Search the Community

Thank you for the quick reply

Hello, Recently my computer have been occurred a lot of blue screen with code BAD_POOL_HEADER. So I tried to narrow down and tried everything I can until now to identify which software/why it cause this blue screen. Last time, I already seen my previous Minidump file to Microsoft Comunity and they identify that nVidia and Kaspersky causing this problem. I follow their instruction to update my nVidia driver. Today this blue screen happen again. I tried a quick look at my minidump file this time and maybe Kaspersky causing this Could you please take a look at this problem and somehow fix it ? I really like Kaspersky and stick with you guys for a long time. I can switch to other Free AV but well I want to give Kaspersky a chance. Detail information about my OS and Kaspersky Free version, and other related information below: Windows: Windows 10 Education (64bit) Version 10.0.17134 Build 17134 Kaspersky Free AV version: 19.0.0.1088(f) *Both Windows and Kaspersky are set to automatically update My minidump zip file uploaded to Google Drive: https://drive.google.com/open?id=1BiC3ebbSLp8XGo-BK2bRCWquGKJlJgqp My topic on Microsoft Comunity: https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/multiple-blue-screen-with-code-badpoolheader-in-1/e92c1cab-b2ab-48aa-8f5d-812b5499337f?auth=1

Hello Henry, Thanks for replying and the additonal information. You're too quick for me:wink:, I added a bit of extra information to my original reply. Any large .zip can be uploaded to cloud storage, share the link please, however, did you activate traces, REBOOT, after restart, ensure KIS is active, replicate issue, disable traces? If not, would you be kind enough to follow those steps please and provide the .zip traces? Many thanks.

Thanks for the quick response on the issue. Below Detailed report. 1.Operating system, version, build, release? Ans: Windows 8 & 8.1 professional 64 bit. 2. All installed Kaspersky software: full name(s), version(s), patch(s)? Ans: kaspersky endpoint security 11.0.0.6499 3.Was any Kaspersky software installed before: "installed kaspersky endpoint security"? Ans: No 4.Does the issue happen 24x7? Ans: No, only sometimes 5.Have you uninstalled and re installed the Kaspersky software? Ans:yes,I tried uninstall and re install. But i did not change anything. 6.Are any VPNs in use when the "system unresponsive" events happen? Ans: No, we don’t use vpn. 7.What actions do you take when the issue happens? Ans: I don’t know how to solve this issue. I try uninstall and re install the kaspersky when this issue happen. Stop the updates. May I know the reasons of this issue. That would be of great help if it has been resolved. Thanks and Regards, Laxmikanth

To my surprise I received a message in my Chrome browser "Google uses the webcam". It was a message which had the look and feel of Kaspersky, and I have Webcam protection turned On in Kaspersky. But the message dissapeared in a few seconds and I didnt have enough time to choose the option to block this activity. Is there a possibility to view the log of Webcam usage and to disable all Google webcam requests? I don't know wheter this request has been blocked or not as the message was gone too quick. Best regards, Max

You can use the following command for a first test. You have to customize the path, I don't know which product is used. (and don't forget the quote marks) "C:\Program Files (x86)\Kaspersky Lab\[Path to your KL produkt]\avp.com" SCAN F: /MEMORY /i8 /fa /R:%homepath%/desktop/ReportScanF.txt The command scans drive F and the system memory, a log file named 'ReportScanF.txt' is stored on the desktop. Finally an overview of the parameters, then you can experiment with the settings. Usage: SCAN [] [/ALL][/MEMORY][/STARTUP][/MAIL][/REMDRIVES] [/FIXDRIVES][/NETDRIVES][/apprules] [/@:] [/i<0-4,8,9>] [-e:a|s|b|m||] [/R[A]:] [/C:] [/hlevel ] Scan area: List of files and/or folders delimited with space. Long path names must be enclosed in quotes. /ALL Scan my computer /MEMORY Scan computer memory /STARTUP Scan startup-objects /MAIL Scan mailboxes /REMDRIVES Scan removable media /FIXDRIVES Scan hard drives /NETDRIVES Scan network drives /apprules Categorization of the executable files /@: Scan files in specified list file Action with infected files: /i0 Report only /i1 Disinfect object, skip if disinfection is impossible. /i2 Disinfect object, delete object if disinfection is impossible, dont't delete objects from containers, delete containers with executable header. /i3 Disinfect object, delete object if disinfection is impossible, delete containers if objects can not be deleted. /i4 Delete infected objects, delete containers if objects can not be deleted. /i8 (default) Ask me immediately /i9 Ask me when scan is finished File types: /fe Quick check /fi Smart check (default) /fa All files Excludes: -e:a Skip archives -e:b Skip e-mail databases -e:m Skip plain text e-mail -e: Skip files by mask -e: Skip files scanned longer than -es: Skip files greater than Reports: /R: Save only critical events /RA: Save all events Additional settings: /iChecker= Enable/disable iChecker technology /iSwift= Enable/disable iSwift technology /C: Specifies configuration file /hlevel Specifies heuristic level [1-1000] Examples: avp.com SCAN /R:log.txt /MEMORY /STARTUP /MAIL "C:\Documents and Settings\All Users\My Documents" "C:\Program Files" C:\Downloads\test.exe avp.com SCAN /MEMORY /@:objects2scan.txt /C:scan_settings.txt /RA:scan.log

