Skip to content
  • Categories
  • KForum
  • KClub
  • KClub Discord
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Kaspersky Beta

  1. Home
  2. ENGLISH USER FORUM
  3. Home
  4. Kaspersky
  5. Archive
  6. 2020
  7. [2020] Traffic checking (AV: web/mail/IM, AS/AB/DNT/PC)
  8. Web_Antivirus_give_incorrect_report_'Clean Object Move to Quarantine'

Web_Antivirus_give_incorrect_report_'Clean Object Move to Quarantine'

Scheduled Pinned Locked Moved [2020] Traffic checking (AV: web/mail/IM, AS/AB/DNT/PC)
15 Posts 4 Posters 11.0k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • xzz123X Offline
    xzz123X Offline
    xzz123
    Moderators
    wrote on last edited by Jarvis
    #1

    <p><strong>Reproduction steps:</strong></p>
    <p><span></span>Visit a virus link and avp block the download</p>
    <p><strong>Actual result:</strong></p>
    <p><span></span>Web AV give a incorrect report that Clean Object moved to quarantine</p>
    <p><strong>Expected Result:</strong></p>
    <p><span></span>Web AV only report Object Blocked</p>
    <p></p>
    <p>see screenshot about the incorrect report</p>
    <p><img src="forum.kaspersky.com/uploads/monthly_2018_06/screenshot.thumb.jpg.bf5ca1553585399aaddd090e6c3a54b6.jpg" alt="" /><img src="https://forum.kaspersky.com/uploads/monthly_2018_06/screenshot.thumb.jpg.bf5ca1553585399aaddd090e6c3a54b6.jpg" alt="" width="1000" height="619" /></p>
    <p></p>
    <p>This is a link that you can used to reproduce. Actually any malicious link is ok.</p>
    <p>http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D</p>
    <p></p>
    <p>upload traces and the screenshot:</p>
    <p>https://cloud.qainfo.ru/s/LPcLJbautATgiZ5</p>

    Wesly.ZhangW Ilya.ZadonskyI 2 Replies Last reply
    0
    • xzz123X xzz123

      <p><strong>Reproduction steps:</strong></p>
      <p><span></span>Visit a virus link and avp block the download</p>
      <p><strong>Actual result:</strong></p>
      <p><span></span>Web AV give a incorrect report that Clean Object moved to quarantine</p>
      <p><strong>Expected Result:</strong></p>
      <p><span></span>Web AV only report Object Blocked</p>
      <p></p>
      <p>see screenshot about the incorrect report</p>
      <p><img src="forum.kaspersky.com/uploads/monthly_2018_06/screenshot.thumb.jpg.bf5ca1553585399aaddd090e6c3a54b6.jpg" alt="" /><img src="https://forum.kaspersky.com/uploads/monthly_2018_06/screenshot.thumb.jpg.bf5ca1553585399aaddd090e6c3a54b6.jpg" alt="" width="1000" height="619" /></p>
      <p></p>
      <p>This is a link that you can used to reproduce. Actually any malicious link is ok.</p>
      <p>http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D</p>
      <p></p>
      <p>upload traces and the screenshot:</p>
      <p>https://cloud.qainfo.ru/s/LPcLJbautATgiZ5</p>

      Wesly.ZhangW Offline
      Wesly.ZhangW Offline
      Wesly.Zhang
      Moderators
      wrote on last edited by
      #2

      <p>Hi, @xzz123</p>
      <p></p>
      <p>I simple test this behavior, Nothing happened. Please PM the sample.</p>
      <p></p>
      <p><img src="https://cloud.qainfo.ru/index.php/apps/files_sharing/ajax/publicpreview.php?x=1858&amp;y=664&amp;a=true&amp;file=2018-06-30_133113.png&amp;t=l4rSYUrO7jVltyh&amp;scalingup=0" alt="" width="1262" height="664" /></p>
      <p></p>
      <p>This link you have provided couldn't download the sample directly without registering.</p>

      Go! The world ! 💪 Our CD8/CD4 T lymphocytes are on their way to destroy the new tubular virus.😠
      If I don't reply your post here, Please send a PM in KL Community forum or post a E-Mail ( wesly.zhang@qq.com ) to notice me.

