When SW finds a virus, the user will be prompted to select "Restart the computer to remove the virus" and "Do not restart the computer to remove the virus". If the user selects "Do not restart the computer to remove the virus", the application will try this operation, but There is a probability that this operation will fail. If it fails, the application will endlessly push the previous selection window to the user. I think it is necessary to let the user know that the application cannot clear the virus without restarting the computer in the current situation, and Instead of popping up the same window endlessly for users to choose again.

Reproduction steps:

Specific reproduction process and trace, I put in the network disk, download address: https://c-t.work/s/02478c14e2464f

Actual result:

Duplicate reports appear.

Expected Result:

There are no duplicate reports.

Reproduction steps:

Run the attached file (Virus.exe) and wait for about ten minutes. Most of the files are encrypted. At this time, SW found the ransomware and terminated its process, but then no prompt box appeared and no rollback was performed encrypted file.

Because the ransomware encrypted the log file, I was unable to provide the trace. I provided a sample of the ransomware and a reproduced video. The download address is https://c-t.work/s/16e1a04e903741.

Actual result:

The application does not appear any prompt boxes and rollback any files.

Expected Result:

The application displays a prompt box and rolls back the encrypted file.

Reproduction steps:

Specific reproduction process and trace, I put in the network disk, download address: https://c-t.work/s/367fc654fd4846

Actual result:

Terminate the process without a second verification.

Expected Result:

There is a second verification.

After some users learned that the "Trusted Application Mode" will be removed in version 2021, they hoped that this feature would not be deleted, because they turned on this feature to prevent people with low awareness of network security in their homes from downloading to some informal Software.

I hope you can consider this suggestion. Although this mode is a superfluous mode for most people, it is a very suitable mode for e.g. the elderly and children. I look forward to your reply!

Reproduction steps:

No special steps to reproduce, I installed KTS2021 b21.0.39.1388 and it is disabled.

Actual result:

Warning KSN is disabled, some legit applications are being moved to restricted groups in Application Control and also I can't check reputation of files in KSN

Reproduction steps:

No special steps to reproduce, just go to More Tools -> Manage Applications...

Actual result:

Is it by design or temporally disabled?????????

Reproduction steps:

No special steps to reproduce, just install, update signatures, reboot the system and open a browser or a mail pop client...

Actual result:

I can't surf with any browser: FF, Chrome, Edge, Brave nor check my POP email account with PopPeeper

If I disable FireWall module, then I can connect...

Reproduction steps:

Go to "Manage Applications"

Actual result:

Abnormal text

Expected Result:

Does not appear in the text

Related screenshot: https://cloud.qainfo.ru/s/TAZ14TJoIMZHzHP

Real PC:

Windows 10 x64 18362.449

KTS 21.0.29.1036 app+drv ver. on

Standard Browser: Firefox

Reproduction steps:

1. i set some exclusions in the application control for assassins creed odyssey(screenshot in attached archiv)
2. i started to play assassins creed odyssey
3. after a while when i went back on the desktop(odyssey still running) i saw a rootkit scan had started

I know its debateable how much of an gamemode violation this is because of the exclusions set.

But a rootkit scan started despite a game running with active gamemode so...

Rootkit scan started within the last 3 min. of the traces.

Actual result:

Rootkit scan started during gameplay with active gamemode

Expected Result:

Rootkit scan doesnt start when a game is running

Reproduction steps:

The specific recurring process is presented in video form: https://cloud.qainfo.ru/s/LWSdfb0rOSS5lhp.

Actual result:

The application control component was successfully closed.

Expected Result:

The application control component should not be successfully closed.

Reproduction steps:

The specific recurring process is shown by video: https://cloud.qainfo.ru/s/89hTzfYowcnJ6yY.

Actual result:

The firewall is turned off.

Expected Result:

The firewall should not be shut down.

Reproduction steps:

Just go to Specify Trusted Applications and select an application, tick some items and Add it, or go to Application Control, select any application -> select its application rules -> Exclusions -> tick some items and Save.

Actual result:

Go again to Trusted Applications or Application Control and check both exclusions... are gone.

Expected Result:

Exclusions created and saved via both methods.

Reproduction steps:

I recorded a video to describe this problem: https://cloud.qainfo.ru/s/fvaEPCd55pSlnA0

Actual result:

The icon is not modified after re-entry (but will change automatically after a while)

Expected Result:

The icon should be modified as soon as you re-enter the application interface

Reproduction steps:

I recorded a video to describe the recurring process: https://cloud.qainfo.ru/s/giNzUACpY26msLN

Actual result:

Three "second confirmation windows" pop up

Expected Result:

A "second confirmation window" pops up

Reproduction steps:

The specific recurrence process is presented in video format. Check the address: https://cloud.qainfo.ru/s/gJmYuvZr4YEJQjT

Actual result:

Pop up this second confirmation window

Expected Result:

Do not pop this second confirmation window

Reproduction steps:

Double-click this sample and wait for some time. The sample will run automatically. When the sample shows malicious behavior, Kaspersky detects the malicious program, but does not promptly pop up the prompt window and block the malware behavior, resulting in this malicious sample. Successfully carried out malicious acts and also destroyed the system (the language of some places has changed), for which Kaspersky did not recover the files lost by the computer.

Actual result:

Kaspersky did not promptly stop the malicious behavior of the virus sample, and did not delete the original file in time.

Expected Result:

Kaspersky promptly blocks the malicious behavior of the virus sample and deletes the original file in time.

Report download address:https://cloud.qainfo.ru/s/75oDrpeSbATxDgl

Trace download address:https://cloud.qainfo.ru/s/f2gEstyRl4wjQBy

Virus sample download address:https://cloud.qainfo.ru/s/YMl4Ms6hweGR05n

Reproduction steps:

This problem is more serious, there are questions about SW defense ransomware

Virus sample download address 1 (normal version): https://cloud.qainfo.ru/s/SshTyjY2pPikmjZ

Virus sample download address 2 (using VMP): https://cloud.qainfo.ru/s/M3mNmNTJ5aVZcvu

Double-click the sample as shown in this image (https://cloud.qainfo.ru/s/zNCv7EJMqNggv1K)

Actual result:

Defense failure

Expected Result:

Defense success

There are still some words that I want to say to the development team:This is no accident. When the ransomware modifies the original files without deleting them, Kaspersky’s defenses are ineffective. I have discovered this problem more than once. I thought I uploaded them to the anti-virus department. I will pay attention to it, but the result is very disappointing. They just learn my sample machine and not solve the problem of SW.

Windows 10 Pro Build 18362  EN All update KTS 21.0.15.554 EN Google Chrome 75.0.3770.142 (Official Build) (64-bit)

Reproduction steps:

1. Install Product.
2. Open Google Chrome. 

Actual result:

Access internet blocked.

Expected Result:

Internet work in normal mode.