Exceptions are buggy
-
<p><strong>Windows 10 64-bit, Version 1809</strong></p>
<p><strong>KIS 20.0.0.713 de app + drv verifier disabled</strong></p>
<p><strong>Reproduction steps:</strong></p>
<p><span>I noticed that exceptions are a little buggy. I use the program Process Hacker 2 (https://processhacker.sourceforge.io/), that gets detected by KIS as not a virus...</span></p>
<p><span>Starting with .713 KIS keeps detecting Process hacker files, even when i created exceptions for those files.</span></p>
<p><span>Also some other files get detected with exceptions configured, like an eicar.com file when i try to open that.</span></p>
<p><span>But many times exceptions work well, so i am not sure which part is buggy.</span></p>
<p><span>If you need traces tell me from which situation and i try to provide them.</span><strong></strong></p>
<p><span></span></p>
<p><span>EDIT: I added some traces where KIS detects an eicar file ,i added to exceptions, as soon i try to run it .</span></p> -
<p>@helios_07, hello! </p>
<p>As I can understand </p>
<ul>
<li>you run check first time </li>
<li><span>Process Hacker files are founded and marked as a threat</span></li>
<li><span>you add Process Hacker files to exceptions</span></li>
<li><span>run check for second time</span></li>
<li><span>Process Hacker files are founded and marked as a threat for second time ? </span><span></span></li>
</ul>
<p><span>I had installed Process Hacker from your link, then ran check, add to exceptions and open this program. It opens normally. While new checks KTS doesn't mark Process Hacker as a threat. </span></p>
<p><span></span></p>
<p> </p> -
<p>@dmitriy-pisarets</p>
<p>Basicly as you described. Process Hacker 2 gets detected everytime, i never had this problem during the Beta.</p>
<p>Also works with an eicar.com file like i wrote, but with many other example Malware the exception works fine and KIS wont detect them if i added them to exceptions.</p> -
<p>@dmitriy-pisarets</p>
<p>Those are traces where i scanned the folder where process hacker is installed/where all the files that get detected are in, with exceptions for all those files.</p>
<p>https://cloud.qainfo.ru/s/1Wwctg8HFIFLFyT</p> -
<p>@helios_07, hello!</p>
<p>Developers say they cannot find in last traces moment when you had added <span>Process Hacker to exceptions. Can you try reproduce it from very begging (including adding files to exceptions) with "full" traces? </span></p> -
<p>@dmitriy-pisarets</p>
<p>Scan of the Process Hacker folder without exceptions to detect the files, added to exceptions then scanned again, ignored them, scanned again, added to exceptins again.</p>
<p>https://cloud.qainfo.ru/s/jmQzxbnIv7S3cOo</p> -
<p>@helios_07, thank you!</p>