Exclusions doesn't work in Kaspersky Security Cloud Free

[ccm58]

In Kaspersksy Security Cloud Free latest version 21.3.10.391g, Exclusions in Settings doesn't work. It worked in earlier versions but after updating to version g, it doesn't. I had to uninstall KSC because it flags some programs as malware but they are obviously not. Then because Exclusions don't work, it kept on detecting.  

Please fix Exclusions as soon as possible..

[Berny]

@ccm58 Welcome.

Do you suspect a false positive , please provide detection details ?

Link

 

[ccm58]

It’s not a matter of false positives. Let’s say I add a folder C:\Test to Exclusions. Then I deliberately put a test virus like eicar into that folder. KSC should ignore if I run eicar from that folder. Other companies’ antivirus programs will let me run the test virus if I add the folder to their Exclusions.

As I said, the latest version broke the Exclusions function. I read others have the same problem. I hope the developers can fix this problem in next update.

[Berny]

@ccm58

Only if you trust the object please try this :

• Disable option : Settings > General > Perform recommended actions automatically
• Kaspersky will ask you to decide which action to take on detected objects
• Chose for “Quarantine”
• Restore the  quarantined object
• Create an exclusion rule for the object
• Enable option : Settings > General > Perform recommended actions automatically
• Reboot

[ccm58]

I did as you asked but KSC Free still detects the excluded file. All this is because of a bug in latest version of KSC Free: Exclusions don't work all. No point troubleshooting when the function doesn't work until Kaspersky fix it.

As this is “other software that can be used by criminals to damage your computer”, I unchecked the box in Threats and Exclusions to avoid the annoying detection.

Thank you for responding. Please ask the developers to fix this as soon as possible as it affects millions of KSC users.

[Berny]

@ccm58 Can you please provide a screenshot from your exclusion rule.

[ccm58]

There is no need as I uninstalled KSC Free because I found out it interfered with Macrium Reflect Free creating a Windows Boot Menu. The Menu can't show Drive C.

I only recently found out that KSC’s Exclusions don't work, so probably its Trusted Applications don't work too. So my exclusion of Macrium probably didn't work and maybe System Watcher prevented it from doing its work. I have installed another antivirus and now Macrium works fine.

Thank you Berny for your responses but for now I'm not using KSC.

 

[Guest]

Hi,  I would like to pick this thread up as the same is happening for me.  I use a tool called syncthing and synctryzor.  The warning is for syncthing.exe in the users appdata/roaming/synctrayzor folder.  I have added this folder to the “ignore” list under exclusions in two seperate forms but day after day for hte last 4 days it has been popping up as a new detection daily.

 

The two rules I created are:

 

1.

 

2.

The exclusions are added. I want this program. It is only a PUP and I want this PUP as I use it to backup on the LAN only

 

This only started on the latest release. 

 

Thanks

Paul

 

[Wesly.Zhang]

Hi,  I would like to pick this thread up as the same is happening for me.  I use a tool called syncthing and synctryzor.  The warning is for syncthing.exe in the users appdata/roaming/synctrayzor folder.  I have added this folder to the “ignore” list under exclusions in two seperate forms but day after day for hte last 4 days it has been popping up as a new detection daily.

 

The two rules I created are:

 

1.

 

2.

The exclusions are added. I want this program. It is only a PUP and I want this PUP as I use it to backup on the LAN only

 

This only started on the latest release. 

 

Thanks

Paul

 

Hello, @ccm58 

There are three important thing.

A: if you set a exclusion rule for a certain file, KL Product will still detect the file if you force scan the file which you have set the exclusion for. For example, You set c:\new folder\1.exe to exclusion rule. you use right-click item to scan 1.exe forcefully , KL product will still detect the file , ignore the exclusion rule.

B: if you set a exclusion rule for a certain file path, such as c:\new folder\* , if you add malware name in the Object item, this is OK. if you scan new folder, 1.exe will be ignore by KL Product, There is no any detection information and add a reason for this behavior named “skip”. if you forcefully scan 1.exe, the file still will be detected.

