Question I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.

Please provide comments and solutions that are helpful to the author of this topic.

Xeno1234

Xeno1234

Level 14
Thread author
Jun 12, 2023
699
I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.
I then ran it, and HIPS picked it up UDS:blablabla.
Is this a normal thing?
(If your wondering why I ran it, I have a default deny setup, its not gonna be able to start)
 
  • Like
Reactions: piquiteco and likeastar20
Bot

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,467
Yes, it is possible for KSN to flag a file as untrusted even if no threats are detected during a scan. The HIPS (Host Intrusion Prevention System) may pick up suspicious activity during the execution of the file, resulting in it being flagged as a potential threat. It is important to always be cautious when downloading and running files, even if they appear to be safe based on a scan.
 
  • Like
  • Sad
Reactions: roger_m, Jack and codswollip
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,675
Xeno1234 said:
I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.
I then ran it, and HIPS picked it up UDS:blablabla.
Is this a normal thing?
(If your wondering why I ran it, I have a default deny setup, its not gonna be able to start)
Click to expand...
Yes, that is completely normal behavior :)

Even, if You are in default settings, if an exe file is already tagged as untrusted by KSN, it will be picked and its execution will be blocked.

The detection is usually UDS: Urgent Detection System
 
  • Like
Reactions: Berny, simmerskool, roger_m and 6 others
Shadowra

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,312
harlan4096 said:
Yes, that is completely normal behavior :)

Even, if You are in default settings, if an exe file is already tagged as untrusted by KSN, it will be picked and its execution will be blocked.

The detection is usually UDS: Urgent Detection System
Click to expand...

Can Kaspersky detect UDS after execution? Oo
I've always seen detections in PDM:Trojan.Win32.Generic on my side.
 
  • Like
Reactions: simmerskool, piquiteco, Nevi and 3 others
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,675
Shadowra said:
Can Kaspersky detect UDS after execution? Oo
I've always seen detections in PDM:Trojan.Win32.Generic on my side.
Click to expand...
PDM detections (Proactive Defense Module) are on execution, UDS are those usually from KSN already tagged as untrusted, so even if no detection on demand, if You execute that untrusted tagged files, They will be blocked and will get that UDS detection.
 
  • Like
  • Applause
  • +Reputation
Reactions: Berny, simmerskool, Dave Russo and 6 others

Similar threads

Xeno1234
  • Locked
Tried to check power consumption of my PC but it might be malware.
Replies
3
Views
315
Windows Malware Removal Help & Support
nasdaq
nasdaq
Xeno1234
    • Like
    • +Reputation
    • Thanks
App Review Kaspersky Premium
Replies
12
Views
3,474
Written Reviews - Security and Privacy
rooney49
rooney49
ebocious
    • Like
Advanced Plus Security Ebocious's Yoga 6 Security Config
Replies
18
Views
1,213
PC Setup Configuration Help & Showcase
ebocious
ebocious

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top