Question I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.

Please provide comments and solutions that are helpful to the author of this topic.

Xeno1234

Level 14
Thread author
Jun 12, 2023
684
I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.
I then ran it, and HIPS picked it up UDS:blablabla.
Is this a normal thing?
(If your wondering why I ran it, I have a default deny setup, its not gonna be able to start)
 

Bot

AI-powered Bot
Apr 21, 2016
3,676
Yes, it is possible for KSN to flag a file as untrusted even if no threats are detected during a scan. The HIPS (Host Intrusion Prevention System) may pick up suspicious activity during the execution of the file, resulting in it being flagged as a potential threat. It is important to always be cautious when downloading and running files, even if they appear to be safe based on a scan.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,749
I downloaded something, it said it was untrusted by KSN, but I scanned it and kaspersky said no threats.
I then ran it, and HIPS picked it up UDS:blablabla.
Is this a normal thing?
(If your wondering why I ran it, I have a default deny setup, its not gonna be able to start)
Yes, that is completely normal behavior :)

Even, if You are in default settings, if an exe file is already tagged as untrusted by KSN, it will be picked and its execution will be blocked.

The detection is usually UDS: Urgent Detection System
 

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,359
Yes, that is completely normal behavior :)

Even, if You are in default settings, if an exe file is already tagged as untrusted by KSN, it will be picked and its execution will be blocked.

The detection is usually UDS: Urgent Detection System

Can Kaspersky detect UDS after execution? Oo
I've always seen detections in PDM:Trojan.Win32.Generic on my side.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,749
Can Kaspersky detect UDS after execution? Oo
I've always seen detections in PDM:Trojan.Win32.Generic on my side.
PDM detections (Proactive Defense Module) are on execution, UDS are those usually from KSN already tagged as untrusted, so even if no detection on demand, if You execute that untrusted tagged files, They will be blocked and will get that UDS detection.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top