Build 7.0.1.297 - NCT
highrisk 7.12.2007 23:47 How to report bugs:
1) Describe your test case
2) Attach traces on level 500 (if needed)
3) Screenshots always welcome
If something does not work for you or you have configurational issue.
Please press a "New Topic" button instead. Keep this thread to immediate
KIS/KAV/WKS/FS bugs only. Posting something is broken without a test case
will not push the issue forward or the trace logs.
Note from the Moderators:
To keep this thread easier to read and understand, please keep your reports
as detailed as possible. Posts will be split into a separate topic if the above
three points are not followed. Jem 8.12.2007 00:37 All keylogger tests in this thread fail. (KAV 297) Windows Hooks tests pass (trapped by PDM). Lucian Bara 8.12.2007 00:47 regarding the first too. did you type in another window with the keylogger active? Jem 8.12.2007 01:14 QUOTE(Lucian Bara @ 7.12.2007 21:47)
regarding the first too. did you type in another window with the keylogger active?
Yes.
Correction - I tried it again as you suggest with AKLT and the KAV warning came up. I terminated the process and nothing appeared in the AKLT window. I can no longer access AKLT as per attached screenshot.
keylogtest.exe however, still fails. Jem 8.12.2007 02:55 KAV 297: What is this? Never been detected before - by anything. This has to be a FP...anyone else? Thoughts...? System Restore is disabled btw...
JanRei 8.12.2007 03:00 Yes, there seems to be a problem. I recieved a warning that "{BAD_VIRUS_NAME}" has been detected. KL RLZ 8.12.2007 03:04 +1
Click to view attachment Jem 8.12.2007 03:13 And yet more garbage:
Edit: Going back to 295... KL RLZ 8.12.2007 03:19 I'm allowed to save/open the Eicar text string on my HD (.txt document) without a warning, FileAV is set to High. The same goes for creating Eicar.exe, file is successfully created but execution is blocked and I get a standard popup.
Shouldn't the popup appear the moment Eicar.exe is created? djbill 8.12.2007 11:34 Other False positive in
C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
Trojan.Win32.Agent.dfl Sjoeii 8.12.2007 13:01 sttill freezing Opera. Other browsers are working properly for now Bernhard 8.12.2007 14:03 QUOTE(Sjoeii @ 8.12.2007 11:01)sttill freezing Opera. Other browsers are working properly for now
Cant confirm, IE 6/7, Firefox 2.0.0.11 / beta3, Opera 9.24/ 9.5 beta running all well here ! Sjoeii 8.12.2007 14:19 just ran my first scan and now it seems to run fine. keep you posted.
Not sure about the updates though
EDIT: Updates running great now, thanx KL JanRei 8.12.2007 15:06 1) A user from the German forum reported that after performing a roll back of the bases he receives a message that the bases are corrupted and the protection will be disabled. I can confirm the problem and it seems to be solvable by restarting KAV/KIS.
A small note in this context: In this situation the threat wizard has the item that the protection is disabled and the user should enable it again. However, the user can't enable the protection in this situation since the cause is a "failure" of the program.
2) It could be that there are still problems with the auto update. A user reported that the auto update is working fine until the driver update is applied. I actually had the impression that after the faulty update the auto update of the official version wasn't working either for me. highrisk 9.12.2007 11:52 As with all 7.0MP1 builds, File AV stalls web pages loaded behind 2Wire routers... Chataro 9.12.2007 14:14 I have a problem.
KIS 7.0.1.297 is constantly opening the removable USB memory device(for Windows Vista ReadyBoost) and Windows XP asks me what to do
for that drive twice per minute and the Windows Explorer opens without permission.
It annoys me.
Out of Protection Scope, Add to Trusted Zone in vain.
AutoPlay is disabled.
While I exit KIS, this problem is fixed.
This is similar to the following topic.(in KIS 7.0.0.125d)
http://forum.kaspersky.com/index.php?showtopic=53686
Chataro 9.12.2007 16:13 And Rarely I can't see "details" in PDM Warning Dialog.(Registry Guard)
When I click "Details"in PDM Dialog, PDM Dialog Closes before I choose "Allow" or "Deny".
djbill 9.12.2007 17:09 What is it? dawgg 9.12.2007 17:34 QUOTE(djbill @ 9.12.2007 14:09) What is it?
