspersky off again, the e-mail text reappears! So please let me know how I can fix this as its very frustrating. KC Baum

Hi Flood and Flood's wife, Thank you so much for your reply, it explains very clearly. I think there is something wrong with my "safe Kids" Before I post the reply this morning, I did a manual updates via CMC command - sucessful I did a quick test with my child's account for few minutes, it seems correct. However, when I came back this evening and re-check something is wrong. Firstly, I connected my child's iPhone to safe kids - installed the app - signed in and chose "this device is used by children" now there is apparently an error for the usage time "19 Hours and 40 Min" that is impossible but I will come back to re-check, it could because the iPhone was just added in For the Thinkbook usage (4min) that is inaccurate as well because I know my child did his homework project for at least 30 minutes between 4pm - 5:30pm and that is not recorded. For the internet -> Frequently visited websites, I am pretty sure there should be more than 2 records and one of them is visited by myself in the morning testing

same issue here, the reporting seems broken and very hard for parents to understand and use, I just manually updated safekids via CMD command 4th/Sep morning ( no idea why it cannot be done automatically) I have also did a quick test - using the kid's pc with kid's login (windows 11 laptop x64) and then the Internet report reports still stuck on 24/aug./2024 and there is no useful information at all, as I am sure kids visited much more websites than the report for his school report. When going to "Device use" - Reports page, the 3 min testing usage is there but no details of what webpages were visited

Hello. I’m wondering if it’s possible to prevent an application from starting with Windows by double-clicking on it in the Kaspersky > Performance > Current Activity > Startup tab and then adjusting the application rules. The default options provided under Performance > Quick Startup have a limited list of applications to control, so I’m curious if it’s possible to manage applications through the Startup tab.

Any news on this issue? I have the same problem after upgrading from KIS to KPlus. Sometimes the desktop icon does not appear in the taskbar and if I launch it manually it goes red and then quits.

Hello @Tom Wong, Welcome! Read before you create a new topic! Unfortunately, Kaspersky’s On-screen/virtual keyboard cannot be disabled, there’s no option available in the software to disable the OSKB. According to Kaspersky experts, Kaspersky technical support agent & Kaspersky technical support Supervisor, this is as per by design. If when (you) open Kaspersky’s On-screen/virtual keyboard, the laptop/PC physical keyboard is disabled for input, please log a case with Kaspersky Technical Support, fill in the Application malfunction, Other template; support may request Logs, Traces & other data, they will guide you: After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in their MyKaspersky account.➡ Please share the outcome with the Community when it’s available? Thank you🙏 Flood🐳+🐋 Resources: About On-Screen Keyboard On-Screen Keyboard About protection of personal data on the Internet

Sorry for not answering timely. l don't have wifi or permanent internet access. 1. lt's 24.6.0.1874 (64-bit) 2. lt's 1.3.7.1 3. Yes 4. l installed it once upon a time from extension store iirc. l don't remember. lt became problematic recently. lt didn't give warnings before. 5. l can not get it to show me the warning now. lt is undeleteable though. l just deleted another extension and its gone but adlesse comes back. l open extensions folder in AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions and its folder literally manifest itself right in front of my eyes as i launch the browser.

