Advice Request Heimdal Pro disabled by KTS-18, Probably false positive? Or not.

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Hamxa

Level 1
Thread author
Verified
Mar 12, 2018
33
Hello,

Two days, My Kaspersky total security performed an unusual task, It detected some patching by Heimdal Pro as Malware, which eventually disabled Heimdal Pro.
I have not yet started it again, Just to be sure Because I did not understand much out of it. I have contacted Heimdal, But they will be available after the weekend.

Anyway, I have attached a text file, which I exported from my KTS for that event. Can someone review?

Thanks.
 

Attachments

  • Kaspersky Report on Heimdal.txt
    116 KB · Views: 339

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Ofcourse it's a FP. Otherwise I'll join John McAfee and eat a shoe. :giggle:

Btw issue officially solved with Kaspersky.
 
Last edited:

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Holy crap the logs! Kaspersky just ate that Heimdal without any mercy :unsure:

It's pretty much a FP due to Heimdal behaviour. You should always add as exclusions security software.
 

Hamxa

Level 1
Thread author
Verified
Mar 12, 2018
33
It seems, either KTS does not like Heimdal or Heimdal is really doing something nasty. Despite exclusion and white-listing Heimdal in KTS, Not to mention it is in 'trusted apps group'. But KTS literally ate Heimdal without asking me a thing.
Part of me is relieved that KTS is hardcore. But again.. I really like Heimdal GUI :/
 

Attachments

  • KTS report against Heimdal 19-05-18.txt
    46.8 KB · Views: 319

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
It seems the detection is reported to a .bat file, and then a script that may perform also malicious operations, and in this case, the term "trojan generic" is referring to files that may have malicious behavior.
But if your copy of Hemidal is genuine, it is a FP.
 
F

ForgottenSeer 69673

You could always turn Kaspersky off, reinstall H and right click on that updater file when it trys to update again and select edit. Then save that as a txt file.This way you could see what the Bat file is trying to do.
 

Hamxa

Level 1
Thread author
Verified
Mar 12, 2018
33
Thanks everyone, It always works for a week or two, And it happens again irrespective of exclusion or white-listing.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top