Search the Community

On Windows 10 is there a way to keep apps from running in the background and block their network activity, but only when they are not running? When I launch the apps I would like them to run and connect to the internet, and when I shut them down I want them to be blocked from running in the background and connecting to the internet. Also is it possible to block network activity for an app with exceptions? Like when I click on "Check for updates" then it would be allowed to connect. Or even allow it to connect to certain domains always so it can check for updates by itself, but block any other of its attempted internet connections always. ?

Heyo. I just wanted to add that I have personally have been using kaspersky for years. I have also tested out eset and other AV's but none of them came close to kaspesky's protection. I love kaspersky security software and will be keeping to them. I personally use the Kaspersky Prem. Never have had malware on my PC since. What made me change, is because I used to use AVG, eset, bit defender, quick heal, and a few others (NOT at the same time). Every time I got malware, they did crap all to help remove it. Change to kaspersky. It made sure that my PC was clean befor installing it. And boom nothing since.

Hello @RDB, Welcome back! Doesn't happen for us - image 1, not *forced* to use SK: after *manually* starting SK, SK works with expedia, image 2 Please tell us: *which* computer OS version & build, Windows Search, type WINVER, open the WINVER app & post back the information OR macOS, read: Find the name and version number of a Kaspersky application? Which Secure keyboard input options are selected - image 3? Does adding an exclusion help - image 4? Try another browser or try the browser in Incognito / Private mode? Restore browser settings to the original defaults -> chrome://settings/reset & recheck? In Kaspersky Reports, Safe browsing - are there any Expedia errors? IF the issue persists -> log a request with Kaspersky Customer Service - https://support.kaspersky.com/b2c#contacts, on the support page, select either Email or Chat, then fill in the template as shown; please include a *detailed history*, include screen-prints & OR video IF they show the issue: *Also - IF using Chat - ask the operator to email (you) a copy of the chat transcript *before* ending the chat - otherwise (you'll) have no record of the chat* Thank you🙏 Flood🐳+🐋

I am not able to use expedia with secure keyboard. I am not able to type in the destinations under flight section as the system forces me to use Kaspersky secured keyboard for some reason! and that keyboard just doesn't work! Has anyone else faced this problem? even after disabling it from kaspersky privacy settings and restarting the browser, I am still struggling with this problem. Any solutions?

Thanks all of you for your quick response. Please find attached screenshots.

Gracias, Harlan! Reporto que hice el scan. En adelante voy a hacer el quick scan modificado que recomiendas, pero esta vez le quise hacer el Full Scan para comparar 1:1 los resultados con el scan anterior, que por cierto se tardó dos horas menos ahora y escaneó menos archivos (???)... Me siguen saliendo archivos dañados... No sé qué hacer, si los ignoro o no. (Aunque después del chkdsk de la semana pasada, volvió a suceder el crash de este lunes... entonces no sé si va a volver a pasar) Otras dudas: ¿El chkdsk no debería haber borrado los dañados? Los que pude encontrar parecen ser los mismos detectados la vez pasada. Y eso de C:\Recovery\ es una carpeta que ni habilitando ver objetos escondidos encuentro [quería ver la fecha de modificación de los archivos... los otros que sí encontré tienen fecha de modificación del 25 de nov (antes del Full Scan anterior) o 27 de noviembre (horas después del Full Scan anterior) (ambos casos archivos de Edge) .... y uno tiene fecha del 2018 (un juego preinstalado que nunca usé; la computadora es del 2019)] ¿Le hago un System Restore (que me borraría un mes de actualizaciones, incluyendo Kasp y las de Windows) o mejor no? Ya esta semana tengo que volver a hacer Windows Update (los hago un mes retrasados para evitar los bugs lo más posible) y se me acaba el tiempo y parece que no logro sanear esto...

