how do I disable trusted applications mode? [.bat file is attempting to read a protected file]

[Fish]

This Trusted Application feature is annoying as hell! How can I disable it?

[Schulte]

Hello @Fish, Welcome.

Can you please give us some additional information about the product used and its version?

Link

 

[Fish]

Where can I copy & paste that information from?

[Fish]

I’m using Kaspersky Internet Security, and the “About” dialog displays what looks like a version number, but the dialog does not allow me to copy it to the clipboard, and I could not find anwhere in your user interface where such information can be copied to the clipboard from.

 

 

[Flood and Flood's wife]

Hello @Fish, 

Thank you for updating us!

1. Post a screen print of the KIS About information please? 
2. & a screen print of Trusted Application feature that’s annoying you please? 

• Use the picture icon, beside the 📎 paperclip icon, to attach the image files to your reply. 

Thank you🙏

Flood🐳+🐋

[Fish]

 

 

 

Each time I try to build my program, the above dialog pops up. Sometimes multiple times (although for a different program) for the same compile!

 

I always check the “Remember my choice for this application”, but it of course does not help because the batch file is dynamically created each time a compile is done, and each time the temporary filename is different.

 

As I said, the above dialog also occasionally pops up for other internal hooks I have on my system, and there is apparently no way that I could find to disable this new feature.

 

It is SEVERELY impacting my ability to do my software development so much now, that I have had to temporarily PERMANENTLY DISABLE Kaspersky.

 

What I don’t understand is, the process that CREATED the batch file is trusted! So why isn’t the batch file that it creates? If a program is trusted (which by default is everything on my system since my system is clean), then why isn’t anything/everything that that program does (such as create and run a temporary batch file) also trusted?! Why is a file that a TRUSTED application create not also trusted?! It seems stupid to me! Especially given that none of them are asking for elevated privileges! They’re all just normal everyday stuff that Kaspersky SHOULD be able to determine is not harmful.

 

If this temporary batch file or some other program/process that gets created by a trusted program ends up being malware, then fine; Kaspersky should detect/catch that and prevent it from running.

 

But that’s not what is happening! It keeps asking me again and again and again “Is this a trusted program?” and is having a SEVERE NEGATIVE IMPACT on my ability to do my software development!

 

So I need to know how to disable this feature. Will you help me please?

 

Thanks.

[Flood and Flood's wife]

Hello @Fish,

Thank you for the detailed information & the images!

We understand & agree on every point. 

This issue has been raised previously, with Kaspersky, on more than one occasion..😣

• In Settings, General, uncheck Perform recommended actions automatically → select Save → select Yes → to confirm the change. 
• If, when another pgm is built, the prompt appears, select  Allow now & Remember my choice for this application.

Note: keep Delete malicious tools, adware, auto-dialers and suspicious packers checked.

 

Any ongoing issues & or problems, please post back? 

Thank you🙏

Flood🐳+🐋

[Fish]

I already have the “Perform recommended actions automatically” unchecked, and doing what you suggest whenever the problem occurs does not resolve the problem. The dialog keeps popping up MANY times (8-12 times or more!) for each compile. (e.g. one of them was for RC.exe, which is an integral component of Microsoft’s Visual Studio product for crying out loud! Sheesh!)

 

I am simply NOT going to sit here and suffer having to go through three mouse clicks for each of the dozen(?) or more dialogs that pops up for EVERY FRICKING COMPILE! That’s ridiculous and unacceptable!

 

I have no choice but to keep Kaspersky COMPLETELY DISABLED for now, and I am seriously considering uninstalling it completely and abandoning Kaspersky altogether and purchasing a different vendor’s AV product.

 

Which is a real shame since I have been a loyal Kaspersky customer for many years. So far Kaspersky has been an excellent product.

 

Until just recently.   :-(

 

Note: I am not yelling at you, Flood. I am simply expressing my extreme frustration at trying to get this problem resolved, that’s all. I’m not mad at you. I’m upset with Kaspersky, not you.

 

Does anyone else have any bright ideas? Is there some registry setting I can change maybe? Is there a way to return to the previous version/release? Is there a way to “undo” whatever change it was that introduced this poorly designed feature?

 

Thanks.

[Flood and Flood's wife]

Hello @Fish, 

Thank you for replying!

• ❓Is KSN enabled? 
• ❓In Threats & Exclusions, can you post an image(s) of the exclusion(s) you’ve configured please? 

1. No-one wants you to go thru 3 clicks or any clicks unnecessarily. 
2. We absolutely do understand how frustrating this specific issue is, it’s been previously raised with Kaspersky more than once →  @Igor Kurzin, @Anton Mefodys → please participate? 
3. (ioo) it’s poor design. 
4. At the risk of driving you to a state of utter despair, log a case with Kaspersky Technical Support, fill in Application malfunction, Other template; Support may request Logs, Traces & other data, we’d suggest making a video of the issue → that may help the technical team who first manage the issue understand the problem. Noting, Igor & or Anton will probably tell you to log a case anyway, so you may as well get the pain over now:

 

Please share the outcome with the Community, when it’s available? 