      xzz123X 1 Reply Last reply
      0
      • Wesly.ZhangW Wesly.Zhang

        <p>Hi, @xzz123</p>
        <p></p>
        <p>I simple test this behavior, Nothing happened. Please PM the sample.</p>
        <p></p>
        <p><img src="https://cloud.qainfo.ru/index.php/apps/files_sharing/ajax/publicpreview.php?x=1858&amp;y=664&amp;a=true&amp;file=2018-06-30_133113.png&amp;t=l4rSYUrO7jVltyh&amp;scalingup=0" alt="" width="1262" height="664" /></p>
        <p></p>
        <p>This link you have provided couldn't download the sample directly without registering.</p>

        xzz123X Offline
        xzz123X Offline
        xzz123
        Moderators
        wrote on last edited by
        #3

        <p>@wesly-zhang</p>
        <p>This link should work</p>
        <div id="f_sha1"><a href="https://www.lanzous.com/i1bhydg" target="_blank" rel="noopener">https://www.lanzous.com/i1bhydg</a></div>
        <div>Choose one of three orange button so that download will begin》</div>
        <div>And</div>
        <div>30.06.2018 14.34.06;Detected object (file) cannot be disinfected;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=//MEMZ/Geometry dash auto speedhack.bat;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=//MEMZ/Geometry dash auto speedhack.bat;Trojan.BAT.Memz.b;Trojan program;06/30/2018 14:34:0630.06.2018</div>
        <div>14.34.06;</div>
        <div></div>
        <div>Clean object (file) moved to Quarantine by the user;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=;06/30/2018 14:34:06</div>

        Wesly.ZhangW 2 Replies Last reply
        0
        • xzz123X xzz123

          <p>@wesly-zhang</p>
          <p>This link should work</p>
          <div id="f_sha1"><a href="https://www.lanzous.com/i1bhydg" target="_blank" rel="noopener">https://www.lanzous.com/i1bhydg</a></div>
          <div>Choose one of three orange button so that download will begin》</div>
          <div>And</div>
          <div>30.06.2018 14.34.06;Detected object (file) cannot be disinfected;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=//MEMZ/Geometry dash auto speedhack.bat;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=//MEMZ/Geometry dash auto speedhack.bat;Trojan.BAT.Memz.b;Trojan program;06/30/2018 14:34:0630.06.2018</div>
          <div>14.34.06;</div>
          <div></div>
          <div>Clean object (file) moved to Quarantine by the user;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=;06/30/2018 14:34:06</div>

          Wesly.ZhangW Offline
          Wesly.ZhangW Offline
          Wesly.Zhang
          Moderators
          wrote on last edited by Wesly.Zhang
          #4

          <p>@xzz123</p>
          <p></p>
          <p>Somethings wrong or ... I still doesn't  reproduce this behavior. Interesting......</p>
          <p></p>
          <p><img src="https://cloud.qainfo.ru/index.php/apps/files_sharing/ajax/publicpreview.php?x=1858&amp;y=664&amp;a=true&amp;file=2018-06-30_162935.png&amp;t=fsBvbnFK42DwyO1&amp;scalingup=0" alt="" width="1273" height="664" /></p>
          <p></p>
          <p><img src="https://cloud.qainfo.ru/index.php/apps/files_sharing/ajax/publicpreview.php?x=1858&amp;y=664&amp;a=true&amp;file=2018-06-30_163115.png&amp;t=S2P8Wn8OmxGSNGc&amp;scalingup=0" alt="" width="1028" height="636" /></p>
          <p></p>
          <p>Waiting for KL response.</p>

          Go! The world ! 💪 Our CD8/CD4 T lymphocytes are on their way to destroy the new tubular virus.😠
          If I don't reply your post here, Please send a PM in KL Community forum or post a E-Mail ( wesly.zhang@qq.com ) to notice me.

          1 Reply Last reply
          0
          • xzz123X xzz123

            <p>@wesly-zhang</p>
            <p>This link should work</p>
            <div id="f_sha1"><a href="https://www.lanzous.com/i1bhydg" target="_blank" rel="noopener">https://www.lanzous.com/i1bhydg</a></div>
            <div>Choose one of three orange button so that download will begin》</div>
            <div>And</div>
            <div>30.06.2018 14.34.06;Detected object (file) cannot be disinfected;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=//MEMZ/Geometry dash auto speedhack.bat;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=//MEMZ/Geometry dash auto speedhack.bat;Trojan.BAT.Memz.b;Trojan program;06/30/2018 14:34:0630.06.2018</div>
            <div>14.34.06;</div>
            <div></div>
            <div>Clean object (file) moved to Quarantine by the user;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=;https://development56.baidupan.com/2018063014bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=PV0QpJywr3_BKXYev9Ryyg&amp;q=MEMZ.zip&amp;e=1530342444&amp;ip=223.11.177.84&amp;fi=3943706&amp;up=;06/30/2018 14:34:06</div>