Hello @Tizio Cajo, You're most welcome! Thank you for the additional question! Additional to our previous, READ: System Watcher settings, specifically Action to perform if malicious or other activity can be rolled back. In Performance Settings PC performance optimization, make sure Launch Kaspersky at computer startup (recommended) is *checked* IF Kaspersky is not working / running / active, in Windows security there will be alerts & the Kaspersky icon will not be present in Windows *Hidden icons* Another tip, sometimes, finding Kaspersky features in the GUI, can be a little difficult - use the SEARCH field & a simple word search: Thank you🙏 Flood🐳+🐋

Personalmente, yo no hago Full Scans, son innecesarios en mi opinión, solo corro Quick Scans, añadiendo en el Scope, las carpetas:

I am writing to express my deep frustration and anger towards the Free Kaspersky Anti-Ransomware Tool (KART). For about a month, I have been experiencing abnormal behavior in some of my software applications. Upon investigation, I discovered that KART has replaced my system's HTTPS certificates with its own root certificate without my knowledge or consent. The certificate was generated approximately six months ago, but I am unsure if the replacement happened then or more recently. Replacing certificates equates to decrypting HTTPS encrypted traffic, effectively performing a man-in-the-middle (MITM) attack. This is a serious security concern because it allows KART to intercept and potentially manipulate all encrypted communications on my system. Such actions are intrusive and undermine the fundamental security guarantees that HTTPS is supposed to provide. Regardless of whether this HTTPS certificate replacement was an existing feature or part of a recent update, Kaspersky failed to inform users explicitly. There is no mention of this functionality on the official website (https://www.kaspersky.com/anti-ransomware-tool), during the installation's quick tour, or within the software settings. Moreover, there is no option provided to disable this intrusive feature. In contrast, other antivirus software, including various versions of Kaspersky Anti-Virus, offer users the choice to disable HTTPS traffic decryption. This unauthorized action poses significant security risks and invades user privacy. Even after uninstalling KART, the root certificate remains on the computer, continuing to present security vulnerabilities. This shows a blatant and disgraceful disregard for user autonomy and rights. I am beyond furious with Kaspersky's lack of transparency and respect for user consent. Such practices are absolutely unacceptable and undermine the trust users place in your products, potentially violating user privacy and rights. I am retaining all evidence of these actions and reserve the right to file formal complaints and reports against Kaspersky with relevant authorities and consumer protection agencies. I demand immediate action to address these issues and ensure that no further unauthorized changes are made to users' systems.

• Actually, it was recommended > Speed up your PC > Quick Startup > Disable autorun of rarely used apps to speedup your computer's startup... Encompassing - Wondershare App... • Concerning Internet drop-outs issue, 28 episodes from 01-Oct-24 to 08-Nov-24 were depicted for you on 09-11-24. Such as: Warning 08-Nov-24 15:26:24 Event 27, e1dexpress Intel(R) Ethernet Connection I218-LM Network link is disconnected.

Thank you for your extremely quick reply - it is very appreciated. That's interesting and good to know! Thank you again; I like to keep track of updates.

