Bug reports connected to the following components:

— Application control (HIPS); 
— Firewall (FW); 
— System Watcher (SW); 
— Intrusion detection system (IDS); 
— Trusted applications manager (TAM) 
— Webcam access; 
— Audio control; 
— System changes control. 
— Software Update and Software Cleaner. 
 
i| Please note that in products KFA\KAV only System Watcher is avaliable.

 

 Please write in this topic only about the problems that suits the list of components!

General requirements for bug-reports are written in Section 2 of testing guide.

 

All inappropriate messages will be deleted!

!| ALWAYS add product traces

  • Windows 10 Pro Build 18362  EN All update KTS 21.0.15.554 EN Google Chrome 75.0.3770.142 (Official Build) (64-bit)

    Reproduction steps:

    1. Install Product.
    2. Open Google Chrome. 

    Actual result:

    Access internet blocked.

    Expected Result:

    Internet work in normal mode.

  • Reproduction steps:

    This problem is more serious, there are questions about SW defense ransomware

    Virus sample download address 1 (normal version): https://cloud.qainfo.ru/s/SshTyjY2pPikmjZ

    Virus sample download address 2 (using VMP): https://cloud.qainfo.ru/s/M3mNmNTJ5aVZcvu

    Double-click the sample as shown in this image (https://cloud.qainfo.ru/s/zNCv7EJMqNggv1K)

    https://cloud.qainfo.ru/s/zNCv7EJMqNggv1K

    Actual result:

    Defense failure

    Expected Result:

    Defense success

    There are still some words that I want to say to the development team:This is no accident. When the ransomware modifies the original files without deleting them, Kaspersky’s defenses are ineffective. I have discovered this problem more than once. I thought I uploaded them to the anti-virus department. I will pay attention to it, but the result is very disappointing. They just learn my sample machine and not solve the problem of SW.

  • Reproduction steps:

    Double-click this sample and wait for some time. The sample will run automatically. When the sample shows malicious behavior, Kaspersky detects the malicious program, but does not promptly pop up the prompt window and block the malware behavior, resulting in this malicious sample. Successfully carried out malicious acts and also destroyed the system (the language of some places has changed), for which Kaspersky did not recover the files lost by the computer.

    Actual result:

    Kaspersky did not promptly stop the malicious behavior of the virus sample, and did not delete the original file in time.

    Expected Result:

    Kaspersky promptly blocks the malicious behavior of the virus sample and deletes the original file in time.

    Report download address:https://cloud.qainfo.ru/s/75oDrpeSbATxDgl

    Trace download address:https://cloud.qainfo.ru/s/f2gEstyRl4wjQBy

    Virus sample download address:https://cloud.qainfo.ru/s/YMl4Ms6hweGR05n

  • Reproduction steps:

    The specific recurrence process is presented in video format. Check the address: https://cloud.qainfo.ru/s/gJmYuvZr4YEJQjT

    Actual result:

    Pop up this second confirmation window

    Expected Result:

    Do not pop this second confirmation window

  • Reproduction steps:

    I recorded a video to describe the recurring process: https://cloud.qainfo.ru/s/giNzUACpY26msLN

    Actual result:

    Three "second confirmation windows" pop up

    Expected Result:

    A "second confirmation window" pops up

  • Reproduction steps:

    I recorded a video to describe this problem: https://cloud.qainfo.ru/s/fvaEPCd55pSlnA0

    Actual result:

    The icon is not modified after re-entry (but will change automatically after a while)

    Expected Result:

    The icon should be modified as soon as you re-enter the application interface

  • Reproduction steps:

    Just go to Specify Trusted Applications and select an application, tick some items and Add it, or go to Application Control, select any application -> select its application rules -> Exclusions -> tick some items and Save.

    Actual result:

    Go again to Trusted Applications or Application Control and check both exclusions... are gone.

    Expected Result:

    Exclusions created and saved via both methods.

  • Reproduction steps:

    The specific recurring process is shown by video: https://cloud.qainfo.ru/s/89hTzfYowcnJ6yY.