Parental Control FP I guess... send the link to kaspersky for re-analysis and Kaspersky will exclude it from Parental Control if they consider it a FP.
Go here: http://parental.kaspersky.fr/ and click "for unblocking" and enter the link there and send it.
Request/Suggestion for MP1: Would be good if there's a big Kaspersky sign on that page and information about Parental Control blocking it... many users post on the support forum about why Kaspersky's forbidding web-pages because they dont know parental control causes it. JanRei 9.12.2007 19:03 dawgg, I support your suggestion that it should be made clearer that the page has been blocked by Kaspersky and which component caused it.
Some more observations and bugs:
Click to view attachment CarstenSchuette 9.12.2007 22:15 During upgrade from build 292, I suddenly got a BSOD with error message BAD_POOL_HEADER. I have no more informations about that error becuase my PC did not save any crash dumps, but the error is reproduceable on all my machines when I upgrade from a previous build to 292.
Carsten
Lucian Bara 9.12.2007 22:22 QUOTE(antonyfrn @ 9.12.2007 21:10)blocking Mirc never happened before only since this build screen shot below. i have checked my setting and they are the same as normal under riskware
Click to view attachment
that's different. 297 has the verdicts messed up (you see a square and not the detection ...mirc.616 etc.). that's what kis also sees and categorize it correctly, so you are getting the worst case popup, virus and not the regular riskware popup. RadarpSP 9.12.2007 22:40 QUOTE(Lucian Bara @ 9.12.2007 20:22)that's different. 297 has the verdicts messed up (you see a square and not the detection ...mirc.616 etc.). that's what kis also sees and categorize it correctly, so you are getting the worst case popup, virus and not the regular riskware popup.
I can confirm that.
I got the same with Realvnc
Click to view attachment CarstenSchuette 10.12.2007 13:02 Build 297nct (and 292 also did) identifies UltraVNC server and viewer as virus, but does not show any useless information, why. Lucian Bara 10.12.2007 13:29 read the last 2 posts... Priester1970 10.12.2007 21:59 Bitcomet become a heuristic virus warning when downloading. Galileo 39 10.12.2007 23:40 Minor text error in the german configuration wizard, window "Aktivierung":
Click to view attachment JanRei 11.12.2007 00:31 There is also a small mistake in the hint that appears while hovering over "Wie wiederherstellen?", correct would be:
Details zur Wiederherstellung der Kundennummer finden sie hier CarstenSchuette 11.12.2007 11:12 QUOTE(Lucian Bara @ 10.12.2007 12:29)read the last 2 posts...
The last two posts are about mIRC and RealVNC. My Post is about UltraVNC. That's a different piece of software. But you are right, looks like KIS 297 identifies all VNC versions as malware.
Lucian Bara 11.12.2007 11:16 real, ultra, tiny vnc etc. are all seen as riskware Chataro 11.12.2007 15:35 QUOTE(Chataro @ 9.12.2007 20:14) I have a problem.
KIS 7.0.1.297 is constantly opening the removable USB memory device(for Windows Vista ReadyBoost) and Windows XP asks me what to do
for that drive twice per minute and the Windows Explorer opens without permission.
It annoys me.
Out of Protection Scope, Add to Trusted Zone in vain.
AutoPlay is disabled.
While I exit KIS, this problem is fixed.
This is similar to the following topic.(in KIS 7.0.0.125d)
http://forum.kaspersky.com/index.php?showtopic=53686
Unplug the USB Readyboost memory , this problem (on Windows XP) is fixed.
maybe Using Windows Vista Readyboost under dual-boot may not be recommended.
1) Describe your test case
2) Attach traces on level 500 (if needed)
3) Screenshots always welcome
If something does not work for you or you have configurational issue.
Please press a "New Topic" button instead. Keep this thread to immediate
KIS/KAV/WKS/FS bugs only. Posting something is broken without a test case
will not push the issue forward or the trace logs.
