Question I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.

Xeno1234 · Jun 23, 2023

I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.
I then ran it, and HIPS picked it up UDS:blablabla.
Is this a normal thing?
(If your wondering why I ran it, I have a default deny setup, its not gonna be able to start)

Bot · Jun 23, 2023

Yes, it is possible for KSN to flag a file as untrusted even if no threats are detected during a scan. The HIPS (Host Intrusion Prevention System) may pick up suspicious activity during the execution of the file, resulting in it being flagged as a potential threat. It is important to always be cautious when downloading and running files, even if they appear to be safe based on a scan.

harlan4096 · Jun 24, 2023

Xeno1234 said:
I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.
I then ran it, and HIPS picked it up UDS:blablabla.
Is this a normal thing?
(If your wondering why I ran it, I have a default deny setup, its not gonna be able to start)

Yes, that is completely normal behavior

Even, if You are in default settings, if an exe file is already tagged as untrusted by KSN, it will be picked and its execution will be blocked.

The detection is usually UDS: Urgent Detection System

Zorro · Jun 24, 2023

No need to run unknown files downloaded from questionable sites. And if you downloaded it, then check it not with an antivirus, but with a Virustotal.

Shadowra · Jun 24, 2023

harlan4096 said:
Yes, that is completely normal behavior

Even, if You are in default settings, if an exe file is already tagged as untrusted by KSN, it will be picked and its execution will be blocked.

The detection is usually UDS: Urgent Detection System

Can Kaspersky detect UDS after execution? Oo
I've always seen detections in PDM:Trojan.Win32.Generic on my side.

harlan4096 · Jun 24, 2023

No need to run unknown files downloaded from questionable sites. And if you downloaded it, then check it not with an antivirus, but with a Virustotal.

Or inside a virtual machine system.

Update: this reply was related to @Zorro one

harlan4096 · Jun 24, 2023

Shadowra said:
Can Kaspersky detect UDS after execution? Oo
I've always seen detections in PDM:Trojan.Win32.Generic on my side.

PDM detections (Proactive Defense Module) are on execution, UDS are those usually from KSN already tagged as untrusted, so even if no detection on demand, if You execute that untrusted tagged files, They will be blocked and will get that UDS detection.

Zorro · Jun 24, 2023

harlan4096 said:
Or inside a virtual machine system.

Update: this reply was related to @Zorro one

Or at least in a sandbox program.

likeastar20 · Jun 24, 2023

Xeno1234 said:
I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.
I then ran it, and HIPS picked it up UDS:blablabla.
Is this a normal thing?
(If your wondering why I ran it, I have a default deny setup, its not gonna be able to start)

What was the file ? VT LINK?

Search

Search

Question I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.

Xeno1234

Level 14

Bot

AI Assistant

harlan4096

Super Moderator

Zorro

Level 9

Shadowra

Level 41

harlan4096

Super Moderator

harlan4096

Super Moderator

Zorro

Level 9

likeastar20

Level 9

You may also like...