            Wesly.ZhangW Offline
            Wesly.ZhangW Offline
            Wesly.Zhang
            Moderators
            wrote on last edited by
            #5

            <p>@xzz123</p>
            <p></p>
            <p>If this behavior could be reproduced stably, Try to clear ichecker and iswift database. After do that, check again.</p>
            <p></p>
            <p>Settings -> Protection -> File-Antivirus -> Advanced settings -> uncheck ichecker and iswift technology-> recheck them.</p>
            <p></p>
            <p></p>
            <p></p>

            Go! The world ! 💪 Our CD8/CD4 T lymphocytes are on their way to destroy the new tubular virus.😠
            If I don't reply your post here, Please send a PM in KL Community forum or post a E-Mail ( wesly.zhang@qq.com ) to notice me.

            1 Reply Last reply
            0
            • xzz123X xzz123

              <p><strong>Reproduction steps:</strong></p>
              <p><span></span>Visit a virus link and avp block the download</p>
              <p><strong>Actual result:</strong></p>
              <p><span></span>Web AV give a incorrect report that Clean Object moved to quarantine</p>
              <p><strong>Expected Result:</strong></p>
              <p><span></span>Web AV only report Object Blocked</p>
              <p></p>
              <p>see screenshot about the incorrect report</p>
              <p><img src="forum.kaspersky.com/uploads/monthly_2018_06/screenshot.thumb.jpg.bf5ca1553585399aaddd090e6c3a54b6.jpg" alt="" /><img src="https://forum.kaspersky.com/uploads/monthly_2018_06/screenshot.thumb.jpg.bf5ca1553585399aaddd090e6c3a54b6.jpg" alt="" width="1000" height="619" /></p>
              <p></p>
              <p>This is a link that you can used to reproduce. Actually any malicious link is ok.</p>
              <p>http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D</p>
              <p></p>
              <p>upload traces and the screenshot:</p>
              <p>https://cloud.qainfo.ru/s/LPcLJbautATgiZ5</p>

              Ilya.ZadonskyI Offline
              Ilya.ZadonskyI Offline
              Ilya.Zadonsky
              Kaspersky Lab
              wrote on last edited by
              #6

              <p>Are there any changes after following the recommendations from the message above?</p>

              xzz123X 1 Reply Last reply
              0
              • Ilya.ZadonskyI Ilya.Zadonsky

                <p>Are there any changes after following the recommendations from the message above?</p>

                xzz123X Offline
                xzz123X Offline
                xzz123
                Moderators
                wrote on last edited by
                #7

                <p>@ilya-zadonsky</p>
                <p>Negative, sir.</p>
                <p><img src="plugins/nodebb-plugin-composer-kl/vendor/tinymce/plugins/emoticons/img/smiley-cry.gif" alt="cry" /></p>

                Wesly.ZhangW 1 Reply Last reply
                0
                • xzz123X xzz123

                  <p>@ilya-zadonsky</p>
                  <p>Negative, sir.</p>
                  <p><img src="plugins/nodebb-plugin-composer-kl/vendor/tinymce/plugins/emoticons/img/smiley-cry.gif" alt="cry" /></p>

                  Wesly.ZhangW Offline
                  Wesly.ZhangW Offline
                  Wesly.Zhang
                  Moderators
                  wrote on last edited by Wesly.Zhang
                  #8

