Jump to content
Kaspersky Support Forum

How come an unofficial exe was put in the Trusted category of the App Firewall?

Studynx
 Share

Recommended Posts

Studynx

Studynx

Posted
Posted

I did a test with KTS on a VM where it wasn't in Enhanced Session mode so no ctrl C - CTRL V worked to secure myself.

I downloaded this exe <removed> , ran it via VirusTotal, nothing found, OK. I ran it on the VM, and I looked in the App Firewall, it was put in the Trusted category. Why? It's not the official program, and according to VirusTotal, it doesn't have a valid certificate. Apparently Trusted category is applied if either it has a valid digital certificate OR it's found in the Kaspersky database.... how can a non-official patched program be in the Kaspersky database as safe?

 

Am I misunderstanding soemthing?

Link to comment
Share on other sites
Studynx

Studynx

Posted
  • Author
Posted
13 minutes ago, harlan4096 said:

Welcome to Kaspersky Community.

 

image.thumb.png.7857f4be825cf658e45f613c82c3b3c9.png

 

This file HitmanPro_x64.exe appears as Trusted in KSN (so probably not modified), but not the other HitmanPro.exe...

The one I linked to, from the torrent site, was indeed put in the Trusted category, hence my question. 

Which is something I don't understand how it could happen

Link to comment
Share on other sites
Studynx

Studynx

Posted
  • Author
Posted
2 minutes ago, harlan4096 said:

I also downloaded that torrent link files, and checked both exes with KSN.

 

Every app Trusted in KSN will be put in Trusted group, so maybe You executed that one...

No, I ran the one from the torrent site. In fact I'm going to do it again and show you

Imgur: The magic of the Internet

 

As you can see, somehow this app from the torrent site got put in the Trusted category

Link to comment
Share on other sites
Studynx

Studynx

Posted
  • Author
Posted
Just now, harlan4096 said:

Those 2 captures I posted are from the torrent site I also downloaded...

Okay so I guess my question is how come that "unofficial" exe is in the KSN database as a safe app if it's not the official application downloaded from Hitmanpro's official website? It's pre-patched, it's not the official app and lacks a valid signature

  • Like 1
Link to comment
Share on other sites
harlan4096

harlan4096

Posted
Posted

I don't know... I will investigate it, trying it in a VM...

KOTIP analysis:

https://opentip.kaspersky.com/E482B49A4FB1A43700C4E23E7C8F0794EF6FC06422644ED75907995A6B7A4187/results?tab=upload

https://www.virustotal.com/gui/file/e482b49a4fb1a43700c4e23e7c8f0794ef6fc06422644ed75907995a6b7a4187/detection

It's weird, because almost no main av firms detect it as suspicious... 🤔

I've already reported it to K. analyst via KOTIP.

Link to comment
Share on other sites
Studynx

Studynx

Posted
  • Author
Posted
5 minutes ago, harlan4096 said:

KOTIP analysis:

 

https://opentip.kaspersky.com/E482B49A4FB1A43700C4E23E7C8F0794EF6FC06422644ED75907995A6B7A4187/results?tab=upload

 

https://www.virustotal.com/gui/file/e482b49a4fb1a43700c4e23e7c8f0794ef6fc06422644ed75907995a6b7a4187/detection

 

It's weird, because almost no main av firms detect it as suspicious... 🤔

So 9 suspicious activities but then the file is clean? How am I supposed to interpret this?

  • Like 1
Link to comment
Share on other sites
Xzz123

Xzz123

Posted
Posted

dont worry

I use pre-patch HitmanproA too

 It is safe and no scan detection from Kaspersky

but it will be detected as malicious when you run the pre-patched installer by Kaspersky's system watcher-A Proactive Defense module.

so do not run the pre-patched installer when Kaspersky is turned on. 

After installation, you can re-enable kaspersky.

 

there is a possibility that this pre-patched hitmanproA installer was once forwarded to Kaspersky Lab for detailed manual analysis by someone. And after a Thoroughly analyze, KL believe it is indeed post no harm to you. So at last this file is white-listed by KL.

 

  • Like 1
Link to comment
Share on other sites
harlan4096

harlan4096

Posted
Posted

I just got K. analyst verdict:


 

Quote

 

Hello,

No malicious software was found in the attached file.

Best regards, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

  • Like 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...