Thank you🙏

Flood🐳+🐋

[Fish]

Is KSN enabled?

 

Not at this moment, no.  This new undesirable behavior is simply too annoying.  I cannot get my work done with it enabled.

 

Do I enable it before trying your suggestions?  Yes, of course!  Duh!

 

In Threats & Exclusions, can you post an image(s) of the exclusion(s) you’ve configured please?

 

 We absolutely do understand how frustrating this specific issue is, it’s been previously raised with Kaspersky more than once →  @Igor Kurzin, @Anton Mefodys → please participate? 

 

I don’t understand how do you want me to participate? I am participating right now!

 

When I click on either of your provided links (e.g.  @Igor Kurzin for example), I see a web page showing a Kaspersky employee’s recent “Activity”. How do you want me to “participate” with that person? Do I need to click “Send Message”? Why do I need to send them a private message and  waste my time explaining my problem to him all over again? I’ve already explained my problem to YOU here, in OUR conversation! Why can’t HE participate in OUR current conversation? Why start a new conversation with someone else, forcing me to repeat myself all over again?

 

I have searched for existing topics similar to mine before originally posting my question here, but could not find any. That is why I posted my question. You claim that it has been raised with Kaspersky more than once, but I do not see that. Can you post the link to some other person’s question that shows them asking for similar help with the same feature as I am asking for help with? Thanks.

 

(ioo) it’s poor design. 

 

Thank you!  I am glad that we agree on something.   :-)

 

At the risk of driving you to a state of utter despair, log a case with Kaspersky Technical Support, fill in Application malfunction, Other template;
 

That is what I was originally going to do. But I felt it might be best to TRY to get help via the community first before bothering Kaspersky employees with what I was hoping might be a simple answer to my question.

 

Since it is now painfully obvious that there is no simple answer, yes, I absolutely WILL open an official Support Request.

 

we’d suggest making a video of the issue

 

I can’t. I don’t own a camera. (Nor a microphone.) My computer is not a laptop. It is a powerful desktop workstation meant for serious computing (software development). It has no games. No social media. No “toys”. It only has Visual Studio and several other software development related products (TortoiseGit, TortoiseSVN, ExamdDiff Pro, FileZilla, Dr. Explain, HxD, Vista TN3270, Rexx, etc).

 

Thank you for your help so far, Flood.  I very much appreciate your attempt to try and help me.  I guess I am going to have to submit an official Support Request.

 

Please share the outcome with the Community, when it’s available?

 

Absolutely!

[Flood and Flood's wife]

Hello @Fish, 

Thank you for replying, the additional information & the images. 

Re KSN, no, we were going to suggest disabling, pointless as it already is. 

We “invited” @Igor Kurzin & or @Anton Mefodys to “participate” based on past involvement in similar topics + they fact they’re both experts, in the hope they’d have an answer. 

[REMOVED]

Your subscription pays for you to access technical support. 

Our suggestion to include a video, was to assist the technical team see what you see when the unwanted Trusted Application prompts occur. 

We frequently create videos, to help people here in the Community, we also don’t have toys on our machines, when we set up the machines we wipe 80% of the junk they come shipped with, but, we do use screen recording software, bc, it’s quite remarkable how much easier it is when people see the problem, rather than “read” the problem… Your choice, it’s only a suggestion. 

Please proceed with raising a request to the Kaspersky Technical Team. 

Thank you🙏

Flood🐳+🐋

[Wesly.Zhang]

Hello, @Fish 

I already have the “Perform recommended actions automatically” unchecked,

Do you know uncheck this item means you will use Interactive mode. If some application listed to low restrict group want to do some behavior trigger application control rule will popup this information and need your decision.

If you want to handle this information. you should go to application control function and enter manage applcation, then, expand low restrict , find the rule for this bat file and move it to trusted group or double chick this rule and go to exclusion tab to set a exclusion for this bat file.

Regards.

[Fish]

If you want to handle this information. you should go to application control function and enter manage application, then, expand low restrict , find the rule for this bat file and move it to trusted group or double check this rule and go to exclusion tab to set a exclusion for this bat file.

 

As I explained earlier, that is impossible to do.  The batch file in question is dynamically created each time a compile is done, and each time the temporary filename is different.

[Wesly.Zhang]

If you want to handle this information. you should go to application control function and enter manage application, then, expand low restrict , find the rule for this bat file and move it to trusted group or double check this rule and go to exclusion tab to set a exclusion for this bat file.

 

As I explained earlier, that is impossible to do.  The batch file in question is dynamically created each time a compile is done, and each time the temporary filename is different.

