NoVirusThanks EXE Radar Pro turns Freeware

Status
Not open for further replies.

AMD1

Level 5
Verified
Aug 21, 2012
210
Hi,

I have version 3 ( not beta) and its on alert mode. When i come home from work and login to windows, its blocking what looks like Kaspersky Total Security from updating as there are notifications from KTS advising that the update failed. Is there a command line or parent process i need to add ?

NB I have whitelisted all Program Files & Program(x86) Files and c\Windows processes.

Any help appreciated.

Thanks

Andy
 
  • Like
Reactions: AtlBo and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
1 Take a look in the ERP log window, and see if there are any blocked events.

2 Try this: reboot your computer, open Kaspersky, and start up a manual update. See what happens. Even if there is no new update available, Kaspersky will check for its availability.

3 Next time your computer is closed for 12 hours or more, there should be an actual Kaspersky update available, so do 2 again, and see what happens when the update installs.

I have used KIS+ERP without issues, so I don't think ERP is the problem.
Kaspersky does not run a downloaded executable file when it installs signature updates, so ERP should sit quietly on the side while it all happens.
 

AMD1

Level 5
Verified
Aug 21, 2012
210
1 Take a look in the ERP log window, and see if there are any blocked events.

2 Try this: reboot your computer, open Kaspersky, and start up a manual update. See what happens. Even if there is no new update available, Kaspersky will check for its availability.

3 Next time your computer is closed for 12 hours or more, there should be an actual Kaspersky update available, so do 2 again, and see what happens when the update installs.

I have used KIS+ERP without issues, so I don't think ERP is the problem.
Kaspersky does not run a downloaded executable file when it installs signature updates, so ERP should sit quietly on the side while it all happens.

Hi,
1. No blocked events
2. Re-booted and run KTS update ok
3. yet to check

Seems it only happens when it logs off and i have to log back on to my PC
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Hi,
1. No blocked events
2. Re-booted and run KTS update ok
3. yet to check

Seems it only happens when it logs off and i have to log back on to my PC
I am just guessing, but maybe your internet connection comes back kind of slow when you log back on, and Kaspersky is already trying to get an update before there is internet, so it fails.
 

AMD1

Level 5
Verified
Aug 21, 2012
210
Hi,

I have just logged into my PC after approx. 18hrs and what flashed up in alert mode was the following :

rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh

I have added this as a whitelisted command line rightfully or wrongfully ?

It seemed as though KTS had attempted a number of updates whilst not logged on which were unsuccessful. When i am loggod on there are no issues.

Andy
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Hi,

I have just logged into my PC after approx. 18hrs and what flashed up in alert mode was the following :

rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh

I have added this as a whitelisted command line rightfully or wrongfully ?

It seemed as though KTS had attempted a number of updates whilst not logged on which were unsuccessful. When i am loggod on there are no issues.

Andy
That command line looks perfectly normal and safe to me.

By the way, it is very common with ERP to get command lines with random character strings in them. If you want to permanently whitelist them, just edit them by putting a * instead of the random characters, wherever they appear.
 
  • Like
Reactions: AtlBo

AMD1

Level 5
Verified
Aug 21, 2012
210
Thanks shmu26,

I have whitelisted the process for the minute and all seems ok.

Funny though, why does it not have a path of C\ in front of it ?
 
  • Like
Reactions: AtlBo

AMD1

Level 5
Verified
Aug 21, 2012
210
Would i be better to have the beta version 3 rather than the stable version ?

Not sure what differences there are between the two.
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Maybe that part of the command line was not displayed because there was not enough room in the display box. Sometimes you have to scroll horizontally, if you know what I mean, to see the whole string. If you did not whitelist the whole string, it probably will not work.
 
  • Like
Reactions: AtlBo

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Would i be better to have the beta version 3 rather than the stable version ?

Not sure what differences there are between the two.
The main difference I know of is that the beta has a ready-made list of vulnerable processes. That's your exploit protection.
With the stable version, the list is empty and you need to populate it yourself if you want that kind of protection.
 
  • Like
Reactions: AtlBo

AMD1

Level 5
Verified
Aug 21, 2012
210
Hi,

I have whitelisted the following command line but unsure if safe to do so:

rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh

Any reassurance would be appreciated.

Thanks

Andy
 
  • Like
Reactions: AtlBo and shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
The AppXDeploymentExtensions commands are pretty common. They are for the Windows 10 apps or whatever you want to call them. If you get too many command lines like that, trying making a wildcard that will cover them all.
 
  • Like
Reactions: Andy Ful and AtlBo

AMD1

Level 5
Verified
Aug 21, 2012
210
Can i make a wild card with this as its not followed by a series of numbers etc:

rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh

Or do i just add "" at the end ?
 
  • Like
Reactions: AtlBo
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top