Serious Discussion Kaspersky misses a fake crack tool

Xciting

Xciting

Level 3
Thread author
Well-known
Jun 14, 2023
119
282
167
So a launched a fake crack and voodoosheild blocked it and gave 100% AI while... kaspersky uhhhh.. doesnt even react to it like at all even on VT theres no detection .... the guy even has a yt.... VT: VirusTotal

Screenshot 2023-07-23 122728.png


Screenshot 2023-07-23 123441.png
 
Last edited by a moderator:
  • Like
  • HaHa
  • Wow
Reactions: comolokko, piquiteco, codswollip and 6 others
Blocked by elastic:
Screenshot 2023-07-23 125636.png
The reason i use elastic is if kaspersky misses something elastic will most of the time block the missed malware :>

And yes my kaspserky is enabled and at optimal settings.
 
  • Like
  • Sad
Reactions: comolokko and Dave Russo
I think that if the crack/keygen doesn't perform malicious actions, Kaspersky won't detect it.

Neutrophil said:
this is why kaspersky is popular among the pirates too. you get good security without having to worry about the crack getting quarantined or deleted.
Click to expand...

Kaspersky is very responsive if a hacker tries to crack the product :)
Many hacked keys are quickly blacklisted, and tools for forcing Trial Resets or injecting force licenses are blocked by Kaspersky :)
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Neutrophil, rooney49, piquiteco and 13 others
Did the file actually executed (doesnt seem to be the case)? Hard to say that Kaspersky failed without knowing if the System Watcher module (behavior blocker) could have blocked it if the crack tried to do something malicious.

Anyway, I dont see the point of this thread at all ...
 
  • +Reputation
  • Like
  • Hundred Points
Reactions: Jonny Quest, piquiteco, plat and 10 others
Nightwalker said:
Anyway, I dont see the point of this thread at all ...
Click to expand...
+1
The file is classified as PUP because vendors believe this is the ethical way. It is up to the vendor’s discretion to decide if detections will be added for PUPs and does the file fit their criteria for this category.
 
  • Like
  • +Reputation
  • Applause
Reactions: nickstar1, vtqhtr413, rooney49 and 14 others
This file, which Kaspersky seems to have analyzed,
And judged safe, which is why the VT scan results show safe.

Screenshot 2023-07-25 at 01-48-12 Kaspersky Threat Intelligence Portal.png


Kaspersky Threat Intelligence Portal :

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses
opentip.kaspersky.com opentip.kaspersky.com

If you think a file may be harmful and Kaspersky is wrong,
You can contact their customer service for confirmation.
 
  • Like
Reactions: vtqhtr413, roger_m, Nevi and 4 others
codswollip said:
It's fake. Kaspersky did its job. No FP. #win

The better question is why VS alerted. Probably cuz it was new (check the FP box, and continue).


You have data for that - or is that a personal confession ? 🤣
Click to expand...

popular among people i know who pirate.. being a broke college student back in the day it aint hard to become a pirate :ROFLMAO:. but i don't do it anymore. it just defeats the whole point of security.
 
  • Like
  • HaHa
Reactions: roger_m, piquiteco, vtqhtr413 and 1 other person
Does CyberLock’s VAi pop-up provide any additional information as to why it is deemed unsafe?

From the screenshot provided, all I see is the file is not digitally signed. What other parameters does the AI use to determine a files risk status?

If there is no malicious behaviour, then some AV companies consider Warez (Cracks, Keygens) as PUA.
 
  • Like
Reactions: Nevi, roger_m, piquiteco and 2 others
Ink said:
Does CyberLock’s VAi pop-up provide any additional information as to why it is deemed unsafe?

From the screenshot provided, all I see is the file is not digitally signed. What other parameters does the AI use to determine a files risk status?

If there is no malicious behaviour, then some AV companies consider Warez (Cracks, Keygens) as PUA.
Click to expand...
No, ML/Ai engines are signatureless and perform binary classification, so only a Safe or Unsafe verdict is rendered. Sure, you could try to analyze all 400+ features and try to figure out why the Ai engine determined a certain file to be Safe or Unsafe, but that would be a fool’s errand.

The entire point of CyberLock is to find and allow only Safe files, and block everything else, and I can assure you this file should never be considered Safe.

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for '(x64bit.)_4.2.x.x_patch.exe'

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.
www.hybrid-analysis.com www.hybrid-analysis.com


Is it malicious? Maybe, maybe not. But it certainly is not Safe.
 
  • Like
  • Thanks
  • +Reputation
Reactions: gonza, Nevi, piquiteco and 4 others
danb said:
Is it malicious? Maybe, maybe not. But it certainly is not Safe.
Click to expand...
If it's not malicious - and I highly doubt it is, why would it not be safe? I consider that it's most likely not malicious, because Kaspersky says it's not and several other antiviruses just detect it as a crack, rather than actual malware.
 
  • Like
Reactions: piquiteco, Nevi, SeriousHoax and 3 others
This file is not Safe / Clean, all you need to do is look at the sandbox reports.

Or you can look it up on Kaspersky's Threat Intelligence Portal.

Even Kaspersky does not classify the file as Clean...

Not categorized.PNG


This is how it looks when Kaspersky classifies a file as Clean / Safe (Supremo.exe)...

Clean.PNG
 
  • Like
Reactions: piquiteco, Trident, harlan4096 and 1 other person
Not Categorized in KOTIP may mean: file is still not known by KSN, K. whitelisting, etc. and/or They just did not add that file as Clean, but that does not man it is malicious, in my humble opinion :)
 
  • Like
  • Applause
Reactions: Nightwalker, piquiteco, Berny and 6 others
harlan4096 said:
Not Categorized in KOTIP may mean: file is still not known by KSN, K. whitelisting, etc. and/or They just did not add that file as Clean, but that does not man it is malicious, in my humble opinion :)
Click to expand...
I am certainly not dissing Kaspersky, but keep in mind, 6 days ago the file was detected as Clean, and now it is detected as "Not categorized". In my opinion, "Not categorized" is a much better determination than "Clean" for this file. It will be interesting if the verdict changes in the future.

malwaretips.com

Discussion Thread - Kaspersky misses a fake crack tool

So a launched a fake crack and voodoosheild blocked it and gave 100% AI while... kaspersky uhhhh.. doesnt even react to it like at all even on VT theres no detection .... the guy even has a yt.... VT: VirusTotal
malwaretips.com malwaretips.com
 
  • Like
Reactions: simmerskool, harlan4096, roger_m and 1 other person

You may also like...