The Evolution of Cybersecurity: A Look at Emerging Threats and Solutions In today’s interconnected digital world, the cybersecurity landscape is in a constant state of flux. As technology evolves, so do the tactics and tools of malicious actors. At Kaspersky, Threat Research teams are at the forefront of identifying and combating these emerging challenges, offering insights that help individuals and organizations stay ahead of the curve. Here’s a deep dive into the latest trends and how businesses can bolster their defenses against the threats of tomorrow. 1. The Rise of AI-Driven Cyberattacks Artificial Intelligence (AI) is no longer just a tool for defenders; cybercriminals are leveraging it to automate attacks, develop polymorphic malware, and evade traditional detection mechanisms. AI-powered tools are being used to: Create highly personalized phishing campaigns using real-time data. Generate malware capable of adapting its code to bypass security solutions. Launch Distributed Denial of Service (DDoS) attacks with unprecedented precision. What You Can Do: Adopt AI-powered cybersecurity solutions that can analyze patterns and adapt defenses dynamically. Behavioral analysis tools, such as Kaspersky Endpoint Detection and Response (EDR), are crucial in detecting anomalous activities early. 2. Supply Chain Attacks on the Rise Supply chain attacks continue to grow in complexity. Attackers target third-party software providers or infrastructure to infiltrate larger organizations. Recent studies by Kaspersky Threat Research indicate a 30% increase in such incidents in 2024 alone. Key Examples: Compromising trusted software updates (e.g., the SolarWinds incident). Infiltrating critical cloud service providers to gain broader access. Defense Strategy: Regularly audit the cybersecurity practices of your third-party vendors. Use solutions like Kaspersky Endpoint Security for Business, which monitors software behavior across your network to flag suspicious activities. 3. Cybercriminals Target IoT Devices The Internet of Things (IoT) is becoming a favorite target for attackers due to weak security configurations and inconsistent patching. In 2024, over 1 billion IoT devices were exposed to vulnerabilities like default passwords or outdated firmware. Common Targets Include: Smart home devices (e.g., cameras, thermostats). Industrial IoT (IIoT) used in manufacturing and logistics. Mitigation Tips: Segment your network to isolate IoT devices from critical systems. Use secure gateways or hardware that integrates with IoT security platforms like Kaspersky IoT Secure Gateway. 4. The Weaponization of Generative AI Generative AI tools like ChatGPT and MidJourney are now being used by cybercriminals to automate social engineering. These tools can create convincing phishing emails, fake news articles, and even fraudulent documents in seconds. Recent Trends: Kaspersky researchers uncovered phishing kits leveraging AI to mimic corporate branding with near-perfect accuracy, leading to a significant uptick in Business Email Compromise (BEC) scams. Countermeasure: Educate employees about identifying phishing attempts. Combine training with email security solutions that use AI to spot malicious content in real-time. 5. Quantum Computing: A Double-Edged Sword While quantum computing holds promise for breakthroughs in cryptography, it also poses a significant risk. Quantum machines can potentially break traditional encryption algorithms, threatening the security of sensitive data. Future-Proofing Your Data: Transition to quantum-resistant encryption algorithms. Stay informed about the latest standards, such as those from the National Institute of Standards and Technology (NIST). 6. Zero-Day Exploits and Vulnerability Markets Zero-day exploits remain a lucrative market for attackers. These are vulnerabilities unknown to the vendor, allowing attackers to exploit systems without detection. In 2024, Kaspersky researchers identified a new wave of zero-day attacks targeting critical infrastructure. How to Protect Your Systems: Implement multi-layered security solutions, including virtual patching. Regularly update software and firmware across all devices. Conclusion: Staying Resilient in a Dynamic Threat Landscape The cybersecurity battlefield is shifting rapidly, but the tools and strategies for defense are evolving as well. Staying informed about emerging threats is the first step toward resilience. Solutions like Kaspersky Threat Intelligence Services and Kaspersky EDR are designed to provide proactive defense capabilities, helping organizations mitigate risks before they escalate. As we move further into 2024-25, a proactive approach to cybersecurity—one that combines robust technology with informed human oversight—will be key to staying ahead of adversaries. Stay secure, stay vigilant.

Hello. Thank you for your quick reply. 1 I use Opera and Firefox 2 I don't know how to check if I'm using Incognito / Private mode? but rather not, because I didn't change it. 3 I didn't install anything extra. 4 Yes, the problem repeats. 5 The problem started a week ago. 6 I'm using Windows 11 7 Kaspersky Premium 21.19.7.527 8 Yes

I got a notification around 2.55pm today (20 Nov 2024) from Kaspersky saying malicious object detected: HEUR:Trojan.Multi.Misslink.a I clicked on it too clickly and was not able to check what the detection item actually was, to diagnose where it came from. Here are the 3 logs for disinfection: How or what can I check or use to determine the source of this registry key that was so threatening? I want to know what malicious launch activity it was doing while disguising itself with Run:Steam.

