why Undetected Rdp dll injection?

[halilkulas]

hi,

Microsoft virus program sees the application that injects the dll for rdp mstc.exe. Why doesn't it see it as a virus when I scan it in Kaspersky standard?

The application code is sent in the link below.

https://file.io/689KSCuojugb

[harlan4096]

Welcome to Kaspersky Community.

 

I've downloaded the files. There are exe and dlls that are trusted to KSN, but I've reported to K. analysts 2 files that were unknown to KSN:

 

SharpR.exe

RDPHook.dll

 

Checking both on VirusTotal, it's true that are some av firms detecting them, but many are generic detections, in both cases VirusTotal says files are not signed, They could be just false positives or not, let's wait the final verdict from K. analysts.

[harlan4096]

SharpR.exe, RDPHook.dll::

 

Quote

 

Hello,

Objects detection will be included in the next update.
HEUR:HackTool.MSIL.Agent.gen
Thank you for your help.

Best regards, Malware Analyst

 

 

Both files are not actually virus, but tagged as HackTools.

 

KSN already knows them:

 

[halilkulas]

I am a standard Kaspersky user. Why didn't I get any warnings when I ran the scan in the attachment above?

[harlan4096]

Update Your K. product signatures, They should be detected now.