    Actual result:

    The firewall is turned off.

    Expected Result:

    The firewall should not be shut down.

  • Reproduction steps:

    The specific recurring process is presented in video form: https://cloud.qainfo.ru/s/LWSdfb0rOSS5lhp.

    Actual result:

    The application control component was successfully closed.

    Expected Result:

    The application control component should not be successfully closed.

  • Real PC:

    Windows 10 x64 18362.449

    KTS 21.0.29.1036 app+drv ver. on

    Standard Browser: Firefox

    Reproduction steps:

    1. i set some exclusions in the application control for assassins creed odyssey(screenshot in attached archiv)
    2. i started to play assassins creed odyssey
    3. after a while when i went back on the desktop(odyssey still running) i saw a rootkit scan had started

    I know its debateable how much of an gamemode violation this is because of the exclusions set.

    But a rootkit scan started despite a game running with active gamemode so...

    Rootkit scan started within the last 3 min. of the traces.

    Actual result:

    Rootkit scan started during gameplay with active gamemode

    Expected Result:

    Rootkit scan doesnt start when a game is running

  • Reproduction steps:

    Go to "Manage Applications"

    Actual result:

    Abnormal text

    Expected Result:

    Does not appear in the text

    Related screenshot: https://cloud.qainfo.ru/s/TAZ14TJoIMZHzHP

  • Reproduction steps:

    No special steps to reproduce, just install, update signatures, reboot the system and open a browser or a mail pop client...

    Actual result:

    I can't surf with any browser: FF, Chrome, Edge, Brave nor check my POP email account with PopPeeper

    If I disable FireWall module, then I can connect...

  • Reproduction steps:

    No special steps to reproduce, just go to More Tools -> Manage Applications...

    Actual result:

    Is it by design surprised or temporally disabled?????????

  • Reproduction steps:

    No special steps to reproduce, I installed KTS2021 b21.0.39.1388 and it is disabled.

    Actual result:

    Warning KSN is disabled, some legit applications are being moved to restricted groups in Application Control and also I can't check reputation of files in KSN

  • After some users learned that the "Trusted Application Mode" will be removed in version 2021, they hoped that this feature would not be deleted, because they turned on this feature to prevent people with low awareness of network security in their homes from downloading to some informal Software.

    I hope you can consider this suggestion. Although this mode is a superfluous mode for most people, it is a very suitable mode for e.g. the elderly and children. I look forward to your reply!

  • Reproduction steps:

    Specific reproduction process and trace, I put in the network disk, download address: https://c-t.work/s/367fc654fd4846

    Actual result:

    Terminate the process without a second verification.

    Expected Result:

    There is a second verification.

  • Reproduction steps:

    Run the attached file (Virus.exe) and wait for about ten minutes. Most of the files are encrypted. At this time, SW found the ransomware and terminated its process, but then no prompt box appeared and no rollback was performed encrypted file.

    Because the ransomware encrypted the log file, I was unable to provide the trace. I provided a sample of the ransomware and a reproduced video. The download address is https://c-t.work/s/16e1a04e903741.

    Actual result:

    The application does not appear any prompt boxes and rollback any files.

    Expected Result:

    The application displays a prompt box and rolls back the encrypted file.

  • Reproduction steps:

    Specific reproduction process and trace, I put in the network disk, download address: https://c-t.work/s/02478c14e2464f

    Actual result:

    Duplicate reports appear.

    Expected Result:

    There are no duplicate reports.

  • When SW finds a virus, the user will be prompted to select "Restart the computer to remove the virus" and "Do not restart the computer to remove the virus". If the user selects "Do not restart the computer to remove the virus", the application will try this operation, but There is a probability that this operation will fail. If it fails, the application will endlessly push the previous selection window to the user. I think it is necessary to let the user know that the application cannot clear the virus without restarting the computer in the current situation, and Instead of popping up the same window endlessly for users to choose again.

Looks like your connection to Beta Testing was lost, please wait while we try to reconnect.