Bug reports connected to the following components:
Please write in this topic only about the problems that suits the list of components!
General requirements for bug-reports are written in Section 2 of testing guide.
All inappropriate messages will be deleted!
!| ALWAYS add product traces
-
When SW finds a virus, the user will be prompted to select "Restart the computer to remove the virus" and "Do not restart the computer to remove the virus". If the user selects "Do not restart the computer to remove the virus", the application will try this operation, but There is a probability that this operation will fail. If it fails, the application will endlessly push the previous selection window to the user. I think it is necessary to let the user know that the application cannot clear the virus without restarting the computer in the current situation, and Instead of popping up the same window endlessly for users to choose again.
-
Reproduction steps:
Specific reproduction process and trace, I put in the network disk, download address: https://c-t.work/s/02478c14e2464f
Actual result:
Duplicate reports appear.
Expected Result:
There are no duplicate reports.
-
Reproduction steps:
Run the attached file (Virus.exe) and wait for about ten minutes. Most of the files are encrypted. At this time, SW found the ransomware and terminated its process, but then no prompt box appeared and no rollback was performed encrypted file.
Because the ransomware encrypted the log file, I was unable to provide the trace. I provided a sample of the ransomware and a reproduced video. The download address is https://c-t.work/s/16e1a04e903741.
Actual result:
The application does not appear any prompt boxes and rollback any files.
Expected Result:
The application displays a prompt box and rolls back the encrypted file.
-
Reproduction steps:
Specific reproduction process and trace, I put in the network disk, download address: https://c-t.work/s/367fc654fd4846
Actual result:
Terminate the process without a second verification.
Expected Result:
There is a second verification.
-
#2119 Suggestion: I recommend that product managers can keep the "Trusted Application Mode"
Rejected
After some users learned that the "Trusted Application Mode" will be removed in version 2021, they hoped that this feature would not be deleted, because they turned on this feature to prevent people with low awareness of network security in their homes from downloading to some informal Software.
I hope you can consider this suggestion. Although this mode is a superfluous mode for most people, it is a very suitable mode for e.g. the elderly and children. I look forward to your reply!
-
#2110 KSN is Disabled
Rejected
Reproduction steps:
No special steps to reproduce, I installed KTS2021 b21.0.39.1388 and it is disabled.
Actual result:
Warning KSN is disabled, some legit applications are being moved to restricted groups in Application Control and also I can't check reputation of files in KSN
-
#1950 Where is TAM???????????
Rejected
Reproduction steps:
No special steps to reproduce, just go to More Tools -> Manage Applications...
Actual result:
Is it by design
or temporally disabled?????????
-
#1942 No connection if FW is enabled
Rejected
Reproduction steps:
No special steps to reproduce, just install, update signatures, reboot the system and open a browser or a mail pop client...
Actual result:
I can't surf with any browser: FF, Chrome, Edge, Brave nor check my POP email account with PopPeeper
If I disable FireWall module, then I can connect...
-
Reproduction steps:
Go to "Manage Applications"
Actual result:
Abnormal text
Expected Result:
Does not appear in the text
Related screenshot: https://cloud.qainfo.ru/s/TAZ14TJoIMZHzHP
-
#1853 gamemode "violation"
Rejected
Real PC:
Windows 10 x64 18362.449
KTS 21.0.29.1036 app+drv ver. on
Standard Browser: Firefox
Reproduction steps:
- i set some exclusions in the application control for assassins creed odyssey(screenshot in attached archiv)
- i started to play assassins creed odyssey
- after a while when i went back on the desktop(odyssey still running) i saw a rootkit scan had started
I know its debateable how much of an gamemode violation this is because of the exclusions set.
But a rootkit scan started despite a game running with active gamemode so...
Rootkit scan started within the last 3 min. of the traces.
Actual result:
Rootkit scan started during gameplay with active gamemode
Expected Result:
Rootkit scan doesnt start when a game is running
-
Reproduction steps:
The specific recurring process is presented in video form: https://cloud.qainfo.ru/s/LWSdfb0rOSS5lhp.
Actual result:
The application control component was successfully closed.
Expected Result:
The application control component should not be successfully closed.
-
Reproduction steps:
The specific recurring process is shown by video: https://cloud.qainfo.ru/s/89hTzfYowcnJ6yY.
Actual result:
The firewall is turned off.
Expected Result:
The firewall should not be shut down.
-
Reproduction steps:
Just go to Specify Trusted Applications and select an application, tick some items and Add it, or go to Application Control, select any application -> select its application rules -> Exclusions -> tick some items and Save.
Actual result:
Go again to Trusted Applications or Application Control and check both exclusions... are gone.
Expected Result:
Exclusions created and saved via both methods.
-
Reproduction steps:
I recorded a video to describe this problem: https://cloud.qainfo.ru/s/fvaEPCd55pSlnA0
Actual result:
The icon is not modified after re-entry (but will change automatically after a while)
Expected Result:
The icon should be modified as soon as you re-enter the application interface
-
Reproduction steps:
I recorded a video to describe the recurring process: https://cloud.qainfo.ru/s/giNzUACpY26msLN
Actual result:
Three "second confirmation windows" pop up
Expected Result:
A "second confirmation window" pops up
-
#1551 Unusual confirmation window
Rejected
Reproduction steps:
The specific recurrence process is presented in video format. Check the address: https://cloud.qainfo.ru/s/gJmYuvZr4YEJQjT
Actual result:
Pop up this second confirmation window
Expected Result:
Do not pop this second confirmation window
-
Reproduction steps:
Double-click this sample and wait for some time. The sample will run automatically. When the sample shows malicious behavior, Kaspersky detects the malicious program, but does not promptly pop up the prompt window and block the malware behavior, resulting in this malicious sample. Successfully carried out malicious acts and also destroyed the system (the language of some places has changed), for which Kaspersky did not recover the files lost by the computer.
Actual result:
Kaspersky did not promptly stop the malicious behavior of the virus sample, and did not delete the original file in time.
Expected Result:
Kaspersky promptly blocks the malicious behavior of the virus sample and deletes the original file in time.
Report download address:https://cloud.qainfo.ru/s/75oDrpeSbATxDgl
Trace download address:https://cloud.qainfo.ru/s/f2gEstyRl4wjQBy
Virus sample download address:https://cloud.qainfo.ru/s/YMl4Ms6hweGR05n
-
Reproduction steps:
This problem is more serious, there are questions about SW defense ransomware
Virus sample download address 1 (normal version): https://cloud.qainfo.ru/s/SshTyjY2pPikmjZ
Virus sample download address 2 (using VMP): https://cloud.qainfo.ru/s/M3mNmNTJ5aVZcvu
Double-click the sample as shown in this image (https://cloud.qainfo.ru/s/zNCv7EJMqNggv1K)
Actual result:
Defense failure
Expected Result:
Defense success
There are still some words that I want to say to the development team:This is no accident. When the ransomware modifies the original files without deleting them, Kaspersky’s defenses are ineffective. I have discovered this problem more than once. I thought I uploaded them to the anti-virus department. I will pay attention to it, but the result is very disappointing. They just learn my sample machine and not solve the problem of SW.
-
Windows 10 Pro Build 18362 EN All update KTS 21.0.15.554 EN Google Chrome 75.0.3770.142 (Official Build) (64-bit)
Reproduction steps:
- Install Product.
- Open Google Chrome.
Actual result:
Access internet blocked.
Expected Result:
Internet work in normal mode.