Dear Support Team, Please I have my website https://www.cilico.com/ and https://new.cilico.com which does not have a Phishing now. I totally cleaned it but Kaspersky keeps flagging my domain and subdomain as dangerous. This scan shows that no threats were detected in our files, further indicating that these detections are likely false positives. ClamAV Scan Results: However, these domains are still flagged, and our newly developed temporary domain, new.cilico.com, which is scheduled for an upcoming launch, has also been flagged. Kindly reanalyze for me. Help me remove the blacklist. Thank you very much!

I can't launch valorant it says the app doesnt give permission to enable i cant launch valorant while kaspersky is on. It says this app doesn't give permission to open valorant. Please provide a solution

Hi, I was just checking my Kaspersky license(s) the I noticed that notice(s) and notifications in notification area (bell icon) is in another language. For example, when My Kaspersky just opened (by clicking menu from Kaspersky Standard > Profile) there are two notices. One saying I have to authorize first to access My Kaspersky, the other one is about Kaspersky PURE license isn't being used but in Spanish (notifications area also in Spanish). After a refresh, the notice and notifications area changed to French. screenshots attached All other element(s) still in English and the site is set to English (I even re-set it to English) How and why did this happen? My laptop region and language setting is English (Indonesia). Installed keyboard layout are English (active) and Japanese (inactive)

I finally resorted to stopping Kaspersky from starting up on next Restart. I got my software downloaded and installed, then restarted Kaspersky. Quick scan to check for threats - none detected. The file disappeared again so I know it's Kaspersky that is deleting the file and there is zero warning or record of the deletion - this is not acceptable. I want Kaspersky to aggressively protect me but not without my knowledge.

Hello @Psiu47, Welcome back! For (your) own privacy & security please hide all personal information before posting to any public forum. With all bugs (you're) finding do not assume the Kaspersky 'programming staff' somehow magically know about them & will fix them; please follow the correct process & log incident requests with Kaspersky Customer Service so the issues are registered in the Kaspersky system & allocated to the expert Kaspersky teams; you can also make posts in the Forum but please include the logging of the issues into (your) process. We don't know which "bugs" (you're) referring to - they're not discussed anywhere in this topic & our recommended process is a clean install always which (you've) eventually done, successfully - which, without seeing historical data from your machine implies there was a problem with the previous installation. Again, no idea what "quick mouse action got back to normal" refers to, it's not discussed anywhere in this topic, but it's clearly fixed. Ok. fixed. Don't understand this question, please provide more information? This has been complained about by a multitude of Kaspersky users, our observation so far is Kaspersky has not shown any indication that they're willing to change it, nor have they explained why they've designed it as they have; they are aware it impacts people with vision issues. In Interface settings there's Design theme, with Dark option, it still has the two different colours but may be more comfortable (for reading/focus)? This is a known issue, currently in hand with @Mikhail Shakhov, please read: URL Adviser / URL Advisor not working (green icons missing in searchg results). Thank you🙏 Flood🐳+🐋

Hey there again fellas from Kaspersky forum. It have been quite a while I was resisting to use Kaspersky Standard 21.18.5.438(a) and by then there have been bugs it were annoying me for months and the thoughts about the programming staff be willing to fix them were being left aside. I had to push my attempts to fix the problem by myself. Relieved I am by today as the unknown bugs were resolved, there have been few more problems I'm highlighting here. Went to My Kaspersky and downloaded once more KS installer. I've tried repairing the installation but no effects and bugs were still occurring. Then I pushed forward to uninstall the whole antivirus program and putt to install from scratch. After two consecutive OS restarts, the quick mouse action got back to normal. KSN / virus scan are displaying as should and seems to bug on report page are no longer disappearing. However this kaspersky4win202121.19.7.527pt_46480.exe installer is a differnt version which I've noticed later. So what was the deal for using Kaspersky Standard 21.18.5.438(a) before? Other observations I've noticed is that the interface for KS 21.19.7.527(a) is somehow mixed with a gray color bar on the left that makes the reading on the right side be harder to focus. Tried to change the interface between simple and Operating System match but made no any impact at all. Is the company looking forward to fix this color layout? Other question why is Kaspersky Protection extension on Google Chrome 130.0.6723.117 browser not popping the indexed information KSN window when I move mouse cursor onto those green K icons? They work as intended on Microsoft Edge but on Google Chrome they won't.