                  <p>@xzz123</p>
                  <p></p>
                  <p>According to the traces, AVP collectly detected "<a href="http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D//mv_sophia_docs/mv_sophia_docs.exe&quot;" target="_blank" rel="noopener">http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D//mv_sophia_docs/mv_sophia_docs.exe"</a> as "Backdoor.Win32.Androm.qbms", But failed to deal with it. Does this issue only happened in "360Chrome/ 360极速浏览器" browsers?</p>
                  <hr />
                  <p>21:54:34.677 0x8 INF aveng asl_trace: leave DetectReportPost Backdoor.Win32.Androm.qbms</p>
                  <p>21:54:34.677 0x8 INF aveng asl_trace: enter DetectProcessDone Backdoor.Win32.Androm.qbms</p>
                  <p>21:54:34.677 0x8 INF aveng asl_link: objId:0190a918</p>
                  <p>21:54:34.677 0x8 INF aveng asl_trace: leave DetectProcessDone Backdoor.Win32.Androm.qbms</p>
                  <p>21:54:34.677 0x8 INF aveng AVP !EMU (DT)</p>
                  <p><span style="color: #ff0000;"><strong>21:54:34.677 0x8 INF avs aveng Cancel (req) : 0x80000051</strong></span></p>
                  <p><span style="color: #ff0000;"><strong>21:54:34.677 0x8 INF aveng USR CANCEL 0x80000051</strong></span></p>
                  <p><span style="color: #ff0000;"><strong>21:54:34.677 0x8 WRN aveng PROC CANCEL: Usr</strong></span></p>
                  <p>21:54:34.677 0x8 WRN aveng PROC EF:0x10000 Cnc</p>
                  <p>21:54:34.677 0x8 WRN aveng PROC ST:0x80000051</p>
                  <p>21:54:34.677 0x8 WRN aveng AM PROCESS_FINISH #0 !ERR:0x80000051</p>
                  <p>21:54:34.677 0x8 WRN aveng AM PROCESS_OBJECT_END #0 !ERR:0x80000051</p>
                  <p>21:54:34.677 0x8 WRN aveng AVP CANCELED</p>
                  <p>21:54:34.677 0x8 INF aveng AVP LEAVE <a href="http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D//mv_sophia_docs/mv_sophia_docs.exe" target="_blank" rel="noopener">http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D//mv_sophia_docs/mv_sophia_docs.exe</a></p>
                  <p>Do you set some ignored message in KL Product settings? Restore all notification message in KL Settings and use IE browser to check this issue again.</p>

                  Go! The world ! 💪 Our CD8/CD4 T lymphocytes are on their way to destroy the new tubular virus.😠
                  If I don't reply your post here, Please send a PM in KL Community forum or post a E-Mail ( wesly.zhang@qq.com ) to notice me.

                  xzz123X 1 Reply Last reply
                  0
                  • Wesly.ZhangW Wesly.Zhang

                    <p>@xzz123</p>
                    <p></p>
                    <p>According to the traces, AVP collectly detected "<a href="http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D//mv_sophia_docs/mv_sophia_docs.exe&quot;" target="_blank" rel="noopener">http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D//mv_sophia_docs/mv_sophia_docs.exe"</a> as "Backdoor.Win32.Androm.qbms", But failed to deal with it. Does this issue only happened in "360Chrome/ 360极速浏览器" browsers?</p>
                    <hr />
                    <p>21:54:34.677 0x8 INF aveng asl_trace: leave DetectReportPost Backdoor.Win32.Androm.qbms</p>
                    <p>21:54:34.677 0x8 INF aveng asl_trace: enter DetectProcessDone Backdoor.Win32.Androm.qbms</p>
                    <p>21:54:34.677 0x8 INF aveng asl_link: objId:0190a918</p>
                    <p>21:54:34.677 0x8 INF aveng asl_trace: leave DetectProcessDone Backdoor.Win32.Androm.qbms</p>
                    <p>21:54:34.677 0x8 INF aveng AVP !EMU (DT)</p>
                    <p><span style="color: #ff0000;"><strong>21:54:34.677 0x8 INF avs aveng Cancel (req) : 0x80000051</strong></span></p>
                    <p><span style="color: #ff0000;"><strong>21:54:34.677 0x8 INF aveng USR CANCEL 0x80000051</strong></span></p>
                    <p><span style="color: #ff0000;"><strong>21:54:34.677 0x8 WRN aveng PROC CANCEL: Usr</strong></span></p>
                    <p>21:54:34.677 0x8 WRN aveng PROC EF:0x10000 Cnc</p>
                    <p>21:54:34.677 0x8 WRN aveng PROC ST:0x80000051</p>
                    <p>21:54:34.677 0x8 WRN aveng AM PROCESS_FINISH #0 !ERR:0x80000051</p>
                    <p>21:54:34.677 0x8 WRN aveng AM PROCESS_OBJECT_END #0 !ERR:0x80000051</p>
                    <p>21:54:34.677 0x8 WRN aveng AVP CANCELED</p>
                    <p>21:54:34.677 0x8 INF aveng AVP LEAVE <a href="http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D//mv_sophia_docs/mv_sophia_docs.exe" target="_blank" rel="noopener">http://bbs.huorong.cn/forum.php?mod=attachment&amp;aid=MzIwNDF8YjZiMmFmN2J8MTUzMDI4MDQzMnwyNzA0N3w0NzcyMA%3D%3D//mv_sophia_docs/mv_sophia_docs.exe</a></p>
                    <p>Do you set some ignored message in KL Product settings? Restore all notification message in KL Settings and use IE browser to check this issue again.</p>

                    xzz123X Offline
                    xzz123X Offline
                    xzz123
                    Moderators
                    wrote on last edited by xzz123
                    #9