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. Problem Using EDR, you may encounter an issue where you're unable to view incident card regarding a detection in KSC Web Console. It looks like this: Here we will discuss known causes of such behavior (several products are involved, so causes may be different). Possible causes and solutions MDR In MDR, incidents are to be viewed using the dedicated MDR Console, and KSC version 13 and newer with configured MDR plug-in. KSC 12.* Web Console will not receive the data; this is expected behavior. KES+KEA If you first install KES without EA component, and then a standalone KEA package, KES EDRO integration will be disabled and killchain will not work. Here is a quick way to determine if KEA was installed as a component of KES. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] "AntiAPTFeature" = "1" If the value is 0, proceed to the workaround to enable the component as described below. To fix this, we ran Change application components task on the host, enabling Endpoint Agent in KES. If KES/KEA integration is configured correctly, we can find the following in KES traces: 12:08:37.426 0x2a18 INF edr_etw Start processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, recordId = 6, taskId = 1128, result = 0 12:08:37.426 0x2a18 INF edr_etw Start processing actions = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, action = 4, recordId = 6, taskId = 1128, edrAction = 3489660999, result = 0 12:08:37.442 0x2a18 INF edr_etw Killchain is enabled! 12:08:37.442 0x2a18 INF edr_etw SystemWatcher is running! 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::IsSystemWatcherDetect end 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds begin 12:08:37.442 0x2a18 INF edr_etw product::component::edr::`anonymous-namespace'::InvestigateProcessIds end 12:08:37.442 0x2a18 INF edr_etw Finish processing detect = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com threat status = 1, recordId = 6, taskId = 1128,result = 0 12:08:37.458 0x1f18 INF edr_etw Finish processing AV detect result = 0 Searching for ThreatID in KEA traces: 12:08:37.426 0x2a18 INF amfcd ThreatsProcessingEventsLogic::OnTreatActionImpl: ctx:0x23d68510 [TI 0x1b8dd490: id = 0x6, : tdid = {7F620459-6C51-9E46-9A5D-689A9B0D0098}, name = http://www.virusanalyst.com/eicar.zip//eicar/eicar.com, add info: <none>, 0x0] 0x4 0x0 KES+KEA (upgrade from KESB to EDR Optimum) EDR Optimum requires KSC 12.1 or newer to work. This includes the Network Agent, which is a part of KSC, and is generally installed on the host alongside KES. Using an outdated version of Network Agent (10.5, 11, etc.) will lead to the mentioned error when opening incident cards. If Network Agents were not upgraded along KSC, it's better upgrading them for EDR Optimum. KES 11.7+ Check that EDR Optimum feature is enabled in registry (GSI > Registry > HKLM_Software_Wow6432Node_KasperskyLab.reg.txt ). [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES\Installer\features] EdrOptimumFeature = 1 If value is 0, run Change application components task on the host, enabling EDR Optimum in KES. Also in traces (*.SRV.log) you can search for sentence bundles::InstalledFeaturesProvider::InstalledFeaturesProvider and check that EDROptimumFeature is there, for instance in example below such component is missing KES.21.9.6.465_05.18_14.00_3952.SRV.log 11:00:36.897 0x26a0 INF bundles::InstalledFeaturesProvider::InstalledFeaturesProvider{ 3 (AVScannerAndCoreFeature) 28 (AdaptiveAnomaliesControlFeature) 0 (AdminKitConnectorFeature) 24 (AdvancedThreatProtectionFeature) 27 (AmsiFeature) 7 (ApplicationControlFeature) 17 (BehaviorDetectionFeature) 30 (CloudControlFeature) 4 (CriticalScanTask) 6 (DeviceControlFeature) 23 (EssentialThreatProtectionFeature) 11 (ExploitPreventionFeature) 8 (FileThreatProtectionFeature) 19 (FirewallFeature) 5 (FullScanTask) 2 (HostIntrusionPreventionFeature) 16 (MailThreatProtectionFeature) 14 (NetworkThreatProtectionFeature) 12 (RemediationEngineFeature) 25 (SecurityControlsFeature) 18 (UpdaterTask) 21 (WebControlFeature) 20 (WebThreatProtectionFeature) 22 (WholeProductFeature) } KSWS+KEA The same rule applies: KEA component needs to be installed in KSWS. KSWS does not have a "Change application components" task in KSC, so this has to be taken into account during KSWS deployment. Here is a quick way to determine if KEA was installed as a component of KSWS. Open regedit, then navigate to: [HKEY_LOCAL_MACHINE\Software\Wow6432Node\KasperskyLab\\WSEE\11.0\Install] "Features"="AntiCryptorNAS=0;AntiCryptor=0;AntiExploit=0;AppCtrl=0;AVProtection=0;DevCtrl=0;Fim=0;Firewall=0;ICAPProt=0;IDS=0;Ksn=0;LogInspector=0;Oas=0;Ods=0;RamDisk=0;RPCProt=0;ScriptChecker=0;Soyuz=0;WebGW=0" (Soyuz needs to be set to 1) If Soyuz is set to 0, apply workaround to enable it. KSWS allows to change its components locally or via cli. Here is the example of how to set Soyuz=1 when KEA was installed not as a component of KSWS: 1. Locate ks4ws_x64.msi or ks4ws.msi (depends on OS architecture) 2. Create custom installation package based on ks4ws_x64.msi or ks4ws.msi from p.1 with parameters as per screenshot (add UNLOCK_PASSWORD= if KSWS is protected by password in policy) 3. Deploy package on problematic servers with KSWS and KEA, then check registry that Soyuz=1 4. Check host's properties at KSC side - EDRO should be in Running state in KEA If KSWS/KEA integration is configured correctly, we can find the following in KSWS traces: 19:57:04.577 7a8 1310 info [edr] Published ThreadDetected: VerdictName : HEUR:Win32.Generic.Suspicious.Access RecordId : 0 DatabaseTime : 18446744073709551615 ThreatId : {ffb58079-6d8d-4a62-8ab0-021ff4ed61c5} IsSilent : false Technology : 3489661023 ProcessingMode : 3489660948 ObjectType : 3489660934 ObjectName : C:\Windows\System32\wbem\WmiPrvSE.exe Md5 : e1bce838cd2695999ab34215bf94b501 Sha256 : 1d7b11c9deddad4f77e5b7f01dddda04f3747e512e0aa23d39e4226854d26ca2 UniquepProcessId: 0xf7c807730e051a0d NativePid : 3360 CommandLine : AmsiScanType : AmsiScanBlob : FileCreationTime: 1601-01-06T23:09:56.075520800Z Searching for ThreatID in KEA traces: 19:57:05.583 704 9b0 debug [bl] ThreatsHandler: detect v2 verdictName: HEUR:Win32.Generic.Suspicious.Access detectTechnology: 0xd000005f processingMode: 0xd0000014 objectType: 0xd0000006 objectName: C:\Windows\System32\wbem\WmiPrvSE.exe nativePid: 3360 uniquePid: 17854528913448180237 nativePidTelemetry: 3360 uniquePidTelemetry: 17854528913448180237 downloaderUniqueFileId: <none> downloadUrl: <none> isSilentDetect: false threatId: ffb58079-6d8d-4a62-8ab0-021ff4ed61c5 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59675, processed=59675, dropped=0, queueBytes=191 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59676, processed=59676, dropped=0, queueBytes=132 19:57:05.583 704 650 info [evtstt] NetworkConnectionHandler statistics: queueSize=0, received=59677, processed=59677, dropped=0, queueBytes=371 19:57:05.583 704 9b0 debug [bl] Threats Handler: event processed, id = 2 19:57:05.584 704 1fc debug [killchain] Message discarded: name = ThreatDetect The verdict is Message discarded, this means the detection won't trigger killchain generation. No such entries can be found in traces, which might mean that EPP integration is not configured correctly (EDR component is disabled in KSWS). Check killchain presence on the host If all pre-requisites are met, it's worth checking if killchain files are actually created on the host. To check that, run cmd.exe as Administrator and check the c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects folder contents. Archives with <threat_id>.zip names should be present in the folder: C:\WINDOWS\system32>dir "c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects" Volume in drive C has no label. Volume Serial Number is 8010-ADC0 Directory of c:\ProgramData\Kaspersky Lab\Endpoint Agent\4.0\Data\killchain\detects 08/16/2021 12:20 PM <DIR> . 08/16/2021 12:20 PM <DIR> .. 08/16/2021 09:34 AM 636 0349c190-4ac3-4da4-9b64-07835298660f.zip //this is an archive with killchain info 08/16/2021 12:18 PM 696 1d306aa7-f37f-4ab2-969e-d337d398a995.zip 08/16/2021 09:34 AM 637 23a5dc93-5776-43c8-b949-79c102aa1184.zip 08/16/2021 12:19 PM 691 27bc9ea3-200b-49d2-b8b0-df7954cd428a.zip 08/16/2021 12:19 PM 683 40673c70-9e8e-420f-b5ce-65b406862b94.zip 08/16/2021 12:19 PM 688 590b6e30-4509-4b25-bdb0-062f89b7e062.zip 08/16/2021 12:20 PM 693 67993612-dc82-45a2-9e5b-74756adc46eb.zip 08/16/2021 12:20 PM 685 6a892bd1-f452-42d0-80b0-cb953cd7fc26.zip 08/16/2021 12:19 PM 686 a63fbafa-fcef-46f7-935f-42be4392a172.zip 08/16/2021 12:19 PM 699 d9d4f5eb-42b2-4460-8f8a-eb63bbef8791.zip 08/16/2021 12:19 PM 686 f6042624-9840-4a6e-9b30-9270cce22236.zip 11 File(s) 7,480 bytes 2 Dir(s) 240,763,092,992 bytes free