[video]https://youtu.be/XKeP1_ey5ZQ[/video] Hey Flood, just a quick video of what is happening to me... Eventually it does start updating though. I will provide the info you require in a few days, don't have time yet:wink:

I have an Gateway, windows 7. Kaspersky Total Security. Every time I run a full system scan it runs until it gets to 99% complete and then it stays there, it will not finish the scan. It will do a complete quick scan and reports finding nothing. I have let it set for 24 hours and it will not complete the scan. Any advice? I would like to delete Kaspersky and reload it but I'm afraid I will not be able to download it again since it will show that I already have downloaded it on a computer. I still have 202 days left on my subscription. Help.

Hello again Seems that my problem on Nokia 3.1 is solved. After stopping and enabling "com.evenwell.powersaving.g3.overlay.base" and"com.evenwell.powersaving.g3.overlay.d.base.s600ww" I have deactivated DuraSpeed with "Minimal ADB and Fastboot" as prescribed on dontkillmyapp.com/nokia. Now both apps (KIS and Safe Kids) are working for more than 6 days proper and without any problems. Action of german support was very quick and capable.

Thank you for the quick response. See underlined responses below after your questions.

I have no solution for the scan task hanging, but I was able to "stop" the task by bring up Activity Monitor and killing the kav process. I performed a Force Quit action. The process re-spawned. When I looked back at the Kaspersky GUI, the Scan icon was not active. The scan task that was hung at 5% now indicated "failed". I was then able to manually run a Quick Scan.

Thank you very much FLOOD for your quick and clear answer. With your explanation now if I understand the problem that I had. Once again. Thank you.

Quick moderator note: Please do not discuss tactics that are in direct contravention of the EULA. Such has been deleted from the above discussion. :) :relaxed:

Hello folks I made a request and received very quick response from Kaspersky support. Sorry it's in german but the main information (imho) you can find on https://dontkillmyapp.com/nokia which is in english. As I have no experience with adb I only have changed the settings of both of the enwell.powersaving.g3 (stopped and disabled). But it hasn't worked. Enabling other enwell-apps caused huge amount of problems which ended in Hard-Reset. Answer from german support: Bei den Nokia-Geräten ist es so, dass die Nokia-Firmware oft die Anwendungen abschaltet. Haben Sie schon folgendes ausprobiert: https://dontkillmyapp.com/nokia Gehen Sie zu Einstellungen > Anwendungen (Apps) > Alle Anwendungen anzeigen. Tippen Sie oben rechts auf das Menü > System anzeigen. Suchen Sie die Energiespar-Anwendung in der Liste, wählen Sie diese aus und erzwingen Sie das Schließen. Es bleibt bis zum nächsten Neustart gestoppt. Von nun an sollten Anwendungen im Hintergrund normal funktionieren und die standardmäßigen Optimierungen für den Android-Akku verwenden.

I installed the free SAS and ran a scan without incident. Later that evening, KAV ran a rootkit scan on its own and I ran my normal quick scan, both without any incident. The system has been shutdown and re-booted, again with no incidents or complaints from either product. It appears that whatever incompatibility the install process was complaining about is left over from earlier days and has been resolved. If anything comes up later, I'll certainly be back to talk about it. Thanks for the encouragement.

