Jump to content
Kaspersky Support Forum

How come an unofficial exe was put in the Trusted category of the App Firewall?

Studynx

By Studynx
in Kaspersky Total Security

 Share

Recommended Posts

Studynx

Studynx

Posted
Posted

I did a test with KTS on a VM where it wasn't in Enhanced Session mode so no ctrl C - CTRL V worked to secure myself.

I downloaded this exe <removed> , ran it via VirusTotal, nothing found, OK. I ran it on the VM, and I looked in the App Firewall, it was put in the Trusted category. Why? It's not the official program, and according to VirusTotal, it doesn't have a valid certificate. Apparently Trusted category is applied if either it has a valid digital certificate OR it's found in the Kaspersky database.... how can a non-official patched program be in the Kaspersky database as safe?

 

Am I misunderstanding soemthing?

harlan4096

harlan4096

Posted
Posted

Welcome to Kaspersky Community.

 

image.thumb.png.7857f4be825cf658e45f613c82c3b3c9.png

 

This file HitmanPro_x64.exe appears as Trusted in KSN (so probably not modified), but not the other HitmanPro.exe...

Studynx

Studynx

Posted
  • Author
Posted
13 minutes ago, harlan4096 said:

Welcome to Kaspersky Community.

 

image.thumb.png.7857f4be825cf658e45f613c82c3b3c9.png

 

This file HitmanPro_x64.exe appears as Trusted in KSN (so probably not modified), but not the other HitmanPro.exe...

The one I linked to, from the torrent site, was indeed put in the Trusted category, hence my question. 

Which is something I don't understand how it could happen

harlan4096

harlan4096

Posted
Posted

I also downloaded that torrent link files, and checked both exes with KSN.

 

Every app Trusted in KSN will be put in Trusted group, so maybe You executed that one...

Studynx

Studynx

Posted
  • Author
Posted
2 minutes ago, harlan4096 said:

I also downloaded that torrent link files, and checked both exes with KSN.

 

Every app Trusted in KSN will be put in Trusted group, so maybe You executed that one...

No, I ran the one from the torrent site. In fact I'm going to do it again and show you

Imgur: The magic of the Internet

 

As you can see, somehow this app from the torrent site got put in the Trusted category

harlan4096

harlan4096

Posted
Posted

Those 2 captures I posted are from the torrent site I also downloaded... and one of them, the x64, looks legit seems it is Trusted in KSN, as I showed in one of my captures.

Studynx

Studynx

Posted
  • Author
Posted
Just now, harlan4096 said:

Those 2 captures I posted are from the torrent site I also downloaded...

Okay so I guess my question is how come that "unofficial" exe is in the KSN database as a safe app if it's not the official application downloaded from Hitmanpro's official website? It's pre-patched, it's not the official app and lacks a valid signature

  • Like 1
harlan4096

harlan4096

Posted
Posted

I don't know... I will investigate it, trying it in a VM...

KOTIP analysis:

https://opentip.kaspersky.com/E482B49A4FB1A43700C4E23E7C8F0794EF6FC06422644ED75907995A6B7A4187/results?tab=upload

https://www.virustotal.com/gui/file/e482b49a4fb1a43700c4e23e7c8f0794ef6fc06422644ed75907995a6b7a4187/detection

It's weird, because almost no main av firms detect it as suspicious... ?

I've already reported it to K. analyst via KOTIP.

Studynx

Studynx

Posted
  • Author
Posted
5 minutes ago, harlan4096 said:

KOTIP analysis:

 

https://opentip.kaspersky.com/E482B49A4FB1A43700C4E23E7C8F0794EF6FC06422644ED75907995A6B7A4187/results?tab=upload

 

https://www.virustotal.com/gui/file/e482b49a4fb1a43700c4e23e7c8f0794ef6fc06422644ed75907995a6b7a4187/detection

 

It's weird, because almost no main av firms detect it as suspicious... ?

So 9 suspicious activities but then the file is clean? How am I supposed to interpret this?

  • Like 1
Xzz123

Xzz123

Posted
Posted

dont worry

I use pre-patch HitmanproA too

 It is safe and no scan detection from Kaspersky

but it will be detected as malicious when you run the pre-patched installer by Kaspersky's system watcher-A Proactive Defense module.

so do not run the pre-patched installer when Kaspersky is turned on. 

After installation, you can re-enable kaspersky.

 

there is a possibility that this pre-patched hitmanproA installer was once forwarded to Kaspersky Lab for detailed manual analysis by someone. And after a Thoroughly analyze, KL believe it is indeed post no harm to you. So at last this file is white-listed by KL.

 

  • Like 1
Studynx

Studynx

Posted
  • Author
Posted
26 minutes ago, harlan4096 said:

I just got K. analyst verdict:


 

Why is it that whenever I submit for a second evauation, they never reply to me via email? 

harlan4096

harlan4096

Posted
Posted

? Do You do it being logged in Your My Kaspersky account?

Studynx

Studynx

Posted
  • Author
Posted
13 minutes ago, harlan4096 said:

? Do You do it being logged in Your My Kaspersky account?

No. Do I have to be?

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...