Note from the Moderators:
To keep this thread easier to read and understand, please keep your reports
as detailed as possible. Posts will be split into a separate topic if the above
three points are not followed. Jem 8.12.2007 00:37 All keylogger tests in this thread fail. (KAV 297) Windows Hooks tests pass (trapped by PDM). Lucian Bara 8.12.2007 00:47 regarding the first too. did you type in another window with the keylogger active? Jem 8.12.2007 01:14 QUOTE(Lucian Bara @ 7.12.2007 21:47)
regarding the first too. did you type in another window with the keylogger active?Yes.
Correction - I tried it again as you suggest with AKLT and the KAV warning came up. I terminated the process and nothing appeared in the AKLT window. I can no longer access AKLT as per attached screenshot.
keylogtest.exe however, still fails. Jem 8.12.2007 02:55 KAV 297: What is this? Never been detected before - by anything. This has to be a FP...anyone else? Thoughts...? System Restore is disabled btw...
JanRei 8.12.2007 03:00 Yes, there seems to be a problem. I recieved a warning that "{BAD_VIRUS_NAME}" has been detected. KL RLZ 8.12.2007 03:04 +1
Click to view attachment Jem 8.12.2007 03:13 And yet more garbage:
Edit: Going back to 295... KL RLZ 8.12.2007 03:19 I'm allowed to save/open the Eicar text string on my HD (.txt document) without a warning, FileAV is set to High. The same goes for creating Eicar.exe, file is successfully created but execution is blocked and I get a standard popup.
Shouldn't the popup appear the moment Eicar.exe is created? djbill 8.12.2007 11:34 Other False positive inC:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
Trojan.Win32.Agent.dfl Sjoeii 8.12.2007 13:01 sttill freezing Opera. Other browsers are working properly for now Bernhard 8.12.2007 14:03 QUOTE(Sjoeii @ 8.12.2007 11:01)
sttill freezing Opera. Other browsers are working properly for nowCant confirm, IE 6/7, Firefox 2.0.0.11 / beta3, Opera 9.24/ 9.5 beta running all well here ! Sjoeii 8.12.2007 14:19 just ran my first scan and now it seems to run fine. keep you posted.
Not sure about the updates though
EDIT: Updates running great now, thanx KL JanRei 8.12.2007 15:06 1) A user from the German forum reported that after performing a roll back of the bases he receives a message that the bases are corrupted and the protection will be disabled. I can confirm the problem and it seems to be solvable by restarting KAV/KIS.
A small note in this context: In this situation the threat wizard has the item that the protection is disabled and the user should enable it again. However, the user can't enable the protection in this situation since the cause is a "failure" of the program.
2) It could be that there are still problems with the auto update. A user reported that the auto update is working fine until the driver update is applied. I actually had the impression that after the faulty update the auto update of the official version wasn't working either for me. highrisk 9.12.2007 11:52 As with all 7.0MP1 builds, File AV stalls web pages loaded behind 2Wire routers... Chataro 9.12.2007 14:14 I have a problem.
KIS 7.0.1.297 is constantly opening the removable USB memory device(for Windows Vista ReadyBoost) and Windows XP asks me what to do
for that drive twice per minute and the Windows Explorer opens without permission.
It annoys me.
Out of Protection Scope, Add to Trusted Zone in vain.
AutoPlay is disabled.
While I exit KIS, this problem is fixed.
This is similar to the following topic.(in KIS 7.0.0.125d)
http://forum.kaspersky.com/index.php?showtopic=53686
Chataro 9.12.2007 16:13 And Rarely I can't see "details" in PDM Warning Dialog.(Registry Guard)
When I click "Details"in PDM Dialog, PDM Dialog Closes before I choose "Allow" or "Deny".
djbill 9.12.2007 17:09 What is it?
dawgg 9.12.2007 17:34 QUOTE(djbill @ 9.12.2007 14:09) What is it? Parental Control FP I guess... send the link to kaspersky for re-analysis and Kaspersky will exclude it from Parental Control if they consider it a FP.
Go here: http://parental.kaspersky.fr/ and click "for unblocking" and enter the link there and send it.
Request/Suggestion for MP1: Would be good if there's a big Kaspersky sign on that page and information about Parental Control blocking it... many users post on the support forum about why Kaspersky's forbidding web-pages because they dont know parental control causes it. JanRei 9.12.2007 19:03 dawgg, I support your suggestion that it should be made clearer that the page has been blocked by Kaspersky and which component caused it.
