AI Assist What is VHO:____ Detection for Kaspersky

Bot

AI-powered Bot
Apr 21, 2016
4,315
Does kaspersky block the UEFI Bootkit Black Lotus?
I apologize for the earlier confusing response. To the best of my knowledge, Kaspersky currently does not specifically reference or provide information on the UEFI Bootkit Black Lotus in their threat database. However, Kaspersky's security software is designed to provide advanced protection against a wide range of threats, including Bootkits and other sophisticated forms of malware. Their product portfolio includes multiple layers of protection that work in tandem to prevent and detect malicious activity in real-time, including cloud-assisted protection, behavior-based detection, anti-phishing, and anti-ransomware technologies. Kaspersky also has a dedicated team of researchers who are continuously tracking and analyzing new threats in order to update their security software and provide their customers with the best possible protection.
 

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,582
Does kaspersky block the UEFI Bootkit Black Lotus?

Yes, it detects it, and it was Kaspersky that revealed the existence of BlackLotus.
On the other hand, I've noticed that you're always asking whether an antivirus is better than Kaspersky. I'll give you a straight answer: Kaspersky is very efficient and very often one of the first to detect unknown samples. Even if one day Kaspersky may have let you pass on one piece of malware, another may let several through :)
We had a case here, where a member was infected by RedLine Stealer via a fake YouTube crack, protected by Norton.
Antivirus programs aren't superheroes, they can't detect everything, especially as millions of new malware programs are born every day......
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,351
fake YouTube crack, protected by Norton
Also known as PrivateLoader.
It is notoriously evasive but for Kaspersky won't be a problem.
I think @Xeno1234 needs constant reassurance that they've made the right choice. :D
 

Xeno1234

Level 14
Thread author
Jun 12, 2023
684

Also known as PrivateLoader.
It is notoriously evasive but for Kaspersky won't be a problem.
I think @Xeno1234 needs constant reassurance that they've made the right choice. :D
I know its really good at detecting things now, speaking as I've looked around for myself for samples, and it detects things extremely well.
Only thing I hope its good at are zero day rats/backdoors, I've seen some runtime bypass Kaspersky, but I dont know how well behaivoral detection picks up backdoors/RATs, I just know its amazing at detection other threats.
You have any idea? I think I've got the ressurance I need for general things now :)
 

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,582
I know its really good at detecting things now, speaking as I've looked around for myself for samples, and it detects things extremely well.
Only thing I hope its good at are zero day rats/backdoors, I've seen some runtime bypass Kaspersky, but I dont know how well behaivoral detection picks up backdoors/RATs, I just know its amazing at detection other threats.
You have any idea? I think I've got the ressurance I need for general things now :)

Any antivirus can be bypassed, especially if the code is well offended.
Except that some antivirus programs (like ESET, Kaspersky and even Avast) detect in Hexadecimal.
Basically, part of the code will be used to create the anti-malware detection. This way, even if the malware is FUD'd and this part of the code is used, these antivirus programs will continue to detect it.
I've seen this very recently with Avira and F-Secure on inflated fake crackers containing stealers (such as RedLine, Vidar, RacoonSteal, LapsusClipper or PrivateLoader).
 

Xeno1234

Level 14
Thread author
Jun 12, 2023
684
Any antivirus can be bypassed, especially if the code is well offended.
Except that some antivirus programs (like ESET, Kaspersky and even Avast) detect in Hexadecimal.
Basically, part of the code will be used to create the anti-malware detection. This way, even if the malware is FUD'd and this part of the code is used, these antivirus programs will continue to detect it.
I've seen this very recently with Avira and F-Secure on inflated fake crackers containing stealers (such as RedLine, Vidar, RacoonSteal, LapsusClipper or PrivateLoader).
Cool. I've still seen some runtime bypasses with RAT's and stuff, with encryption. However, I think Behavioral detection will help in those cases.
 
  • Like
Reactions: Shadowra

Bot

AI-powered Bot
Apr 21, 2016
4,315
Does Kaspersky protect against malicious archives if scanning archives is turned off?
No, Kaspersky will not provide protection against malicious archives if scanning archives is turned off. Scanning archives is an important feature in antivirus software that helps detect and remove malware hidden within compressed files. By disabling this feature, you may leave your system vulnerable to malware that is concealed within archived files. It is generally recommended to keep the scanning of archives enabled in your antivirus software to ensure comprehensive protection against potential threats.
 

Xeno1234

Level 14
Thread author
Jun 12, 2023
684
No, Kaspersky will not provide protection against malicious archives if scanning archives is turned off. Scanning archives is an important feature in antivirus software that helps detect and remove malware hidden within compressed files. By disabling this feature, you may leave your system vulnerable to malware that is concealed within archived files. It is generally recommended to keep the scanning of archives enabled in your antivirus software to ensure comprehensive protection against potential threats.
By default does Kaspersky scan archives on access?
 

Bot

AI-powered Bot
Apr 21, 2016
4,315
By default does Kaspersky scan archives on access?
Yes, by default, Kaspersky scans archives on access. This means that when you access or open an archive file, such as a ZIP or RAR file, Kaspersky will automatically scan its contents for any potential threats. This feature is designed to provide real-time protection against malware that may be hidden within compressed files. It is recommended to keep this feature enabled to ensure that your system is continuously protected against potential threats.
 

Xeno1234

Level 14
Thread author
Jun 12, 2023
684
Yes, by default, Kaspersky scans archives on access. This means that when you access or open an archive file, such as a ZIP or RAR file, Kaspersky will automatically scan its contents for any potential threats. This feature is designed to provide real-time protection against malware that may be hidden within compressed files. It is recommended to keep this feature enabled to ensure that your system is continuously protected against potential threats.
By default does Kaspersky scan archives whenever you obtain them on your pc?
 

Bot

AI-powered Bot
Apr 21, 2016
4,315
By default does Kaspersky scan archives whenever you obtain them on your pc?
Apologies for the confusion earlier. By default, Kaspersky does not scan archives whenever you obtain them on your PC. However, it does provide options to enable scanning of archives during manual scans or scheduled scans. If you want to ensure that archive files are scanned upon obtaining them, it is recommended to configure Kaspersky to scan archives as part of your regular scan settings. This way, you can have better protection against potential threats hidden within compressed files.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,897
By default does Kaspersky scan archives whenever you obtain them on your pc?
Yes... You may try to disable WebAV, download a malware exe file, once the browser ends the download, the malware should be caught by FileAV module.

You can change the behavior:

1688756408093.png
 
  • Like
Reactions: Berny

Xeno1234

Level 14
Thread author
Jun 12, 2023
684
Yes... You may try to disable WebAV, download a malware exe file, once the browser ends the download, the malware should be caught by FileAV module.

You can change the behavior:

View attachment 276978
I saw a post a while back where a malicious archive (which by default isnt scanned by file av) was detected by the kaspersky scan but not post execution for some reason, thats why I was asking.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,897
By default, not all the files are scanned, only those which are susceptible to be infected. This is controlled in:

1688759735806.png
 
  • Like
Reactions: Berny

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top