Question Hash of Official KTS 21.3 exe (installer)

Please provide comments and solutions that are helpful to the author of this topic.

Studynxx

Level 4
Thread author
Jan 20, 2023
223
Does Kaspersky store the hash of the official KTS 21.3 (installer) exe somewhere? I've written a script that pulls the installer from a CDN server of Kaspersky, runs it, simulates keystrokes to go thru with the installation and then exit it when installed. However I don't want to download a spoofed installer ie malware accidentally in case that CDN server ever gets hacked into

So I'd need to compare the checksum of this pulled installer executable against the officially disclosed one, and abort the script if they don't match
 
  • Like
Reactions: Khushal

Studynxx

Level 4
Thread author
Jan 20, 2023
223
Since there is no longer offline installer for a while, You should get the online installer... the problem is that 21.3 is already a bit (quite) obsolete version, and will be difficult to find it.
Not sure what the difference between the 2 is. I'm not even sure I fetch the offline installer via my script and the CDN server. If you're referring to Kaspersky Plus, then I remember telling you prior on Kaspersky's forum I cannot use it because its GUI is terrible to me, very hard to navigate. I'm not sure which dev's idea it was to reform the GUI to THAT, but it's absolutely horrid imo.
 
  • Like
Reactions: Khushal

lokamoka820

Level 23
Mar 1, 2024
1,246
Why you want the hash? If you download it from Kaspersky official website you don't need to check the hash, hash checking usually needed for open source projects like Linux ISOs because the mostly published on outsource servers, so they ask users to check the hash to be sure that their products didn't modify, but big companies have their own servers and must be trusted for you as a user as much as you trust their products.
 

Studynxx

Level 4
Thread author
Jan 20, 2023
223
Why you want the hash? If you download it from Kaspersky official website you don't need to check the hash, hash checking usually needed for open source projects like Linux ISOs because the mostly published on outsource servers, so they ask users to check the hash to be sure that their products didn't modify, but big companies have their own servers and must be trusted for you as a user as much as you trust their products.
To make sure that the CDN / FTP server wasn't hacked into and the installer exe is the official one, not malware masquerading itself as such.
Version 21.3 will probably soon stop having support, also it causes many issues (even with lots of patches) that were fixed in the new product line.

There is no offline installer anymore for some time now.
Sure but I haven't had any issues with it other than 1 issue but I solved it using Kaspersky's official forum and I have documented the solution in my internal wiki so I'm good.
 
  • Like
Reactions: Khushal

lokamoka820

Level 23
Mar 1, 2024
1,246
To make sure that the CDN / FTP server wasn't hacked into and the installer exe is the official one, not malware masquerading itself as such.
So you will trust Kaspersky to keep you safe from malware if they can't keep their own servers safe? And even after installation, how will you be sure that no one can hack the servers and send malware with the updates, as happen with CCleaner for example? It is all about trust.

If you want you can use the online installer, security products now use it to give the latest version and to get the official version from their own servers, to avoid modifying source code like in offline installer.
 

Studynxx

Level 4
Thread author
Jan 20, 2023
223
So you will trust Kaspersky to keep you safe from malware if they can't keep their own servers safe? And even after installation, how will you be sure that no one can hack the servers and send malware with the updates, as happen with CCleaner for example? It is all about trust.

If you want you can use the online installer, security products now use it to give the latest version and to get the official version from their own servers, to avoid modifying source code like in offline installer.
But where's the online installer at? Isn't it this


?
 
  • Like
Reactions: Khushal

Studynxx

Level 4
Thread author
Jan 20, 2023
223
Yes, You still can download global KTS online installer there, but probably the installed product sooner or later can auto-update to the new product line...
I mean I don't mind that, let that be. But it IS the online installer I'm fetching thru my script then?
 
  • Like
Reactions: Khushal

lokamoka820

Level 23
Mar 1, 2024
1,246
But where's the online installer at? Isn't it this


?
Yes it is, and if you noticed they modified the page 3 days ago, so the installer checked constantly.
 
  • Like
Reactions: harlan4096

Studynxx

Level 4
Thread author
Jan 20, 2023
223
It's funny as hell to me how the mods on Kaspersky's official forums removed my totally valid post.
 

Studynxx

Level 4
Thread author
Jan 20, 2023
223
Btw they've changed the CDN server since, not like I couldn't just change it to the current one in my script, but it's always a gamble so I'll just pull it from my own file server instead.

It's a shame v21.3 of KTS can't be scripted via batch, as the best I've been able to do is just simulation of keyboard strokes via powershell. And AVPUI.exe cannot be terminated at the end of the process so I'm stuck with having to manually close out the Kaspersky Window at the end of the script as the final step.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top