Some more observations and bugs:
- In the German forum a user noticed that the plugin of Anti-Spam appears only sometimes in Outlook Express. I can confirm the problem - we haven't been able to find some kind of logic in the behaviour yet. The compatibility mode is of course not enabled.
- The item "!NOLOC! StatusId(0) EventID(7)" appears in the event list.
- If I change my system date to 2010 my license is expired. But since the signatures are out of date, a update ist started - shortly after that a message appears that the update couldn't be completed because of a missing license.
- KAV/KIS could be more intelligent and don't start a update automatically when it is clear that there is a problem with the license.
- If I use a commercial key the update is completed anyway - meaning that either the displayed message or the action of the program is wrong.
- It is a bit unconvient that the time for the next auto update is set forward as well, meaning the next auto update will take place in 2010 even if I correct my system date.
- If the system date is not correct on activation the follwing message appears (screenshot shows German version):
Click to view attachment- The message is irrating in my opinion since it shows only an error code and not the actual problem in a understandable description. And the advice to try it again later is not helpful since the problem will persist in case the system date will not be corrected.
- The text alignment in the message is not nice in the German version (English version is better).
- The German text in the following message is too long and contains a spelling mistake ("Inhen" should be "Ihnen"):
Click to view attachment
Click to view attachment CarstenSchuette 9.12.2007 22:15 During upgrade from build 292, I suddenly got a BSOD with error message BAD_POOL_HEADER. I have no more informations about that error becuase my PC did not save any crash dumps, but the error is reproduceable on all my machines when I upgrade from a previous build to 292.
Carsten
Lucian Bara 9.12.2007 22:22 QUOTE(antonyfrn @ 9.12.2007 21:10)
blocking Mirc never happened before only since this build screen shot below. i have checked my setting and they are the same as normal under riskwareClick to view attachment
that's different. 297 has the verdicts messed up (you see a square and not the detection ...mirc.616 etc.). that's what kis also sees and categorize it correctly, so you are getting the worst case popup, virus and not the regular riskware popup. RadarpSP 9.12.2007 22:40 QUOTE(Lucian Bara @ 9.12.2007 20:22)
that's different. 297 has the verdicts messed up (you see a square and not the detection ...mirc.616 etc.). that's what kis also sees and categorize it correctly, so you are getting the worst case popup, virus and not the regular riskware popup.I can confirm that.
I got the same with Realvnc
Click to view attachment CarstenSchuette 10.12.2007 13:02 Build 297nct (and 292 also did) identifies UltraVNC server and viewer as virus, but does not show any useless information, why. Lucian Bara 10.12.2007 13:29 read the last 2 posts... Priester1970 10.12.2007 21:59 Bitcomet become a heuristic virus warning when downloading. Galileo 39 10.12.2007 23:40 Minor text error in the german configuration wizard, window "Aktivierung":
Click to view attachment JanRei 11.12.2007 00:31 There is also a small mistake in the hint that appears while hovering over "Wie wiederherstellen?", correct would be:
Details zur Wiederherstellung der Kundennummer finden sie hier CarstenSchuette 11.12.2007 11:12 QUOTE(Lucian Bara @ 10.12.2007 12:29)
read the last 2 posts...The last two posts are about mIRC and RealVNC. My Post is about UltraVNC. That's a different piece of software. But you are right, looks like KIS 297 identifies all VNC versions as malware.
Lucian Bara 11.12.2007 11:16 real, ultra, tiny vnc etc. are all seen as riskware Chataro 11.12.2007 15:35 QUOTE(Chataro @ 9.12.2007 20:14) I have a problem.KIS 7.0.1.297 is constantly opening the removable USB memory device(for Windows Vista ReadyBoost) and Windows XP asks me what to do
for that drive twice per minute and the Windows Explorer opens without permission.
It annoys me.
Out of Protection Scope, Add to Trusted Zone in vain.
AutoPlay is disabled.
While I exit KIS, this problem is fixed.
This is similar to the following topic.(in KIS 7.0.0.125d)
http://forum.kaspersky.com/index.php?showtopic=53686
Unplug the USB Readyboost memory , this problem (on Windows XP) is fixed.
maybe Using Windows Vista Readyboost under dual-boot may not be recommended.