Jump to content

Suspicious Action Blocked/Allow Events, "Use browser command line" with Internet Control Panel.


Recommended Posts

Agentgraves84
Posted
I noticed recently I started getting lots of kaspersky. notifications on my windows 10 task bar, lots of Suspicious Action Blocked/Allow logs. Most were either Suspicious Behaviour Blocked Win Explorer "duplicate internal process handle" or Suspicious Behaviour Allowed Internet Explorer "use browser command line". Is it ok that the Win Explorer actions are being allowed? I've done scans with Kaspersky, Malwarebytes and hitmanpro and no threats are found, Thanks! Update: After looking at my 30 day log, I noticed the same events have been happening for at least 30 days., so i'm not sure why I've just started recently seeing notifications. It also seems like it might be related to safe money but i'm not sure.
Flood and Flood's wife
Posted
Hello Agentgraves84, Welcome! You're correct, these events are normal when SafeMoney/Protected browser is active. Re: "Suspicious Behaviour Blocked Win Explorer""duplicate internal process handle" When Protected Browser/ Safe Money is in use, Kaspersky reports many NORMAL processes as their functions or some of their functions are categorised differently according to the environment in use, this is the Kaspersky software working correctly. However, having said that, I'm not familiar with: "Suspicious Behaviour Allowed Internet Explorer "use browser command line". Is Internet Explorer your Windows default browser? Operating system name/version? Please let us know? Thanks!
Agentgraves84
Posted
Thanks for the welcome :) I suspected the blocked Windows Explorer action was connected to safe money as I noticed those events when I launched it. I actually made a mistake with the Suspicious action that is being allowed. It's actually "Use browser command line" with Internet Control Panel as the application. Application path being windows/system32/inetcpl.cpl. Any thoughts as to what that might be? I have both Edge and IE explorer installed. I normally wouldn't think twice about it but I got a windows notification while I was surfing the other day (nothing shady or illegal) saying my firewall was disabled. I immediately thought a virus or something somehow slipped through so I quickly disconnected and re-booted. Everything booted up fine with my firewall enabled again. I have done several scans with various software but no threats are found. Thanks again! Using Windows 10 Home 64 Version 1809
Flood and Flood's wife
Posted
Hello Agentgraves84, Thank for posting back! Re: Winodws Firewall alert: The "emergency" quick thinking actions you took are exactly what's required. Re: "Use browser command line, Internet Control Panel. windows/system32/inetcpl.cpl" Internet Options inetcpl.cpl Opens the classic Internet Options window. Manage Internet settings that Internet Explorer and other browsers may use. Can you check, how often this specific event is reported? Is Safe Browser/Protected browser running when this event occurs? Please check: **start Internet Explorer - normal browser a) change several Internet Explorer settings check Kaspersky application Reports - any events? **start Protect Browser b) change several Internet Explorer settings check Kaspersky application Reports - any events? Also, if it's not too much trouble, may we have a GSI https://support.kaspersky.com/common/diagnostics/3632#block7 please? Thanks!
Agentgraves84
Posted
Thanks for the suggestions, I really appreciate it. I thought I would try resetting kasperky settings back to default in case something somehow got changed and so far I haven't seen any of those suspicions event allowed logs. Fingers crossed that fixed it. If I see it happen again, I will certainly post back with my sys info. I did notice something else today however. I booted up my pc and sat down about 30 min later and saw there were 2 windows notifications that my firewall and antivirus were turned off again. When I checked my event logs, it showed the protection applications did not start up until 10min or so from start up. I double checked and start Kaspersky on Startup is definitely checked. I have rebooted several times and everything is starting normally. All scans are still showing no threats. I have read Windows defender can sometimes cause problems, I have had a few windows updates that last couple of days so i'm not sure if there's a windows conflict somewhere. Any thoughts as to what I might try?
Flood and Flood's wife
Posted
Hello Agentgraves84, Thanks for posting back! May we have a GSI please? When the GSI is starting please select/include "Windows Logs". Please upload GSI to any cloud storage you use and post back the link for us. Many thanks!
  • 2 years later...
Posted

I too have noticed taskbar notifications mostly belonging to the Low Restricted Group.  I’ve been receiving taskbar notifications on certain window processes wanting to change the operation of the process if not something in the registry depending on the applications.  I am given options to Allow or Block  and additional actions to Trust or Distrust the application.  Which do you suggest I choose as this notifies are., yes, annoying.

Perhaps a link to a good read on the matter would be helpful too.  Thank you

Flood and Flood's wife
Posted

Hello @hpum

Welcome!

Without seeing the notifications it’s not possible to advise, nor provide a link, you have not told or shown us what the alerts are! Are the alerts in the KTS Reports? 

If such notifications have increased, you really should log a case with Kaspersky support, either via Chat or Email, select Malware, Detected threat appears over & over again template. Support may request logs, traces & other data, they will guide you.

  • If selecting Chat option, we recommend you request a copy of the chat transcript, make sure you fill in your email address AFTER the chat is activated by the Chat agent & complete the Verify your email address email AFTER the chat completes.
  • When it’s available, please share the outcome with the Community? 

Thank you🙏

Flood🐳+🐋

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...