C: if you set a exclusion rule for a certain file, such as c:\new folder\1.exe. please set blank in Object item, do not use *. if you scan c:\new folder\, 1.exe will be ignore by KL product, otherwise, you scan c:\new folder\1.exe, the file still will be detected.

No matter how you set it up, if you specify a file for forced scanning, the exclusion rules will be ignored. This is by design and not a problem.

Regards.

 

[ccm58]

Thank you for explaining the 3 points above.  Why does Kaspersky make it so complicated? The average user doesn't know all these rules and wants things to be straightforward.

Please clarify:

 

1. By ‘forced scanning’, I assume you mean Explorer Scan.  If the 3 points are done as you said, what about Full Scan or Quick Scan?  Will 1.exe still be detected?

2. I had excluded entire program folders according to the 3 points. But my program still didn't work properly untii I uninstalled KSC. Perhaps the Trusted Applications section too didn't work or perhaps System Watcher kept on blocking my program. KSC Free doesn't allow us to control or exclude programs in System Watcher.

I used KSC Free, and Kaspersky AV Free before that, since they first came out and they didn't interfere with my programs. It was only recently so I still think that something is wrong with latest version.

 

 

[Guest]

Hi,

 

For me - I did not do any forced scans.  I added the exclusion for the whole but…   I did use * in the two fields. Using a star is how I have always done it and all my other rules work just fine. In fact, when you set a rule up and leave the two fields blank the system inserts the stars after it is saved.  To do a test I added c:\temp with no entry in both fields and when I looked back htis is what I see:

 

for me … I have ditched Syncthing as I don’t like the way it works (with replication nodes out of my LAN which could be on systems that are used for TOR and other things out of my control) and they have not made it easy enough to make it a LAN based only tool (with a single click).  You have to fiddle around too much (expecially if you use it with SyncTrayzor).

 

I cannot do any more testing on this as it no longer exists however - I do think there is a bug in Kaspersky latest release.  Time will tell. 

 

Paul

 

[ccm58]

HI Wesly.Zhang,

I reinstalled Kaspersky Security Cloud Free (version 21.3.10.391g) and tried your 3 points. 

When scanning just the excluded folder, it still detected the malware inside it. If I open the malware inside the excluded folder, KSC quarantined it. 

So Exclusions in this version doesn't work. Earlier versions did work.

I have uninstalled KSC and installed another antivirus program with built-in firewall.

[Wesly.Zhang]

HI Wesly.Zhang,

I reinstalled Kaspersky Security Cloud Free (version 21.3.10.391g) and tried your 3 points. 

When scanning just the excluded folder, it still detected the malware inside it. If I open the malware inside the excluded folder, KSC quarantined it. 

So Exclusions in this version doesn't work. Earlier versions did work.

I have uninstalled KSC and installed another antivirus program with built-in firewall.

Hello, @ccm58 

First, I don’t what your settings for exclusion rule. I do the following settings and do a simple test, No problem occur. So do you provide your exclusion rule?

create c:\new_folder folder.

Add a exclusion rule: c:\new_folder\* in File or folders, Emptyor *  in Object and File hash code. All compenents is selected.

First scan: Scan c:\new_folder using right-click new folder to select “scan for virus…”, here is the result.

Second scan: Scan c:\new_folder\eciar.com using right-click eciar.com to select “scan for virus…”, here is the result.

What KL product behavior in the first scan in your side? Of course, it is your choice whether you use other av product.

Regards.

[ccm58]

This is strange. I used same settings as you and used the eicar virus too. Except perhaps my Excluded folder is in an external hard disk. 

On another matter, as I don’t have the Paid version, can you please tell me whether Kaspersky Firewall is better than Windows 10 Firewall? If so, why?

[Wesly.Zhang]

This is strange. I used same settings as you and used the eicar virus too. Except perhaps my Excluded folder is in an external hard disk. 

On another matter, as I don’t have the Paid version, can you please tell me whether Kaspersky Firewall is better than Windows 10 Firewall? If so, why?

Hello,

If the external hard disk often change the driver letter, you can use this mask of the file path

?:\YOUR FILE PATH\*

PS. I don’t know what’s meaning of Kaspersky Firewall and Windows 10 Firewall?  You means Windows Network firewall or windows defender?

