How to make Kaspersky Free automatically block threats

[Timy]

I am currently using Kaspersky Free and Windows 10. Whenever there's a threat, a notification from Kaspersky will pop up, asking me to take action. Is there a way to make Kaspersky take action automatically?

[Berny]

@Timy Welcome.

Can you please post a screenshot from the notification.

[Timy]

I can't screenshot the notification, it only pops up when a threat is active

[Berny]

@Timy  Please provide a screenshot when you get an alert.
In the meantime , please see this Kaspersky Support article.

[harlan4096]

Also, did You change any settings in Your K.? Which colour is the notification, red or orange?

[Wesly.Zhang]

Hello,

Please take care the threats name whether it start with "not-a-virus:" if yes, you need resolved it by manual. KL product doesn't deal with PUA OR Risk software automatically.

Regards.

[Timy]

I haven't changed any settings in Kaspersky. It asked me to disinfect a Trojan named Trojan.Win32.Hosts2.gen

[Wesly.Zhang]

1 minute ago, Timy said:

I haven't changed any settings in Kaspersky. It asked me to disinfect a Trojan named Trojan.Win32.Hosts2.gen

Do you change the hosts file before this detection occur?

[Timy]

No, idk what hosts file is. Maybe the Trojan changed it since when it infects my PC, I can't access anything because I don't have the permission to or something

[Wesly.Zhang]

4 minutes ago, Timy said:

No, idk what hosts file is. Maybe the Trojan changed it since when it infects my PC, I can't access anything because I don't have the permission to or something

Hi, C:\Windows\System32\drivers\etc\host. If some application want to edit this file, the detection will maybe popup. I'm more interested in the conditions under which this detection event occurs.

[Timy]

Interesting, in the report, Kaspersky detected the trojan at C:\Windows\System32\drivers\etc\host

[Wesly.Zhang]

Just now, Timy said:

Interesting, in the report, Kaspersky detected the trojan at C:\Windows\System32\drivers\etc\host

Yes, We all know it. So the next question is which application do the job. As I just asked the question, what applicaiton are you using when this detection occurs.

[Timy]

The Trojan was detected when I was running an app (I think it's an optimizer app) when a command prompt window popped up, there was a piece of text, it's not even a code, It popped up for like 2 seconds before closing and then Kaspersky asked me to take action as my PC started to behave strangely

Edited April 1, 2022 by Timy

[Wesly.Zhang]

2 minutes ago, Timy said:

The Trojan was detected when I was running an app (I think it's an optimizer app) when a command prompt window popped up, there was a piece of text, it's not even a code, It popped up for like 2 seconds before closing and then Kaspersky asked me to take action as my PC started to behave strangely

OK, you can run the optimizer app again to check this situation. If it happened again, You should make a exclude rule for this host file in order to avoid detection.

Notice: You need to check the contents of this file frequently, normally it should be as follows. if some application add some rules in this file, you should check whether the content is normal or not. this file is a location DNS cache. it will change DNS query result.

[Timy]

So, was it a false positive

[Wesly.Zhang]

Just now, Timy said:

So, was it a false positive

You can say yes or no, depending on what perspective you stand on. Under normal circumstances, this file will not be edited, keep default. Then there will be no chance of being detected, but once edited, as a potentially risky modification, there is no big problem being detected. 

[Timy]

Why would an optimizer app want to edit the hosts file

[Wesly.Zhang]

12 minutes ago, Timy said:

Why would an optimizer app want to edit the hosts file

You should check what settings related to this situation in the optimizer app, such as network speedup. The hosts file is an operating system file on Windows PC that lets you map specific domain names to an IP address. If you do not need to perform a DNS query, but directly convert the domain name into an IP address through the host file, and request an http link directly from the IP address, it will reduce the time required to request a DNS query, so some optimization software will use names such as network acceleration to realise. There is actually no speed change, for current internet speeds. But this file may be exploited by malicious programs. It is used to provide fake DNS requests and forge the requested IP address. Therefore, the modification of this file will be strictly controlled.

[Timy]

ok, thanks