Jump to content
Kaspersky Support Forum

how can kaspersky failed badly against terminator virus ??

nareshmeena

By nareshmeena
in Virus and Ransomware related questions

 Share

Recommended Posts

Gionatan

Gionatan

Posted
Posted

This option (unchecked) can help vs trusted signed drivers?

 

intrusion prevention.jpg

  • Like 2
Yury Parshin

Yury Parshin

Posted
Posted
11 hours ago, Xeno said:

Is this going to help against other drivers that terminate Kaspersky? I've seen other ones terminate the anti-virus (in detections) but what if there is a day zero one?

It is impossible to block generically all vulnerable drivers in advance because we are working on the same access level. But is is possible to block known drivers, rules for blocking are updated regularly

  • Like 1
Yury Parshin

Yury Parshin

Posted
Posted
8 hours ago, Bav said:

But it didn't cause terminator was shutting down a fully enabled kaspersky just last week. Again, it's all on video with proof. And it happened SO Fast, kasperky didn't even try to stop it.

It's unknown what's in this video. But definitely not a publicly available utility Terminator using Zemana driver

  • Like 2
Yury Parshin

Yury Parshin

Posted
Posted
4 hours ago, Gionatan said:

This option (unchecked) can help vs trusted signed drivers?

 

intrusion prevention.jpg

No, this option for user mode applications

Xzz123

Xzz123

Posted
Posted
10 minutes ago, Yury Parshin said:

It is impossible to block generically all vulnerable drivers in advance because we are working on the same access level. But is is possible to block known drivers, rules for blocking are updated regularly

Hello sir

I found some vendors may use hardware virtualization to enhance HIPS and proactive defense. Is it possible that K product also use hardware virtualization to block more R0 level dangerous actions? for example, direct syscall.

thx

Xeno

Xeno

Posted
Posted (edited)
7 hours ago, Yury Parshin said:

It is impossible to block generically all vulnerable drivers in advance because we are working on the same access level. But is is possible to block known drivers, rules for blocking are updated regularly

Couldnt it be possible though to stop unknown drivers - take the safe rather than sorry approach. In theory really, you shouldnt have unknown applications try to terminate Kaspersky.

Edited by Xeno
Xeno

Xeno

Posted
Posted
15 hours ago, Yury Parshin said:

It's unknown what's in this video. But definitely not a publicly available utility Terminator using Zemana driver

Possible they made a exclusion to test just its termination abilities

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...