If you want to control some applications behavior or any advanced function, I advise you use KIS/KTS. because these products have application control function. if no, you can use windows defender or KFA, They can provide basic protection for you.

Regards.

[ccm58]

Hi Wesly.Zhang,

I think I figured out what’s wrong. I did a clean reinstall of Kaspersky Security Cloud Free and excluded a folder. To my surprise, it now worked as you said. I then imported my saved settings and Exclusions still work. 

I then did a second clean reinstall of KSC Free after I uninstalled it. This time I imported my saved settings before I excluded a folder. Now Exclusions don't work.

I think I need to export my settings every time there is a new upgrade as saved settings may not work on a newer version.

While using another AV, I like that it supports Brave browser which KSCF does not. I had to rename ‘Brave.exe’ to ‘Chrome.exe’ and then KSCF works fine on Brave. Why can't Kaspersky work on other browsers by just recognizing Brave.exe, Vivaldi.exe, etc?

[Wesly.Zhang]

Hello @ccm58 

KL doesn’t recommend user import old build config backup file.

Brave.exe, Vivaldi.exe are based on chromium but there are too many such Google kernel browsers all over the world. There are too many such Google kernel browsers all over the world. The number of users is uncertain, and it is not an industry benchmark. I think spending development manpower to adapt to this type of browser may not be the main consideration now. It may be supported in the future or it may never be.

Regards.

 

[ccm58]

You said “KL doesn’t recommend user import old build config backup file.” This explains the problem with Exclusions I had. There should be a reminder to backup again after a program update as no one seems to know there is such a problem.

Now that Exclusions problem is solved, I am reverting to KSC Free because it is the lightest AV program I know. I read it is even lighter than Windows Defender.

As for Brave browser, changing ‘Brave.exe’ to ‘chrome.exe’ makes KSC and Kaspersky Protection extension work on it.

Thanks to all who replied to me here giving me such valuable info. TQ.

[richaardvark]

I am experiencing this same problem and it is DRIVING ME CRAZY. ???

I have a couple of Windows PE Recovery bootable disk image ISO files saved on a locally networked drive.  These tools are extremely helpful and essential to me for rescuing/repairing/administrating my various personal computers and are very common tools.  However, every antivirus program flags these types of Windows PE recovery tools as containing dozens of viruses/malware due to the types of applications contained within which can be used to make major changes to Windows/any operating system/system files, etc.  They’re not malicious or harmful tools (perhaps someone could use them in a malicious manner but I am not - I simply like to have these resources available for when I have major problems with one of my machines and have to make intensive system repairs).

 

I’ve been running Kaspersky Security Cloud - Free for several months now (current version 21.3.10.391) and have had no major issues.  However, last night I decided just for the heck of it to be proactive and to let KSC run a full scan.  I now regret doing so. ??  KSC apparently found its way onto my local network attached storage (NAS) drive and found two of these Windows PE recovery .ISO disk files and has now flagged my system as having 178 “objects”: 

 

A couple of things here are really infuriating me… ??

 

First of all, why can’t I select “apply to all” when I tell KSC to “Add to exclusions”? It becomes greyed out when I check the “apply to all” checkbox:

 

I am NOT going to sit here and manually review/add each “object” one by one, 178 times… no way.  I’m trying to start my day and I can’t because my desktop is hijacked by KSC’s annoying warnings and messages.

 

I have also tried adding exceptions for the files themselves/for my entire remote network drive per the comments above in this thread and this is not working either.  After I saved these manually created exception rules and noticed the warning for the found 178 objects had not gone away I then tried once again manually running a full scan, hoping that now that the exception rule was in place that these files would be re-checked and ignored but was not happy to find this not to be the case.  If you exclude a file/folder it needs to be unflagged if a full scan is re-run.  Do I really have to backup/export my settings, uninstall/reinstall KSC, import my saved settings, and then once again deal with making all the annoying sales pop-up advertisements and warning notifications go away every time this happens?  Is this the only way to make KSC stop freaking out over files I have told it to ignore?  If so, this is TERRIBLE design and I am not going to be able to use this software any longer.  WIndows Defender immediately stops warning you once you add a folder/file as an exception. Kaspersky Security Cloud needs to do the same.