Jump to content

Kaspersky should Save anything to Quarantine before Kaspersky deletes it.


Recommended Posts

Posted

(1)Proposal: Before removing anything - ANYTHING -, please save it to the Quarantine space.

I appreciate KIS removes suspicious things, even if it is only a slightly suspicious.


(2)My personal experience: I think I cannot reproduce this. Even if I reproduce, it will be useless.


environment: Windows 10 Home 21H2 19044.1415, Kaspersky Internet Security 21.3.10.391(g).


case-1: In a foo.bat, there was “PowerShell ….”, KIS moved the file to the Quarantine space.

I recovered the file from the Quarantine, then KIS deleted the file immediately without notice and my consent.

I tried (a)put the file in the exclusion list, (b)specify scanning only “newly” created or modified files, (c)scan the file beforehand, but the same result.

KIS removed the file with notice (Windows showed a pop-up) and recorded the event in its report, but there was no Quarantined (original) bat file.


case-2: In a bar.bat, there was “PowerShell ...”, KIS edited and deleted the line.

Other lines are left intact.

I tried the same as in case-1, but the same happened.

In this case, KIS edited without notice, recorded no report, no Quarantined bat file.


cas-3: In the Task Scheduler, I made a one-line task [ PowerShell.exe -Command “echo a” ].

KIS deleted the task.

There was no notice, no report, no Quarantined xml file.

 

(3)Remedies I took: I do not know it is a good method or not.

(a)In “Settings”-”Protection”-”File Anti-Virus”, select “Block” instead of automatic/disinfect.

(b)In “Settings”-”Protection”-”System Watcher”, select “Block/Terminate/Roll back” instead of automatic/delete.

(c)In ”Settings”-”General”, unchecked “Delete malicious ...”

Posted

@noel_lapin Welcome.

⚠ Only if you trust the object please try this :

  • Disable option : Settings > General > Perform recommended actions automatically
  • Kaspersky will ask you to decide which action to take on detected objects
  • Chose for “Quarantine”
  • Restore the  quarantined object
  • Create an exclusion rule for the object 
  • Enable option : Settings > General > Perform recommended actions automatically
  • Reboot

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...