Weird Kaspesrky Folder on EFI Partition

[Jonathan95]

Hello guys !!!!

I have installed the kaspersky free for some time now, but i discover that there is a kaspersky4win folder on the efi partition. I can't go deeper to that folder to see if there are other files inside, but i think it's weird. Why there is a kaspersky folder there ?? i tried to uninstall the kaspersky free to see if this folder goes, but it's still there.. I re-install the antivirus.

Does anyone knows about that ?? What is the purpose of that ??

[harlan4096]

Welcome to Kaspersky Community.

 

It is not inside EFI folder, but inside System Volume Information Windows folder.

 

https://www.howtogeek.com/282214/what-is-the-system-volume-information-folder-and-can-i-delete-it/

[Jonathan95]

I didn't said that it's on the efi folder, but that it's on the 100MB EFI partition. At least it seems like that. 

Indeed there is a System Volume Information folder on the C partition, but it seems there is also a System Volume Information folder on the EFI partition and inside that folder there is a Kaspersky folder.

Edited March 5, 2024 by Jonathan95

[harlan4096]

For the name it seems just name of the installer folder with extracted files.

[Jonathan95]

14 minutes ago, harlan4096 said:

For the name it seems just name of the installer folder with extracted files.

Yeah, maybe you are right, but why it's on the EFI partition, that's my question.

I don't have any problem, everything works just fine, but why Kaspersky created a folder on that partition, that is i don't understand.

Edited March 5, 2024 by Jonathan95

[harlan4096]

Yeah, if it is already there, it's very weird 🤔

[harlan4096]

What is the current version of Your KFree now?

[Berny]

I can only locate ‘ kaspersky4win ‘ in the NFTS partition 🤔

[Jonathan95]

The Kaspersky Free version is the latest (21.16.6.467(a))

I have the easeus partition master and with that I got access to the EFI partition files, but I can't do much, I can't create or modify anything.

I have a virtual machine with the windows 11 dev, and in the past I had installed the Kaspersky to do some tests, and that kaspersky4win folder is also there.

Edited March 5, 2024 by Jonathan95

[Berny]

@Jonathan95

Please check with Explorer Plus Plus ?

 

[Jonathan95]

28 minutes ago, Berny said:

@Jonathan95

Please check with Explorer Plus Plus ?

 

I did it on the virtual machine I have as it have the same Kaspersky folder, and obviously it's there.

[Berny]

@Jonathan95

Is this a clone from source drive C to target D drive or dual boot ?

[Jonathan95]

10 minutes ago, Berny said:

@Jonathan95

Is this a clone from source drive C to target D drive or dual boot ?

No clone, no dual boot, no nothing, just a regular windows installation.

The D drive it's the EFI partition, I had to gave it a letter to access it, to be visible on the explorer.

Edited March 5, 2024 by Jonathan95

[Berny]

@Jonathan95

I understand … This  doesn’t look like a Kaspersky issue , unfortunately Kaspersky Technical Support is not available for Kaspersky Free.

[Jonathan95]

25 minutes ago, Berny said:

@Jonathan95

I understand … This  doesn’t look like a Kaspersky issue , unfortunately Kaspersky Technical Support is not available for Kaspersky Free.

This is not a real issue, the folder it seems empty, and as I said everything works fine, but if not a Kaspersky's issue then who's issue is ?? windows ?? How is a windows issue ?? This folder created by Kaspersky in the EFI partition and that doesn't make any sense.

PS: I don't think that is a Kaspersky Free issue, maybe and other versions (standard, plus etc.) creates that folder.

Do you have it ?? Can you check it ?? Or anyone else ??

[Schulte]

Hello @Jonathan95,

I can partly confirm your observation.
Since 21.8, a directory is also created in 'C:\System Volume Information' during the upgrade, but it is not empty:
 

Spoiler

Nothing can be seen of the many previous installations. I also don't know what the files are used for. Perhaps it is used for system recovery?

Our systems are not directly comparable (I am currently running W7), but this shows that it is probably not a Windows function (W7 has been installed for over 15 years).

[Jonathan95]

9 minutes ago, Schulte said:

Hello @Jonathan95,

I can partly confirm your observation.
Since 21.8, a directory is also created in 'C:\System Volume Information' during the upgrade, but it is not empty:
 

  Reveal hidden contents

Nothing can be seen of the many previous installations. I also don't know what the files are used for. Perhaps it is used for system recovery?

Our systems are not directly comparable (I am currently running W7), but this shows that it is probably not a Windows function (W7 has been installed for over 15 years).

I don't know why is in the C either but that is being on EFI partition is even weirder.

[Jonathan95]

Does anyone knows what program can I use to delete the kaspersky4win folder ?? 

Of course I will try it on the virtual machine first, so nothing bad can happen. I tried the diskgenius but without success.

[harlan4096]

Maybe booting from a Linux distro in an USB device 🤔

[Schulte]

I'm not sure whether anything should be done here. There must be a reason why these folders are created. And the EFI partition is just a partition like (almost) any other. It also needs to be protected.

[Jonathan95]

Finally, after a lot of searching I managed to delete the kaspersky4win folder (on the virtual machine) aslo the $recycle.bin folder that shouldn't be there with a little program called "file folder shredder 1.1" and worked like a charm.

I did it and on my main machine and also worked as it should.

Maybe in the future it will recreated the kaspersky4win folder but for now it's gone.

PS: the pic is from the virtual machine windows as it is the pic on my 5th post.

Edited March 6, 2024 by Jonathan95

[nexon]

Also here is mine... With K4W 21.15 and 21.16 version. Also files like ISwift, klif, klmeta etc...But why in sys volume info? hm

[Jonathan95]

1 hour ago, nexon said:

Also here is mine... With K4W 21.15 and 21.16 version. Also files like ISwift, klif, klmeta etc...But why in sys volume info? hm

At least your's it's on the C, mine it's (was) on the EFI (EPS) partition.

I checked the C:\System Volume Information on my pc too and there is a kaspersky4win folder and a klBackupDepository.dat file, nothing else from Kaspersky. I don't know why.

Edited March 6, 2024 by Jonathan95

[nexon]

Check your disks in windows should be lookslike mine...

DISK 1 is disk C -  SSD there i have installed windows, EFI and also recovery partition...
DISK 0 is disk D - just DATA HDD.

Edited March 6, 2024 by nexon

[Jonathan95]

Mine is EFI -> C

Only these two, I have deleted the 16mb MSR partition that was between the EFI and C and the Recovery partition and also I have increased the EFI partition from 100mb to 300mb

I have also an external HDD and I checked it, and inside the System Volume Information there is also a kaspersky4win folder and a klBackupDepository.dat file.

So, maybe those two created after a scan ???? I think that it's a possibility.

Edited March 6, 2024 by Jonathan95