Hello, @Fish 

Which folder does it created? %temp% folder? if the compile path could be changed to a normal path, such as D:/compiled_files. You can create a trusted rule via the following screenshot.

Regards.

[Fish]

Which folder does it created?

 

“C:\Users\Fish\AppData\Local\Temp”

 

%temp% folder?

 

Yes.

 

if the compile path could be changed to a normal path, such as D:/compiled_files. You can create a trusted rule via the following screenshot.

 

Changing the path (directory) that Visual Studio uses to create its temporary batch files in is something that Microsoft would have to do.  I have no control over that.  There is no build setting or register value for that.  It is apparently hard-coded (built into) Visual Studio itself.

 

I could of course change my %temp% value to point to a different directory of course, BUT...

 

1. There is no guarantee whatsoever that Visual Studio would honor it. Visual Studio might be hard-coded to always use %USERPROFILE%\AppData\Local\Temp.  I don’t know.  As I said above, Visual Studio is in control of itself, not me.  I know of no way to force Visual Studio to use a different directory.
2. Even if changing the location (directory) of where Visual Studio creates its batch files was possible, it would not resolve the underlying/root problem.  It would only be moving the same problem to a new location.  The original problem would still exist.  It would simply exist at a different location.

 

The problem that needs to be fixed is with Kaspersky, not Visual Studio.  It keeps asking over and over and over again -- literally dozens and dozens of times each time I do a compile/build of my product (which has over 200 source files) -- whether or not <insert some program here> should be allowed to access <insert some file here>, which IMHO it shouldn’t be asking.  If the program that is  trying to access the file is “trusted” (i.e. has been determined by Kaspersky to be clean and not to contain any malware), then it should be allowed to access whatever freaking file it wants to access!  Why should the user be bothered with an incredibly STUPID dialog asking an incredibly STUPID question?

 

Kaspersky needs to be fixed.  This new feature they only just recently introduced needs to be removed.  It wasn’t designed/implemented correctly and is causing much grief for many users.

 

[Wesly.Zhang]

Which folder does it created?

 

“C:\Users\Fish\AppData\Local\Temp”

 

%temp% folder?

 

Yes.

 

if the compile path could be changed to a normal path, such as D:/compiled_files. You can create a trusted rule via the following screenshot.

 

Changing the path (directory) that Visual Studio uses to create its temporary batch files in is something that Microsoft would have to do.  I have no control over that.  There is no build setting or register value for that.  It is apparently hard-coded (built into) Visual Studio itself.

 

I could of course change my %temp% value to point to a different directory of course, BUT...

 

1. There is no guarantee whatsoever that Visual Studio would honor it. Visual Studio might be hard-coded to always use %USERPROFILE%\AppData\Local\Temp.  I don’t know.  As I said above, Visual Studio is in control of itself, not me.  I know of no way to force Visual Studio to use a different directory.
2. Even if changing the location (directory) of where Visual Studio creates its batch files was possible, it would not resolve the underlying/root problem.  It would only be moving the same problem to a new location.  The original problem would still exist.  It would simply exist at a different location.

 

The problem that needs to be fixed is with Kaspersky, not Visual Studio.  It keeps asking over and over and over again -- literally dozens and dozens of times each time I do a compile/build of my product (which has over 200 source files) -- whether or not <insert some program here> should be allowed to access <insert some file here>, which IMHO it shouldn’t be asking.  If the program that is  trying to access the file is “trusted” (i.e. has been determined by Kaspersky to be clean and not to contain any malware), then it should be allowed to access whatever freaking file it wants to access!  Why should the user be bothered with an incredibly STUPID dialog asking an incredibly STUPID question?

 

Kaspersky needs to be fixed.  This new feature they only just recently introduced needs to be removed.  It wasn’t designed/implemented correctly and is causing much grief for many users.

 

Hello,

As I think, Does this folder no change in every compile period? if Yes, You could set this exclusion rule:

Any better after that?

Regards.

[Fish]

Hello,

As I think, Does this folder no change in every compile period? if Yes, You could set this exclusion rule:

 

Any better after that?

Regards.

 

THANK YOU,  Wesly.Zhang!!   That worked perfectly!!   :)))

 

I’m extremely embarrassed that I did not think of trying that.    :(

 

PROBLEM RESOLVED!

 

Closing Issue.

 

Thank you again.

[Wesly.Zhang]

Hello,

As I think, Does this folder no change in every compile period? if Yes, You could set this exclusion rule:

 

Any better after that?

Regards.

 

THANK YOU,  Wesly.Zhang!!   That worked perfectly!!   :)))

 

I’m extremely embarrassed that I did not think of trying that.    :(

 

PROBLEM RESOLVED!

 

Closing Issue.

 

Thank you again.

Hi @Fish 

You are welcome! :)))