Hello BuboBubo, Thank you, it will indeed be very interesting to read what the Lab advise? Especially now, they've advised enhanced KSK "control": Alex Perekalin, June 17, 2019 Smart control for smart kids http://links.kaspersky.sm/c/2GG/H1j/KDMm9Do0kbw-LF4_EwPl2y/bP/P_J/F/40cb6a2e Our kids should surpass us in every way: talent, looks, happiness, intelligence. But children seem to get too smart too quick these days, and they can end up giving their parents the runaround in the most innocent yet cunning ways. Today’s fifth graders know very well what their parents are hiding from them, how to open locked doors, and where to find forbidden fruit online. To stop inherently curious kids from venturing off the trail online, we have parental control applications, such as Kaspersky Safe Kids. In theory, these programs restrict access to apps and websites that, according to parents, are not appropriate for kids’ consumption. But in practice, children quickly learn to bypass such restrictions or even use them for their own purposes. If you see that your child has bypassed your parental controls, your initial reaction may well be overwhelming pride — what a brain! But it’s clearly a problem, and the solution isn’t immediately obvious. Never fear: We’ve updated Kaspersky Safe Kids to tackle three typical problems that parents of overly savvy kids might face. The buck stops at WikipediaKaspersky Safe Kids has always had an option to restrict access to websites with particular types of content. It is quite typical for parents not to want their youngsters to peruse adult content, read forums about weapons, or obtain information about certain other topics. But classifying all websites on the Internet is fundamentally impossible — they appear faster than we can squeeze them into categories. So, crafty kids have always been able to find what they wanted on some obscure sites that we had not yet managed to add to our lists. But no more. We have implemented the Block all websitesfeature, which (as the name suggests) blocks access to all sites except those that parents manually add to the list of exclusions. So, say, Wikipedia, NASA.gov, and other potentially useful tools can go in this list, and children’s access to all other sites is safely blocked. The option is disabled by default. If you turn it on, all sites, except those you’ve added to the white list, are effectively blacklisted, thus preventing children from viewing them. The feature is currently available only in Windows, but will soon appear also in Kaspersky Safe Kids apps for Android and iOS. How to keep access to your favorite applications“Mom, I was at Tony’s house! Yes, till 10 p.m. No, I couldn’t call or text. You blocked all the apps yourself, and told me not to call ’cause you had important meetings. So I didn’t call.” To many users of Kaspersky Safe Kids, such excuses may sound familiar. The application has a function that allows you to block access to all applications except the phone – which is handy, but, as it turned out, not sufficient. Messengers have invaded our lives to such an extent that it is often easier to use them to contact your kid than to call, for a variety of reasons. As a result, many parents requested a feature that would let them create a white list of applications that includes more than the phone itself, and to block everything else. We listened and added such a function to the new version of Kaspersky Safe Kids. Now it is possible to whitelist useful applications and block all the rest during a certain period of time (say, 8:00 a.m. to 6:00 p.m., Monday to Friday). In other words, you can ban games from the classroom but allow anytime use of electronic dictionaries and the messenger you use to keep in touch. This video demonstrates how to set up the feature: Deleting Kaspersky Safe Kids just got harderPerhaps the worst headache for parents of smart, persevering kids occurs when the kids try to turn off or delete Kaspersky Safe Kids, and then use the device as they please. On a computer, this is harder to do (and no, we don’t have an instructional video for that), but on Android it’s relatively simple. Actually, that’s a problem common to all parental control applications, not just ours — easy deletion is an Android OS quirk. Kaspersky Safe Kids uses certain permissions for overriding the system interface with its own. This is necessary, for example, to block access to settings that the child could use to turn off parental control permissions, depriving the application of a good half of its features and effectively disabling it. But on some devices it was possible, by prodding the screen very quickly, to get into these settings and rob the application of the permissions required for its operation. Very few manage it with the first attempt, but, as everyone knows, children can be amazingly persistent when it comes to things that aren’t allowed. So given enough tries, someone was bound to get inside. Now, however, after two such attempts, Kaspersky Safe Kids temporarily blocks the phone for a minute, preventing the child from disabling parental control.