My Windows 11 device is currently suffering from a problem that makes Explorer to launch extremely slowly and making the context menu almost unusable. The symptom looks like Explorer is taking forever to load Kaspersky's context menu. Uninstalling Kaspersky solved the issue and re-installing it can reproduce the problem. The context menu looks like this if Kaspersky is installed ("正在加载..." means Loading...) When trying to show more options, Explorer will become unresponsive and must be killed using Task Manager. If you wait long enough, the context menu will eventually load. The version of Kaspersky Plus is 21.19.7.527(a). I didn't experience this problem before yesterday, and I haven't downloaded/installed any new software during this time. I checked all other context menu entries and tried to uninstall them, but it seems like it's Kaspersky that is causing the issue. Disabling Kaspersky has no effects, it must be uninstalled for Explorer to function properly again. The last Windows Update is on 10/26 and the patch is KB5044384. I've been using Kaspersky for years and never experienced problems like this. But I think I'll just uninstall Kaspersky for my PC to handle my work properly.

Hello @Leo24 To investigate which process or application loaded this DLL and triggered the error, examining the Windows Event Logs and Process Monitor can be very effective. Here’s a step-by-step guide to help you track down the source of the load error: Step 1: Check the Windows Event Viewer The Event Viewer can reveal system or application errors related to DLL loading issues. Open Event Viewer: Press Win + R, type eventvwr, and press Enter. Navigate to System and Application Logs: In the left pane, expand Windows Logs and select System. Look for Error or Warning events that occurred around the same time as the DLL load error. Similarly, check under Application for any error entries related to DLL loading or system issues. Filter Event Logs: You can filter the logs to make it easier to find specific events. Right-click System or Application logs, select Filter Current Log…, and filter by Event level (select "Error" and "Warning") and the time range you suspect. Look for events with ID 1000 (Application Error) or ID 7000 (Service Control Manager). These may indicate specific errors related to failed DLL loads. Analyze the Event Details: Click on any relevant event and review its General and Details tabs. Note any filenames, process names, or paths related to the load error. Step 2: Use Process Monitor to Track DLL Loads Process Monitor (from Sysinternals) is invaluable for tracking file activity and pinpointing which process tried to load the DLL. Download and Launch Process Monitor: You can download Process Monitor from the Microsoft Sysinternals site. Run it as an administrator for full access to system events. Set a Filter for the DLL File: In Process Monitor, go to Filter > Filter…. Add a filter for Path that contains the name of the DLL (e.g., kernel32.dll). Click Add, then OK to apply the filter. Reproduce the Load Error: Try to reproduce the scenario that triggers the load error if possible. Process Monitor will capture the events related to this DLL. If the load error appears randomly, you can simply let Process Monitor run in the background while observing for the error. Analyze the Process Monitor Logs: Look for entries related to the DLL in question. Check the Process Name and PID (Process ID) to identify which application or service was attempting to load the DLL. Examine the Result and Details columns, especially for any entries marked with Path Not Found, File Not Found, or Access Denied errors. Investigate the Process Details: Once you have identified the process triggering the load error, you can investigate further by: Checking if this process has known issues with dependencies or compatibility on Windows 7. Verifying if updates or reinstallation are available for this application. Step 3: Review System Startup and Autoruns If the DLL load error occurs during startup, it may be linked to startup programs or services. Use Autoruns (Sysinternals Tool): Download and run Autoruns. Go to the Everything tab and search for entries related to the DLL or the process name. Disable any non-essential entries that reference the DLL, restart your computer, and see if the error persists. Summary These tools—Event Viewer, Process Monitor, and Autoruns—can give you a clearer picture of the process triggering the load error. Let me know if you discover any specifics, and I can help further analyze the findings. Thank you

Hello, @Leo24 Received, then there is no problem with the file itself, so let's investigate who loaded this file and made the error. We may need to try to find some clues in the Windows logs. We need to get here. Start by pressing the Win + R keys on your keyboard. Second, in the pop-up Run window, type: eventvwr.msc and press Enter. Check the opened System Event Viewer for anything about the kernel32.dll error and see if there is any mention of the process that went wrong. We are waiting for your reply if you find relevant content. Regards.

