NoVirusThanks EXE Radar Pro turns Freeware

AMD1

Level 4
Verified
Joined
Aug 21, 2012
Messages
160
Hi,

I have version 3 ( not beta) and its on alert mode. When i come home from work and login to windows, its blocking what looks like Kaspersky Total Security from updating as there are notifications from KTS advising that the update failed. Is there a command line or parent process i need to add ?

NB I have whitelisted all Program Files & Program(x86) Files and c\Windows processes.

Any help appreciated.

Thanks

Andy
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,391
OS
Windows 10
1 Take a look in the ERP log window, and see if there are any blocked events.

2 Try this: reboot your computer, open Kaspersky, and start up a manual update. See what happens. Even if there is no new update available, Kaspersky will check for its availability.

3 Next time your computer is closed for 12 hours or more, there should be an actual Kaspersky update available, so do 2 again, and see what happens when the update installs.

I have used KIS+ERP without issues, so I don't think ERP is the problem.
Kaspersky does not run a downloaded executable file when it installs signature updates, so ERP should sit quietly on the side while it all happens.
 

AMD1

Level 4
Verified
Joined
Aug 21, 2012
Messages
160
1 Take a look in the ERP log window, and see if there are any blocked events.

2 Try this: reboot your computer, open Kaspersky, and start up a manual update. See what happens. Even if there is no new update available, Kaspersky will check for its availability.

3 Next time your computer is closed for 12 hours or more, there should be an actual Kaspersky update available, so do 2 again, and see what happens when the update installs.

I have used KIS+ERP without issues, so I don't think ERP is the problem.
Kaspersky does not run a downloaded executable file when it installs signature updates, so ERP should sit quietly on the side while it all happens.
Hi,
1. No blocked events
2. Re-booted and run KTS update ok
3. yet to check

Seems it only happens when it logs off and i have to log back on to my PC
 
Likes: shmu26

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,391
OS
Windows 10
Hi,
1. No blocked events
2. Re-booted and run KTS update ok
3. yet to check

Seems it only happens when it logs off and i have to log back on to my PC
I am just guessing, but maybe your internet connection comes back kind of slow when you log back on, and Kaspersky is already trying to get an update before there is internet, so it fails.
 

AMD1

Level 4
Verified
Joined
Aug 21, 2012
Messages
160
Hi,

I have just logged into my PC after approx. 18hrs and what flashed up in alert mode was the following :

rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh

I have added this as a whitelisted command line rightfully or wrongfully ?

It seemed as though KTS had attempted a number of updates whilst not logged on which were unsuccessful. When i am loggod on there are no issues.

Andy
 
Likes: shmu26

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,391
OS
Windows 10
Hi,

I have just logged into my PC after approx. 18hrs and what flashed up in alert mode was the following :

rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh

I have added this as a whitelisted command line rightfully or wrongfully ?

It seemed as though KTS had attempted a number of updates whilst not logged on which were unsuccessful. When i am loggod on there are no issues.

Andy
That command line looks perfectly normal and safe to me.

By the way, it is very common with ERP to get command lines with random character strings in them. If you want to permanently whitelist them, just edit them by putting a * instead of the random characters, wherever they appear.
 
Likes: AtlBo

AMD1

Level 4
Verified
Joined
Aug 21, 2012
Messages
160
Thanks shmu26,

I have whitelisted the process for the minute and all seems ok.

Funny though, why does it not have a path of C\ in front of it ?
 
Likes: AtlBo

AMD1

Level 4
Verified
Joined
Aug 21, 2012
Messages
160
Would i be better to have the beta version 3 rather than the stable version ?

Not sure what differences there are between the two.
 
Likes: AtlBo

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,391
OS
Windows 10
Maybe that part of the command line was not displayed because there was not enough room in the display box. Sometimes you have to scroll horizontally, if you know what I mean, to see the whole string. If you did not whitelist the whole string, it probably will not work.
 
Likes: AtlBo

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,391
OS
Windows 10
Would i be better to have the beta version 3 rather than the stable version ?

Not sure what differences there are between the two.
The main difference I know of is that the beta has a ready-made list of vulnerable processes. That's your exploit protection.
With the stable version, the list is empty and you need to populate it yourself if you want that kind of protection.
 
Likes: AtlBo

AMD1

Level 4
Verified
Joined
Aug 21, 2012
Messages
160
Hi,

I have whitelisted the following command line but unsure if safe to do so:

rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh

Any reassurance would be appreciated.

Thanks

Andy
 

shmu26

Level 64
Verified
Joined
Jul 3, 2015
Messages
5,391
OS
Windows 10
The AppXDeploymentExtensions commands are pretty common. They are for the Windows 10 apps or whatever you want to call them. If you get too many command lines like that, trying making a wildcard that will cover them all.
 

AMD1

Level 4
Verified
Joined
Aug 21, 2012
Messages
160
Can i make a wild card with this as its not followed by a series of numbers etc:

rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh

Or do i just add "" at the end ?
 
Likes: AtlBo

Similar Threads

Similar Threads