Hi Caos, thank you very much for your quick reply. Our workstations all have the S: drive mapped to our server folder \\TSVSRV01\DATA. Question 1: For the field Name or name mask of file or folder in the attached screenshot, what exactly would you specify? Simply"S:\" or rather "\\TSVSRV01\DATA"? Question 2: For the checkboxes, since I'm going to have my server scan this folder and all it's subfolders. Would it be okay for me to SELECT each checkbox... implying that my workstations won't at all scan or apply any of the other components to this folder? Thanks for your patience Caos. I can't get over how light Kasperky is in comparison to other antivirus software I have tried. So far so good. Regards, Michelle

Hello -Question- When i search through a file (.exe) using Kaspersky Internet Security it finds a file that it considers a threat. C:\Users\Me\Downloads\Patch.exe//File4260 It looks like it is a file in the installer/unpacker that it considers suspicious and not the .exe itself. The search itself searched through roughly 25 000 files. Kaspersky says the name of the object/threat is "not-a-virus:RiskTool.Win32.HideExec.bm" Kaspersky also gave me a choice when i came to handling the threat, that i could actually add exception for it or ignore it. So it seems that kaspersky doesen't see it as super dangerous? What does "HideExec.bm" mean? Is there any way i can figure out what the object in question does? I placed the suspicious file in quarantine and removed almost instantly after i searched through it and found the suspicious file. As stated in the Background below alot of people, including myself, need the patch in order to run the game at all. I will consider re-downloading the patch and using it depending on the feedback i get on this forum. I have read the kaspersky website blog post about "Not-a-Virus" but i still do not know if i should trust the identified object in question. (https://www.kaspersky.com/blog/not-a-virus/18015/) -Quick Background- There is a somewhat old game in which alot of people NEED to use an unofficial patch in order to get to run/function. The patch can be obtained from a well known website that alot of other modifications/patches can be downloaded from. There is nothing suspicious about the website itself. (https://www.moddb.com/) On the forum dedicated to the game on Steam, alot of people have brought up the fact that their antivirus program treat the patch (.exe) as suspicious or even as a virus. Many users ignore the warnings of their antivirus and run and use the program anyways. Because it's an easy way to get the game to run. I think the .exe itself is an installer for the patch for the game. Probably an "unpacker" of sorts. (User run program -> User selects game directory in the installer -> Program places a bunch of files and such in the game directory + a folder structure -> Patch Finished/Installed) There is alot of people who say it is a false positive and there is nothing to be worried about, that the antivirus treat it as suspicious because it is an .exe file. That the creator is trusted and alot of people are using the patch etc... Thank you for reading. Sorry for the long post and bad English.

me34 run a quick scan with active and inactive exception, this is enough to check either run the file that is added to the exception, with the active and inactive state, there will also be a difference

will be detected, because you run a selective scan of the file, and it runs when you wish, otherwise it will be an error that the scan is not performed during a quick and complete check, the file will be excluded from the check on the object that you specified in the exception and the protection components you specified

Hello JeffreyStratton, Thank you for the information and the screenprints - very helpful! Yup, Kaspersky is detecting httpcolonslashslashs3-us-west-2.amazonaws.comslash dropmockslashkineticslashtemplatesslashx=etc as malaware. (URL/link modified to comply with Community rules) 69 other engines show the same url/link as clean. Sometimes, due to the every changing nature of malaware, viruses and other "bad" things, the definitions and categorisations published by AV providers and referenced in database updates make false positive detections. The best course of action is to escalate the issue you've identified to Kaspersky Malaware Experts & asking them "why" the detection is happening to a DropMock program you've always used safely? If the detection is valid the experts will provide you with an explanation. If the detection is a false positive the experts will fix it & advise you. The turnaround time by the expert team for this type of issue is usually fairly quick. Please do let us know the outcome? Many thanks!

SAJFLADD Yes, a rootkit scan is also performed during a quick scan. Fast scanning requires more system resources than rootkit scan. I would not turn off rootkit scan, which is performed once every 24 hours

Tks. Have done the first part. Will try the settings part Quick Scan.

Clear check box Search for software that is intended to conceal traces of a malicious program in the system (rootkits) https://help.kaspersky.com/KTS/2020/en-US/68153.htm In Seting - Scan section, set up a schedule Quick Scan https://help.kaspersky.com/KTS/2020/en-US/68154.htm

Redmat - ransomware-type infection. The infection comes from the Djvu ransomware family. Redmat is a high-risk ransomware designed to stealthily infiltrate computers and encrypt most of stored data. Ah right, a quick search of Kaspesky's and nomoreransom.org's list of decryptors yields nothing for Djvu ransomware