                    <p>@wesly-zhang</p>
                    <p>Actually if you can reproduce it, than you can reproduce it in any broswer. Before I already tried Edge broswer.<img src="plugins/nodebb-plugin-composer-kl/vendor/tinymce/plugins/emoticons/img/smiley-smile.gif" alt="smile" /></p>
                    <p>No additinal notification is ignored.</p>
                    <p>And most important, I can not see any relations between a scan error and a Clean Object moved to Quaranteen....</p>

                    1 Reply Last reply
                    0
                    • H Offline
                      H Offline
                      Helios_07
                      wrote on last edited by
                      #10

                      <p>Its reproducable for me, i get the same report: Clean object (file) moved to quarantine by user.</p>
                      <p>Traces: https://cloud.qainfo.ru/s/QCJrqV15nhsYJsy</p>

                      PC:
                      Windows 10 64-bit Version 20H2
                      Build 19042.985
                      Intel Core i10-10900K @ 3,7GHZ
                      32,0 GB-RAM
                      NVIDIA Geforce RTX 2080 TI 11GB
                      KIS 21.4.8.292
                      KPM 9.0.2.15298(o)
                      Forum Signature from 25.May.2021

                      Wesly.ZhangW 1 Reply Last reply
                      0
                      • xzz123X Offline
                        xzz123X Offline
                        xzz123
                        Moderators
                        wrote on last edited by
                        #11

                        <p>This problem also reproduce with 2019 patch(b)</p>

                        Wesly.ZhangW 2 Replies Last reply
                        0
                        • xzz123X xzz123

                          <p>This problem also reproduce with 2019 patch(b)</p>

                          Wesly.ZhangW Offline
                          Wesly.ZhangW Offline
                          Wesly.Zhang
                          Moderators
                          wrote on last edited by Wesly.Zhang
                          #12

                          <p>@xzz123</p>
                          <p></p>
                          <p>Yeah~ I see now. Sorry for my mistake. This issue happen on "Detected object" in Detail report. Ya... It seems AVP do not deal with some item and filter it.</p>
                          <div>
                          <div><span></span></div>
                          <div><span>ThreatsManagement::GetThreatsByIDs: Threat: </span><span>https://development56.baidupan.com/2018063016bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=XyfWJl_YHSw8cbaBzqQMnA&amp;q=MEMZ.zip&amp;e=1530349352&amp;ip=124.79.173.114&amp;fi=3943706&amp;up</span><span>= detect: status: <span style="color: #ff0000;"><strong>Clear object</strong></span> type: 0x0 rollback made: 0x0 couldBeRestored: 0x0, object size: 0x0, parent: <span style="color: #000000;">0x0</span></span></div>
                          </div>
                          <p></p>
                          <p>When a threat local in the zip,rar,7zip or some compressed package (parent directory ), AVP don't process its log to filter/hide or improve the log event about the processing state of the thread in compressed package to list in Detected Object window. Maybe It is a beta version, So they haven't dealt with it yet.</p>
                          <div>
                          <div><span></span></div>
                          <div>ThreatsManagement::GetThreatsByIDs: Threat: https://development56.baidupan.com/2018063016bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=XyfWJl_YHSw8cbaBzqQMnA&amp;q=MEMZ.zip&amp;e=1530349352&amp;ip=124.79.173.114&amp;fi=3943706&amp;up= detect: status: <span style="color: #339966;">Blocked</span> type: 0x0 rollback made: 0x0 couldBeRestored: 0x0, object size: 0x0, parent: <span style="color: #000000;">0x0</span></div>
                          </div>
                          <p></p>
                          <p></p>
                          <pre class="language-markup"><code>15:08:09.326 0xa50 INF SqliteDataDb sqlite query processed: 'select "value","expirationTime","insertionTime" from "Data" where "key" = x'010000008cb9fed65c02';'
                          15:08:09.326 0xa50 INF SqliteCache Value not found in cache
                          15:08:09.326 0xa50 ERR amfcd RollbackInfoManager::GetRollbackInfo: Unable to retrieve object from storage. Error code: 0x8000004c
                          15:08:09.326 0xa50 INF amfcd ThreatsManagement::GetThreatsByIDs: Threat: https://development56.baidupan.com/2018063016bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=XyfWJl_YHSw8cbaBzqQMnA&amp;q=MEMZ.zip&amp;e=1530349352&amp;ip=124.79.173.114&amp;fi=3943706&amp;up= detect: status: Clear object type: 0x0 rollback made: 0x0 couldBeRestored: 0x0, object size: 0x0, parent: 0x0
                          15:08:09.326 0xa50 INF amfcd RollbackInfoProvider::GetRollbackInfo: Enter. Threat 0x3
                          15:08:09.326 0xa50 INF SqliteDataDb sqlite query processed: 'select "value","expirationTime","insertionTime" from "Data" where "key" = x'010000008cb9fed65c03';'
                          15:08:09.326 0xa50 INF SqliteCache Value not found in cache
                          15:08:09.326 0xa50 ERR amfcd RollbackInfoManager::GetRollbackInfo: Unable to retrieve object from storage. Error code: 0x8000004c
                          15:08:09.326 0xa50 INF amfcd ThreatsManagement::GetThreatsByIDs: Threat: https://development56.baidupan.com/2018063016bb/2018/06/30/a1130b5f1df6829365e96162d69cace9.zip?st=XyfWJl_YHSw8cbaBzqQMnA&amp;q=MEMZ.zip&amp;e=1530349352&amp;ip=124.79.173.114&amp;fi=3943706&amp;up=//MEMZ/Geometry dash auto speedhack.bat detect: Trojan.BAT.Memz.b status: Untreatable object type: 0x0 rollback made: 0x0 couldBeRestored: 0x0, object size: 0x0, parent: 0x2
                          15:08:09.326 0xa50 INF amfcd RollbackInfoProvider::GetRollbackInfo: Enter. Threat 0x4</code></pre>

