Jump to content
Kaspersky Support Forum

Please advise why Kaspersky Security Cloud Free not blocking AMTSO "Detects drive-by downloads of malware"

Questioning2
 Share

Recommended Posts

Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @Questioning2,

Welcome!

  • Kaspersky Security Cloud free does not expire.
  1. How was AMTSO “Detects drive-by downloads of malware  tool tested? 
  2. Which supported browsers → Chrome, Firefox, Edge Chromium, IE, were used for the test?
  3. Export Kaspersky Security Cloud All Events, 7 day Report, save as a .txt file, attach📎 to your reply please? 
  4. Note: AMTSO have a certificate issue, and PNF, 404 for their Eicar test.

Thank you🙏

Flood🐳

 

 

 

 

Link to comment
Share on other sites
Questioning2

Questioning2

Posted
  • Author
Posted

Hello @Questioning2,

Welcome!

  • Kaspersky Security Cloud free does not expire.
  1. How was AMTSO “Detects drive-by downloads of malware  tool tested? 
  2. Which supported browsers → Chrome, Firefox, Edge Chromium, IE, were used for the test?
  3. Export Kaspersky Security Cloud All Events, 7 day Report, save as a .txt file, attach📎 to your reply please? 

Thank you🙏

Flood🐳

 

 

Please click “Detects drive-by downloads of malware” in https://www.amtso.org/security-features-check/. It did not block and show screen shot below in Chrome. Thanks.

 

Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @Questioning2,

Thank you for replying👌

  1. Export Kaspersky Security Cloud All Events, 7 day Report, save as a .txt file, attach📎 to your reply please? 
  2. Take a full screen video of the test & attach📎 to your reply please? 
  3. Note: AMTSO have a certificate issue, and PNF, 404 for their Eicar test.

Thank you🙏

Flood🐳

 

 

 
Link to comment
Share on other sites
Thoughts

Thoughts

Posted
Posted

Kaspersky Security Cloud Free 20.0.14.1085(k)

If it is of any help, I checked out the AMTSO pages and using Firefox 77.01 [64Bit] (Kaspersky extension installed). Kaspersky correctly detected and blocked every page tested (See drive by test below).

For this test Detects drive-by downloads of malware

https://www.amtso.org/feature-settings-check-drive-by-download-test/

The page didn’t show as blocked, but nothing was downloaded which, from reading the web page, appears to be the correct response. A failure would be if the file ‘was’ downloaded. As a further check I created a copy of the EICAR test file (that would have been downloaded if Kaspersky had failed) and my test file was instantly detected by Kaspersky.

The Drive-by  test is a bit confusing because unlike the other tests no warning is shown. It would seem that, that is the correct response as the test is whether a file can be downloaded. It’s NOT about the page being blocked.

Link to comment
Share on other sites
Thoughts

Thoughts

Posted
Posted

Below is the text shown before you launch the AMTSO drive-by test.

When you click on this button, a simulated “drive-by download” is initiated: a new web page will open and the EICAR test file will attempt to be downloaded.

If you are able to download this 68 byte test file successfully, your anti-malware solution is NOT configured correctly or DOES NOT conform with industry best practice.

 

As you can see, you are expected to see the next web page, it is the file download that should be blocked by Kaspersky not the web page itself. When I checked again, both Firefox and Google Chrome behaved the same and no file was downloaded.

Link to comment
Share on other sites
Thoughts

Thoughts

Posted
Posted

Berny - Thank you. Yes that was the file I created and was the one the AMTSO drive-by test page was attempting (but failed) to download.

Is there a reason Kaspersky didn’t show a warning pop up on the drive-by test? The file wasn’t downloaded so it was correctly blocked, but the lack of any Kaspersky pop up (as happened on all the other AMTSO tests) was unexpected.  Might Firefox or Chrome have blocked it before Kaspersky?

Link to comment
Share on other sites
Thoughts

Thoughts

Posted
Posted

Hello Flood thank you. As mentioned Kaspersky correctly detects the EICAR test file if I create it on my computer.

The question was, when this test is launched https://www.amtso.org/feature-settings-check-drive-by-download-test/ there is no warning pop up. I’m not sure if there is supposed to be a pop up warning. The download I assume is blocked as it never appears, but I was simply curious as to whether Kaspersky (or any AV) is supposed to show a pop up warning or not. The blocked page in the YouTube video does not appear if I click on Launch Test.

