Jump to content

Bug(?) Kaspersky Free finds generic trojan in .reg files when registring with RegEdit in Windows 10 [Solved][Closed]


Go to solution Solved by harlan4096,

Recommended Posts

Posted
Hi! I always do backups when using CCleaner to "clean" the system registry. This time it had cleaned to much (or I was not awake enough) and Outlook stopped functioning. When I tried to re-register a backup registry file for that day, Kaspersky promptly deleted the file and blocked RegEdit. I scanned RegEdit, all the .reg backup files and even CCleaner. All clean! I then restored the file from Quarantine and scanned it as well. Nothing! I do not get support with the Free version, so I did all that I could do - I paused protection and registered the backup files anyway. After that I scanned all the Office folders - nothing. I restarted the PC and everything was fine - even Outlook functioned again. (I activated protection again of course) So I have to ask - is this a bug, a chance occurence or what? Is there anything else I should/could have done? If you need more information (OS or Free versions) just ask. :nerd:
Posted
Welcome to the New Kaspersky Community! Even being a bat file with legitimate commands (that may be use to malicious behaviour also), probably their behaviour triggered "System Watcher" (Proactive Defence Module), in these cases You may try to add an exclusion.
Posted
harlan4096 : Thanks for your quick reply. I also thought of that, but would this not weaken my defence? There must be a reason why .reg files could be considered a threat, right? Do you know if RegEdit has sort of built-in defence that could maybe warn against a file it is trying to register? That way I would feel much more at ease doing an exclusion for.reg files. :thinking:
Posted
Do you know if RegEdit has sort of built-in defence that could maybe warn against a file it is trying to register?
In my opinion: no. Is a feature that the Antivirus itself offers.
Posted
Okay so what "security" do you have installed besides Windows Defender?
Posted
KarDip : Hi! My son works for Kaspersky (David Jacoby), so I have tried all the latest fancy versions, but I really do not need all those bells and whistles, at least not now that I am retired. All I need is a simple A-V that checks everything and stops an infection from anywhere. I do not mind paying, as I have done in the past, but I think that there could be a version between Free and "standard" at a low cost for people like pensioners. I do not know how Europe and Russia treat their pensioners, but in Sweden we pay more taxes than the employed, so it doesn't leave us with much! So when Kaspersky came out with the free version, with all the functions it has, there was no choice for me really - it was made for me. I have been amongst other things, an IT technician, so I don't always need support, but instead a place I can communicate with like minded souls and be able to give any feedback or bug reports when necessary - like here! Good one Kaspersky! :sunglasses:
Posted
KarDip : re "other security" Windows Defender. :wink:
  • Solution
Posted
MacDknife: it would be an specific exclusion only for that reg file, not for all reg files in general ;)
Posted
Okay thank you for that. Free version has limited resources, usually used with you have other active full defence.
Posted
Okay the other option for you in particular why not just do a restore point? If it succeeds your troubles will vanish.
Posted
The Shield Thank you. If only Kasperky (Free) can prevent an infection through a .reg file (Windows Defender said nothing), should it then not be more accurate in it's accessment? There must at least be a better reason to stop RegEdit cold and delete (!) the .reg file, just based on the fact that it may have (or not) a generic trojan. I feel that if the software senses that a file might be infected or contain dangerous code, that it then does not just delete and quarantine without first doing a double or even tripple check to see if it is so or if the file just contains normal code. To me it seems as if the A-V was actually trying to prevent the ANY registration of the.reg files. Maybe it should do that - BUT it should at least double check first in some sort of isolation/sandbox, before deleting the file. It could then also present a more accurate version of the culprit in question. I do not know if this function exists in the paid versions, but I think it should - in all versions. Just saying... :nerd:
Posted
KarDip : re "restore point" My restore point was the .reg backup files. I have not considered another option as this has not happened to me before. I have re- registered those files before without any commotion. But, everything changes, so I guess I will have to reconsider.... :yum:
Posted
harlan4096 : re: "specific exclusion" Ahh! I have just tested. Yes it is only for that one file. Then I still feel as though an exclusion would over the top. I cannot know if a particular file is going to generate a hit with the A-V, so I can only fix this in hind sight. I cannot know if that file contains a actual dangerous code, so if I do an exclusion, or just pause protection, it doesn't really matter. I normally only use the file once and pausing the protection is quicker. :wink:
Posted
@All: Thanks for all the advice. I recieved more answers that I had bargained for and had a bit of difficulty keeping up, but I think I know what to do in the future. Sorry KarDip, not your first suggestion, but maybe doing a restore point before doing any registration in the system register, is not a bad idea! Bye all! Have a good one! :smile:
Posted
OKay thank you @ MacDknife Restore point is magic if it works for you. Please do not clean your Registry, it is all bad news.
Guest
This topic is now closed to further replies.


×
×
  • Create New...