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials. In cases when you need to diagnose an intermittent network issue, or capture an event that occurs only once in a while, you may need to use ring-buffer mode in Wireshark. In this mode, the number and overall size of the capture files will be fixed and when the limit will be reached, the newest data will start continuously overwrite the oldest data in the capture buffer. Below, you will find instructions for how to configure this capture mode: Download and install Wireshark from the official website, if you have not done that already. Launch Wireshark and click Capture options. On the Input tab, uncheck option Enable promiscuous mode on all interfaces and select interfaces from which you want to capture traffic. If you are not sure which ones to select, look at the graphs in the Traffic column to determine which interfaces are active and select all of them. If you are completely lost, you can also select all interfaces. On the Output tab you configure where the resulting files will be saved, the ring buffer capture is also configured here. It's a good idea to create a separate folder to store the capture files. The screenshot below shows optimal configuration for the capture settings. Note that the space occupied by the capture files will be equal to the size of a single capture file multiplied by the number of files in the ring buffer. In our example it's 500 MB * 8 = 4000 MB, which is the optimal size to upload to Company Account portal. You can modify these parameters to allocate more or less space for the capture files, though we don't recommend making it less than 2 GB. Use of compression is optional. With it, more data can be stored within the same file size, but it also can increase load on the CPU. Disable this option in case of performance problems. When everything is configured, click Start to start the capture. Please, pay attention that when capturing traffic in the ring buffer mode, it's very important to monitor for the occurrence of the event that you need to record and disable capture as soon as possible after the event has occurred, otherwise the relevant part of the capture may be overwritten. The timing is especially important, when using smaller sizes of the buffer. When the capture is finished, click Stop capturing packets, then Close this capture file. Pack the resulting files into an archive and upload it to your Company Account.