Jump to content

Kaspersky anti-ransomware for business KART 6 not blocking malicious executables

Go to solution Solved by Vasily Burov,

Recommended Posts

Dear Kaspersky community,

today KART 6 free edition was automatically installed on my Widows server 2016 standard edition with latest updates.

After the reboot, I tried to create a sample "malicious" bat file to corrupt data in some PDF to test the behavior of the new scanner.

As soon as I launched the script, the software detected it as Trojan and correctly reverted back the modified files.

The problem is that, also if the malicious file path is correctly reported in the "blocked items" section, the KART software is no longer preventing it from running again.

Simply by running the script again, the files are again compromised and then reverted back by the remediation engine.

Before the update I was running the 4 version and once a file was detected it couldn't be run anymore if listed in the blocked apps section (until manually unlocked, of course).

This is for me a really serious issue, I would like to point it out so that it can get fixed as soon as possible!

Many thanks

Link to comment
Share on other sites

Hi, @Vasily Burov

thank you for the quick response!

Meanwhile I tried to corrupt files shared via SMB and that feature works as expected.

The IP address of the machine is blocked and no further corruption can happen.

I attach the pictures of my test about launching a malicious executable on the machine where KART 6 is running.

File is being marked as blocked but you can still run it afterwards with no problems.

I use Windows server 2016 standard edition setted up as domain controller build 1607 - 14393.5356

Thank you!

blocked items list.PNG



Edited by Lorenzo97
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...