Jump to content

KART 6.1.0.90 for business not blocking execution of detected threats


Go to solution Solved by Vasily Burov,

Recommended Posts

Posted

Dear support team, 

Today we rebooted our servers and newer product version KART 6.1.0.90 was installed.

I then tried to execute a sample "malicious" (harmless) bat file to corrupt data in some sample PDFs to test the behavior of the new scanner.

As soon as I launched the script, the software detected it as Trojan and correctly reverted back the modified files.

The problem is that, also if the malicious file path is correctly reported in the "blocked items" section, the KART software is no longer preventing it from running again.

Simply by running the script again, the files are again compromised and then reverted back by the remediation engine.

Before this update, the service was running correctly.

This is for me a really serious issue, I would like to point it out so that it can get fixed as soon as possible!

System configuration of Windows Server 2016 and some KART screenshots can be found in the pictures below.

Please let me know if you need anything else.

Many thanks

blocked items.PNG

detections.PNG

kart 6.1.0.90.PNG

winserver 2016 version.PNG

Posted

Hi, @Lorenzo97!

Please run the script again and write the result here. Also list the content of your script please, so I can to reproduce the problem.  

Thanks. 

Posted

Hi @Vasily Burov

I packed my testing stuff and uploaded it here: https://tlgur.com/d/4kxZqyj8 (harmless, it contains 3 clean PDF and a batch script that injects plaintext into them).

Just unzip into a folder and you should be able to run it.

This was the same script with which I discovered a similar issue in the past:

https://forum.kaspersky.com/topic/kaspersky-anti-ransomware-for-business-kart-6-not-blocking-malicious-executables-27839/#comment-115494

After you fixed it last time it worked well since now.

Before opening the ticket, I tried running it on another machine with Kaspersky Security Cloud.

That PC correctly detected the bat as a threat, quarantined it and restored the damaged files as planned.

I made a short video (with explanation) of me running the test software on the Windows Server machine:

Many thanks for the support!

Best regards

  • Solution
Posted (edited)

Hi, @Lorenzo97!

Thanks a lot for the clear steps and script. I reproduced the problem. You need to restart the computer again and after that the problem will disappear. Please confirm this solution.

Thank you very much again.

Edited by Vasily Burov
  • Like 1
Posted

Hi @Vasily Burov!

Thank you, that fixed the issue.

I didn't reboot it before because it was in use and I had to wait the night.

For your information, the top yellow bar that you see when you open the software where it says "Complete the user registration form" doesn't work with the message "Failed to get the registration form. Please try again later" when clicked.

This is just an information, as soon as it does not impair product effectiveness it is not an issue (for me).

Thanks again to you and all support team for the great assistance!

Cheers

Posted

Hi, @Lorenzo97!

Sorry for late response. Glad to see that suggested solution works. 

On 12/20/2022 at 10:13 AM, Lorenzo97 said:

For your information, the top yellow bar that you see when you open the software where it says "Complete the user registration form" doesn't work with the message "Failed to get the registration form. Please try again later" when clicked.

Did you have access to the internet on computer with product? Can you visit the "https://app-sj06.marketo.com/" webpage in browser?

Thanks.

Posted

Hi @Vasily Burov !

We have Internet but I cannot visit the link provided.

Apparently our DNS blocker is limiting the connection.

We will investigate the issue.

Many thanks and best regards

  • 1 month later...

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...