"Maybe you can tell us which program you run when this error appears" •Please be informed that during download pdf articles, such announcement ..."kernel32.dll ... Entry Point Not Found"... popped up twice on two separate occasions. Also such announcement popped up, while using Pdf Creator, within an attempt to "print" the selected article. Moreover, Acrobat Reader DC version 22.3.20314.0 used to freeze for ~ 10 seconds after file opening. So, it was uninstalled and replaced with the earlier AdbeRdr11010. "whether there is any malicious program activity on your computer" •In fact, Internet drop-outs persisted for some time! Ten minutes after starting Internet session and then variously. As I was about to finish and while checking Wireless Network Connection Status, often interruption occurred. • "You can send a screenshot of the error here" Sadly, I failed to figure it out on my Latitude E5540 (Win 7 Pro), while using Fn + Print Scr keys. Possibly, due to the planned obsolescence by Dell. Consequently, some keyboard keys didn't work, yet the numeric pad numbers functioned OK.

Hello @Gigabyte You’re absolutely on the right track by blocking attacker IPs temporarily and focusing on keeping everything up-to-date. The combination of Kaspersky Endpoint Security (KES) and Unifi Network Application running on the same server does introduce unique complexities, especially when managing network security in tandem with endpoint security. Let’s optimize your monitoring and incident response a bit further. Suggested Steps to Streamline Your Approach: 1. Adjust Temporary IP Blocking Policy for KES If you notice multiple repeated attacks from the same IPs, consider increasing the block time from 1 hour to 24 hours or longer to reduce workload. Use Kaspersky's automatic response settings to log attack sources more effectively and identify persistent threats. 2. Check Kaspersky Logs More Thoroughly In KES, look under: Copy code Reports → Intrusion Detection or Network Threat Protection Look for event logs that indicate blocked attacks and cross-reference the exact timestamps with the Unifi Network Application logs. This can help determine whether it’s a real attack or an environmental quirk (e.g., false positives from network probing tools). 3. Enable KES Application Control Policies (if not already active) Set rules that restrict the Unifi Network Application’s communication to trusted IPs only. This reduces the risk of malicious actors exploiting vulnerabilities in either the network or application console. 4. Unifi Controller Logs and Device Segmentation Strategy Even though the Unifi APs remain functional when KES blocks an IP, it’s worth checking: Events and Alerts in the Unifi Network Console: Look for anomalies like multiple disconnections or abnormal bandwidth usage. System logs on the server hosting the Unifi application to confirm there’s no indirect issue. Use device grouping and segmentation to ensure critical infrastructure stays isolated from guest and IoT devices on the same network. This minimizes attack surfaces. 5. Regular Threat Intelligence and Firmware Sync Continue applying the latest firmware and software updates to both KES and Unifi systems. Subscribe to Kaspersky’s Threat Intelligence feeds and Ubiquiti’s community alerts to stay ahead of any vulnerabilities or zero-day issues that may arise in their platforms. 6. Automate Device Blocking via Unifi Policies (Optional) If attacks become more frequent, you can configure Unifi's firewall rules to temporarily block devices at the AP level, rather than relying solely on KES. This will ensure that malicious connections are dropped network-wide without affecting device usability. 7. Conduct a Test Simulation Simulate an intrusion attempt in a test environment to ensure both KES and the Unifi Network Application work harmoniously without introducing conflicts. This will also give insights into which logs to focus on for quick future troubleshooting. In essence, it sounds like KES is doing its job well by blocking suspicious connections without disrupting regular operations. Keep up the monitoring efforts, and cross-check logs regularly to ensure alignment between KES and Unifi security policies. If the issue persists or escalates, a more permanent IP blacklisting strategy or additional network segmentation rules might help eliminate attack vectors more effectively. Thank you