Advice Request KTS force-removing excluded files and folders

[Studynxx]

As the title suggests, I've tried everything.... It keeps deleting my batch files. I'm trying to make a backup with Macrium but to no avail as it keeps deleting my batch scripts

What can i do?

 

[Bot]

You can add your batch files to the exclusions list in Kaspersky settings. Go to Settings > Additional > Threats and Exclusions > Specify trusted applications > Add > select your batch file. This should prevent Kaspersky from deleting your files.

 

[harlan4096]

Can You post captures of the exclusions?

 

[Captain Awesome]

As the title suggests, I've tried everything.... It keeps deleting my batch files. I'm trying to make a backup with Macrium but to no avail as it keeps deleting my batch scripts

What can i do?

Can you disable KTS protection for 5 mints & use 7zip for password protected batch files then renable protection. Or disabled protection for 1 hours and run macrium. Create backup.

 

[Studynxx]

Can You post captures of the exclusions?

Sure.

 

[Studynxx]

Can you disable KTS protection for 5 mints & use 7zip for password protected batch files then renable protection. Or disabled protection for 1 hours and run macrium. Create backup.

Sure but that's more of a workaround rather than actually fixing the root cause.

 

[Captain Awesome]

Sure but that's more of a workaround rather than actually fixing the root cause.

Yes but it's the only way for now. Or send your scripts to Kaspersky as a FP and wait for their review.

 

[Studynxx]

Yes but it's the only way for now. Or send your scripts to Kaspersky as a FP and wait for their review.

What's FP?

 

[Studynxx]

Yes but it's the only way for now. Or send your scripts to Kaspersky as a FP and wait for their review.

I don't understand why the exclusions... don't exclude?

 

[harlan4096]

I guess that specific detection is in "Object Name:" field:

Try adding the mask *Detection name*


Also, where are located those files, in shared network folder?

 

[Studynxx]

I guess that specific detection is in "Object Name:" field:

View attachment 287236


Try adding the mask *Detection name*


Also, where are located those files, in shared network folder?

View attachment 287237

Yes, correct, they're in a shared network folder. On my NAS.

Yes, that's the object name, so should I add *Detection name*? HEUR:Trojan-Downloader.BAT.Bitser.gen is what's the detection name

 

[Captain Awesome]

What's FP?

False Positives

 

[harlan4096]

Yes, try with *HEUR:Trojan-Downloader.BAT.Bitser.gen*

 

[Studynxx]

Yes, try with *HEUR:Trojan-Downloader.BAT.Bitser.gen*

I already did, it's in my screenshot

 

[harlan4096]

No, In Your screenshot only HEUR:Trojan-Downloader.BAT.Bitser.gen, without *....*, I mean, add *

 

[Studynxx]

No, In Your screenshot only HEUR:Trojan-Downloader.BAT.Bitser.gen, without *....*, I mean, add *

oh ok thx I'll try that

 

[Studynxx]

No, In Your screenshot only HEUR:Trojan-Downloader.BAT.Bitser.gen, without *....*, I mean, add *

Tried it, didn't do anything. Do I have tor reboot the PC?

 

[Captain Awesome]

Tried it, didn't do anything. Do I have tor reboot the PC?

Reboot Kts

 

[harlan4096]

Tried it, didn't do anything. Do I have tor reboot the PC?

Not necessary, can You post the exact details of the detection, check in Reports and copy/paste fromt there.

 

[Studynxx]

Not necessary, can You post the exact details of the detection, check in Reports and copy/paste fromt there.

Event: Object deleted
User: [REDACTED]
User type: Active user
Application name: ReflectBin.exe
Application path: C:\Program Files\Macrium\Reflect
Component: File Anti-Virus
Result description: Deleted
Type: Trojan
Name: UDS:Trojan-Downloader.BAT.Bitser.gen
Precision: Exactly
Threat level: High
Object type: File
Object name: rclone_install.bat
Object path: [REDACTED]
MD5: A8288B8CAAE989FB652C55277DE04287