                          Go! The world ! 💪 Our CD8/CD4 T lymphocytes are on their way to destroy the new tubular virus.😠
                          If I don't reply your post here, Please send a PM in KL Community forum or post a E-Mail ( wesly.zhang@qq.com ) to notice me.

                          1 Reply Last reply
                          0
                          • H Helios_07

                            <p>Its reproducable for me, i get the same report: Clean object (file) moved to quarantine by user.</p>
                            <p>Traces: https://cloud.qainfo.ru/s/QCJrqV15nhsYJsy</p>

                            Wesly.ZhangW Offline
                            Wesly.ZhangW Offline
                            Wesly.Zhang
                            Moderators
                            wrote on last edited by
                            #13

                            <p>@helios_07</p>
                            <p></p>
                            <p>Yes, You are right, Me too, now. <img src="../../../plugins/nodebb-plugin-composer-kl/vendor/tinymce/plugins/emoticons/img/smiley-wink.gif" alt="wink" /></p>

                            Go! The world ! 💪 Our CD8/CD4 T lymphocytes are on their way to destroy the new tubular virus.😠
                            If I don't reply your post here, Please send a PM in KL Community forum or post a E-Mail ( wesly.zhang@qq.com ) to notice me.

                            1 Reply Last reply
                            0
                            • xzz123X xzz123

                              <p>This problem also reproduce with 2019 patch(b)</p>

                              Wesly.ZhangW Offline
                              Wesly.ZhangW Offline
                              Wesly.Zhang
                              Moderators
                              wrote on last edited by
                              #14

                              <p>@xzz123 said in Web_Antivirus_give_incorrect_report_'Clean Object Move to Quarantine': ></p>
                              <p>This problem also reproduce with 2019 patch(b)</p>
                              <p></p>
                              <p>Really? Oops...</p>

                              Go! The world ! 💪 Our CD8/CD4 T lymphocytes are on their way to destroy the new tubular virus.😠
                              If I don't reply your post here, Please send a PM in KL Community forum or post a E-Mail ( wesly.zhang@qq.com ) to notice me.

                              1 Reply Last reply
                              0
                              • xzz123X Offline
                                xzz123X Offline
                                xzz123
                                Moderators
                                wrote on last edited by
                                #15

                                <p>Issue not fixed in build 554.</p>
                                <p>can be reproduced in 2018 version</p>

                                1 Reply Last reply
                                0
                                Reply
                                • Reply as topic
                                Log in to reply
                                • Oldest to Newest
                                • Newest to Oldest
                                • Most Votes


                                • Login

                                • Don't have an account? Register

                                • Login or register to search.
                                • First post
                                  Last post
                                0
                                • Categories
                                • KForum
                                • KClub
                                • KClub Discord