Izotope RX 11 getting blocked/deleted with malicious object

[klmonline]

New product release from commercial vendor iZotope is RX 11 audio editor. They have been a trustworthy vendor with many versions of this product over many years. This latest release is getting blocked and deleted by Kaspersky with a malicious component of PDM:Exploit.Win32.Generic.nblk

I have seen this threat reported online as a Kaspersky false positive in other products and was wondering if that might be the case here?

Full details:
Windows 11 Home, 10.0.22631 Build 22631
x64
Kaspersky Total Security 21.3.10.391 (I)

Malicious Object Report...
Event: Malicious object detected
Application: iZotope RX Audio Editor
User: DESKTOP-I6DN9OO\Owner
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Exploit.Win32.Generic.nblk
Threat level: High
Object type: Process
Object path: c:\program files\izotope\rx 11 audio editor\win64
Object name: izotope rx 11 audio editor.exe
Reason: Databases
Databases release date: Today, 5/18/2024 1:50:00 PM

[harlan4096]

Welcome to Kaspersky Community.

 

Can You provide the download link, please.

[IgorGorelik]

Confirming the issue, iZotope RX 11  was just deleted immediately after the install and first run. Also Chrome got concurrently crashed after that.

Here is download links: https://www . izotope . com/en/products/downloads.html

Now I forced to work without antivirus. If the issue will not be resolved in short time, I'm not going to renew the subscription!

[harlan4096]

This is a PDM (Proactive Defense Module) detection on execution by System Watcher, probably a false positive, this kind of detection should be fixed in general by K., Your best bet is to contact to K. Support https://support.kaspersky.com/b2c#contacts, and report the false positive, They probably will request You to reproduce the issue with K. product traces enabled, and send them.

 

I see I can't download anything unless I create an account 🙄

 

@klmonline: You should also try to migrate to the new product line, last version currently 21.17

[klmonline]

Thanks for the replies, @harlan4096. I just did an uninstall and new download of Total Security from the My Kaspersky website downloads page. It did a complete install with computer reboot. Still shows 21.3.10.391 (j) as the Application Version.

I'm having difficulty running the Open Tip scanner suggested on the page for taking actions on suspected false positives. Kaspersky deleted the application file that had been flagged as malicious, so I can't upload it to the site. I guess I'll just go ahead and submit a report anyway. 

The Izotope installation process uses an exe on Windows to download, copy, and install the application files, so I can't just grab the underlying flagged application file. If you want to try running the installation for yourself, I uploaded the installation executable to pCloud (a file sharing service). You should be able to download it from this link:

https : //u.pcloud.link/publink/show?code=XZpJeu0Z3xCdvRlNpk0pTkutUj9NbkmqI0rV

I'll continue through the contact channel. Thanks again.

Edited May 21, 2024 by Berny

[klmonline]

To @IgorGorelik - I am continuing to work with Kaspersky Support on this. They fixed the databases to allow successful installation, but it still terminates the process and deletes the executable file as soon as you try to run RX 11. Hopefully they will extend their update to the runtime files as well! I'll let you know.

[klmonline]

To @IgorGorelik - I think they have fixed it in the latest database update. I just did a successful install and edit of a file. Give it a shot again.