Advice Request Heimdal Pro disabled by KTS-18, Probably false positive? Or not.

[Hamxa]

Hello,

Two days, My Kaspersky total security performed an unusual task, It detected some patching by Heimdal Pro as Malware, which eventually disabled Heimdal Pro.
I have not yet started it again, Just to be sure Because I did not understand much out of it. I have contacted Heimdal, But they will be available after the weekend.

Anyway, I have attached a text file, which I exported from my KTS for that event. Can someone review?

Thanks.

 

[harlan4096]

Yes, it seems a false positive, detected by PDM:Trojan.Win32.Generic (System Watcher).

 

[mekelek]

let's hope its an FP and not Heimdal going rogue

 

[Sunshine-boy]

Heimdal going rogue

Its rogue they are advertising!

 

[upnorth]

Ofcourse it's a FP. Otherwise I'll join John McAfee and eat a shoe.

Btw issue officially solved with Kaspersky.

 

[RoboMan]

Holy crap the logs! Kaspersky just ate that Heimdal without any mercy

It's pretty much a FP due to Heimdal behaviour. You should always add as exclusions security software.

 

[Hamxa]

It seems, either KTS does not like Heimdal or Heimdal is really doing something nasty. Despite exclusion and white-listing Heimdal in KTS, Not to mention it is in 'trusted apps group'. But KTS literally ate Heimdal without asking me a thing.
Part of me is relieved that KTS is hardcore. But again.. I really like Heimdal GUI :/

 

[tim one]

It seems the detection is reported to a .bat file, and then a script that may perform also malicious operations, and in this case, the term "trojan generic" is referring to files that may have malicious behavior.
But if your copy of Hemidal is genuine, it is a FP.

 

[ForgottenSeer 69673]

You could always turn Kaspersky off, reinstall H and right click on that updater file when it trys to update again and select edit. Then save that as a txt file.This way you could see what the Bat file is trying to do.

 

[Hamxa]

Thanks everyone, It always works for a week or two, And it happens again irrespective of exclusion or white-listing.