Kaspersky anti-ransomware for business KART 6 not blocking malicious executables

[Lorenzo97]

Dear Kaspersky community,

today KART 6 free edition was automatically installed on my Widows server 2016 standard edition with latest updates.

After the reboot, I tried to create a sample "malicious" bat file to corrupt data in some PDF to test the behavior of the new scanner.

As soon as I launched the script, the software detected it as Trojan and correctly reverted back the modified files.

The problem is that, also if the malicious file path is correctly reported in the "blocked items" section, the KART software is no longer preventing it from running again.

Simply by running the script again, the files are again compromised and then reverted back by the remediation engine.

Before the update I was running the 4 version and once a file was detected it couldn't be run anymore if listed in the blocked apps section (until manually unlocked, of course).

This is for me a really serious issue, I would like to point it out so that it can get fixed as soon as possible!

Many thanks

[Vasily Burov]

Hi, @Lorenzo97!

Thanks for your message. We will investigate your issue right now. Can you post the screenshot with "blocked items" section in product settings? What OS version do you use?

Thank you again.

[Lorenzo97]

Hi, @Vasily Burov

thank you for the quick response!

Meanwhile I tried to corrupt files shared via SMB and that feature works as expected.

The IP address of the machine is blocked and no further corruption can happen.

I attach the pictures of my test about launching a malicious executable on the machine where KART 6 is running.

File is being marked as blocked but you can still run it afterwards with no problems.

I use Windows server 2016 standard edition setted up as domain controller build 1607 - 14393.5356

Thank you!

Edited September 23, 2022 by Lorenzo97

[Vasily Burov]

Hi, @Lorenzo97.

We reproduced this issue. The fix of the problem will be delivered to you with upcoming product update. I hope that this will be done during a month. 

Thanks.

[Lorenzo97]

Hi @Vasily Burov

thank you and all the Kaspersky team for the quick support.

So let's wait for the upcoming update!

Best whishes

[Lorenzo97]

My KART updated to 6.0.0.393(a) version.

I confirm that the critical security problem is now fixed.

Thank you @Vasily Burov for releasing the fix quickly.

Best regards