If you get a chance have a go yourself and let me know if after clicking on Launch Test you see any pop up or a blocked page. I was only chipping in and simply curious.

Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @Thoughts,

You’re welcome🙂 !

  • As per the Amtso test & original eicar tests video, our Launch the Test  test, shows what happens, when we “have a go”.
  • Other Amtso tests produce correct results.

 

 

  • (ioo) the original advice provided to @Questioning2 is unchanged → accepting the certificate error generates PNF 404

Link

  • We cannot explain why (you) don’t see what we see, noting you’ve raised a similar issue that @Igor Kurzin is helping you with; perhaps, if you have another device, test on that → please video & post the tests. 

Thank you🙏

Flood🐳

Link to comment
Share on other sites
Thoughts

Thoughts

Posted
Posted

Hello Berny - The EICAR file itself ‘is’ detected by Kaspersky.

My question was when I click on Launch Test on this page

https://www.amtso.org/feature-settings-check-drive-by-download-test/

The page isn’t blocked, as also reported by Questioning2. Every other AMTSO test page gets correctly blocked (in Firefox and Chrome) just not the one above.

As mentioned by Flood, I have a similar matter currently with Igor and I’m happy to leave things as they are and see what Igor finds.

Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @Thoughts,

  • Kaspersky Technical Support is a service which provides registered Kaspersky users with assistance and advice about their products.
  • Kaspersky Technical Support is a component of the contract between Kaspersky and the holder of the software license which covers Kaspersky providing information technology services in exchange for payment. 
  • Kaspersky Technical Support is available only to users who have purchased a license for use of the software.
  • The Kaspersky Technical Support team are paid Kaspersky employees. 
  • The Kaspersky Community has a small number of Kaspersky employees, these folks are identifiable by the Kaspersky employee beside their name. 
  • The Kaspersky Technical Support team may make discretionary decisions to provide technical support to folks who do not have licensed Kaspersky software. 

Thank you🙏

Flood🐳

Link to comment
Share on other sites
Thoughts

Thoughts

Posted
Posted

Hello Flood

The Thunderbird browser issue Igor Kurzin asked me to submit  trace files for. Are Kaspersky waiting for me to purchase a license before it can be looked into?

I am aware of the limitations as a free license holder, but after your comment I am now unclear where things stand in relation to that specific matter. I am more than happy to wait as long as required, I was simply seeking clarification.

Thank  you.

Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted

Hello @Thoughts,

You’re welcome!

Regarding “Thunderbird browser issue Igor Kurzin asked me to submit trace files for”, it would’ve been better to post the question in your topic Security Cloud 20 Free & Thunderbird E-mail Client, but that aside, if traces were submitted 26th of June, that covers Friday (maybe), Monday & depending on where you are (location) Tuesday, at the most = 2 business days → the Kaspersky expert Technical Team do not work 24x7x365; patience is required, &, as far as we understand, in this instance, discretion has been applied. 

Thank you🙏

Flood🐳

Link to comment
Share on other sites
Thoughts

Thoughts

Posted
Posted

Hello Berny

So it’s clear, I asked as I was confused by Flood’s comment which was: 

Kaspersky Technical Support is only available if Kaspersky software is licensed. 

I fully appreciate the limitations as a free license holder and was simply seeking clarification, which Flood kindly gave.

Regards.

 

Link to comment
Share on other sites
Berny

Berny

Posted
Posted

@Thoughts Please be aware that this is not a general rule. Only in some specific cases  K-Lab Team is providing assistance for an  issue related to a free version. Also,  do not PM or post an INC number unless a K-Lab collaborator or moderation is asking to do so.

Link to comment
Share on other sites
  • 3 weeks later...
Thoughts

Thoughts

Posted
Posted

Hello Flood

Thank you, I can also confirm the Drive By test works in Firefox, Firefox ESR, Google Chrome and Thunderbird’s embedded browser.

Every other AMTSO test is correctly detected by Kaspersky Security Cloud in the above browsers with the sole exception of the Phishing page test which is not detected within Thunderbird’s embedded browser. I only mentioned this as a complete picture, not a new issue, as Kaspersky engineers are fully aware of this matter and it’s currently being investigated.

So in terms of pure browsers, all AMTSO tests are correctly detected.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...