Jump to content

How come an unofficial exe was put in the Trusted category of the App Firewall?


Recommended Posts

Posted

I did a test with KTS on a VM where it wasn't in Enhanced Session mode so no ctrl C - CTRL V worked to secure myself.

I downloaded this exe <removed> , ran it via VirusTotal, nothing found, OK. I ran it on the VM, and I looked in the App Firewall, it was put in the Trusted category. Why? It's not the official program, and according to VirusTotal, it doesn't have a valid certificate. Apparently Trusted category is applied if either it has a valid digital certificate OR it's found in the Kaspersky database.... how can a non-official patched program be in the Kaspersky database as safe?

 

Am I misunderstanding soemthing?

Posted

Welcome to Kaspersky Community.

 

image.thumb.png.7857f4be825cf658e45f613c82c3b3c9.png

 

This file HitmanPro_x64.exe appears as Trusted in KSN (so probably not modified), but not the other HitmanPro.exe...

Posted
13 minutes ago, harlan4096 said:

Welcome to Kaspersky Community.

 

image.thumb.png.7857f4be825cf658e45f613c82c3b3c9.png

 

This file HitmanPro_x64.exe appears as Trusted in KSN (so probably not modified), but not the other HitmanPro.exe...

The one I linked to, from the torrent site, was indeed put in the Trusted category, hence my question. 

Which is something I don't understand how it could happen

Posted

I also downloaded that torrent link files, and checked both exes with KSN.

 

Every app Trusted in KSN will be put in Trusted group, so maybe You executed that one...

Posted
2 minutes ago, harlan4096 said:

I also downloaded that torrent link files, and checked both exes with KSN.

 

Every app Trusted in KSN will be put in Trusted group, so maybe You executed that one...

No, I ran the one from the torrent site. In fact I'm going to do it again and show you

Imgur: The magic of the Internet

 

As you can see, somehow this app from the torrent site got put in the Trusted category

Posted

Those 2 captures I posted are from the torrent site I also downloaded... and one of them, the x64, looks legit seems it is Trusted in KSN, as I showed in one of my captures.

Posted
Just now, harlan4096 said:

Those 2 captures I posted are from the torrent site I also downloaded...

Okay so I guess my question is how come that "unofficial" exe is in the KSN database as a safe app if it's not the official application downloaded from Hitmanpro's official website? It's pre-patched, it's not the official app and lacks a valid signature

  • Like 1
Posted

I don't know... I will investigate it, trying it in a VM...

KOTIP analysis:

https://opentip.kaspersky.com/E482B49A4FB1A43700C4E23E7C8F0794EF6FC06422644ED75907995A6B7A4187/results?tab=upload

https://www.virustotal.com/gui/file/e482b49a4fb1a43700c4e23e7c8f0794ef6fc06422644ed75907995a6b7a4187/detection

It's weird, because almost no main av firms detect it as suspicious... 🤔

I've already reported it to K. analyst via KOTIP.

Posted
5 minutes ago, harlan4096 said:

So 9 suspicious activities but then the file is clean? How am I supposed to interpret this?

  • Like 1
Posted

dont worry

I use pre-patch HitmanproA too

 It is safe and no scan detection from Kaspersky

but it will be detected as malicious when you run the pre-patched installer by Kaspersky's system watcher-A Proactive Defense module.

so do not run the pre-patched installer when Kaspersky is turned on. 

After installation, you can re-enable kaspersky.

 

there is a possibility that this pre-patched hitmanproA installer was once forwarded to Kaspersky Lab for detailed manual analysis by someone. And after a Thoroughly analyze, KL believe it is indeed post no harm to you. So at last this file is white-listed by KL.

 

  • Like 1
Posted
26 minutes ago, harlan4096 said:

I just got K. analyst verdict:


 

Why is it that whenever I submit for a second evauation, they never reply to me via email? 

Posted

🤔 Do You do it being logged in Your My Kaspersky account?

Posted
13 minutes ago, harlan4096 said:

🤔 Do You do it being logged in Your My Kaspersky account?

No. Do I have to be?

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...