#1448 Can not detect and block some ransomware sample


  • Accepted

    , last edited by Jarvis

    Reproduction steps:

    This problem is more serious, there are questions about SW defense ransomware

    Virus sample download address 1 (normal version): https://cloud.qainfo.ru/s/SshTyjY2pPikmjZ

    Virus sample download address 2 (using VMP): https://cloud.qainfo.ru/s/M3mNmNTJ5aVZcvu

    Double-click the sample as shown in this image (https://cloud.qainfo.ru/s/zNCv7EJMqNggv1K)

    https://cloud.qainfo.ru/s/zNCv7EJMqNggv1K

    Actual result:

    Defense failure

    Expected Result:

    Defense success

    There are still some words that I want to say to the development team:This is no accident. When the ransomware modifies the original files without deleting them, Kaspersky’s defenses are ineffective. I have discovered this problem more than once. I thought I uploaded them to the anti-virus department. I will pay attention to it, but the result is very disappointing. They just learn my sample machine and not solve the problem of SW.

    System Settings

    Operating system: Win 10, x64

    System: Intel Core i7 4790k, Western Digital 2T black disk

    Product: KIS

    Product Version: 21.0.15.544

    Language: zh-CN

    Product Logs: no need

  • hello! If there are no files on desktop to encode - nothing happens, KIS don't detect anything If there are any file to encode - KIS detect and delete ransomware, when timer gets 0
  • , last edited by huang1111

    @jarvis said in Kaspersky System Watcher Defect:

    hello! If there are no files on desktop to encode - nothing happens, KIS don't detect anything If there are any file to encode - KIS detect and delete ransomware, when timer gets 0

    Hello, the timer time is 30 seconds, I just tested it, Kaspersky still miss (at this time, Kaspersky virus database is already the latest version), jpg images stored on the desktop can not turn on.If you can't reproduce it, please try the Chinese version of Kaspersky.

  • The sample is from here if I don't guess incorrectly. cool This sample is very intersting.

  • @ wesly-zhang在卡巴斯基系统观察者缺陷中说

    如果我没猜错,样本就是从这里来的凉这个样本非常有趣。

    这个样本是温馨小屋那个会员测试以后PM我的,卡巴检测不出来,但我不清楚为啥他们这边可以检测出来cool我已经在上传一段视频到G云盘,你方便看的话也看一下

  • @jarvis said in Kaspersky System Watcher Defect:

    hello! If there are no files on desktop to encode - nothing happens, KIS don't detect anything If there are any file to encode - KIS detect and delete ransomware, when timer gets 0

    Hello, I recorded a video, please take a look: https://drive.google.com/file/d/1G7RS4q3AsX5derEhSPvFd5pyJlGGljVB/view?usp=sharing



Looks like your connection to Beta Testing was lost, please wait while we try to reconnect.