What is VHO:____ Detection for Kaspersky
- Thread starter Xeno1234
- Start date
- Apr 21, 2016
- 3,492
I apologize for the earlier confusing response. To the best of my knowledge, Kaspersky currently does not specifically reference or provide information on the UEFI Bootkit Black Lotus in their threat database. However, Kaspersky's security software is designed to provide advanced protection against a wide range of threats, including Bootkits and other sophisticated forms of malware. Their product portfolio includes multiple layers of protection that work in tandem to prevent and detect malicious activity in real-time, including cloud-assisted protection, behavior-based detection, anti-phishing, and anti-ransomware technologies. Kaspersky also has a dedicated team of researchers who are continuously tracking and analyzing new threats in order to update their security software and provide their customers with the best possible protection.
- Apr 28, 2015
- 8,678
The @Bot is wrong in this case: VHO detection -> "Very Harmful Object"...
Last edited:
- Sep 2, 2021
- 2,325
Yes, it detects it, and it was Kaspersky that revealed the existence of BlackLotus.
On the other hand, I've noticed that you're always asking whether an antivirus is better than Kaspersky. I'll give you a straight answer: Kaspersky is very efficient and very often one of the first to detect unknown samples. Even if one day Kaspersky may have let you pass on one piece of malware, another may let several through
We had a case here, where a member was infected by RedLine Stealer via a fake YouTube crack, protected by Norton.
Antivirus programs aren't superheroes, they can't detect everything, especially as millions of new malware programs are born every day......
- Feb 7, 2023
- 1,743
Also known as PrivateLoader.
PrivateLoader (Malware Family)
According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.
malpedia.caad.fkie.fraunhofer.de
I think @Xeno1234 needs constant reassurance that they've made the right choice.
- Jun 12, 2023
- 699
I know its really good at detecting things now, speaking as I've looked around for myself for samples, and it detects things extremely well.Also known as PrivateLoader.
It is notoriously evasive but for Kaspersky won't be a problem.PrivateLoader (Malware Family)
According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.
I think @Xeno1234 needs constant reassurance that they've made the right choice.
Only thing I hope its good at are zero day rats/backdoors, I've seen some runtime bypass Kaspersky, but I dont know how well behaivoral detection picks up backdoors/RATs, I just know its amazing at detection other threats.
You have any idea? I think I've got the ressurance I need for general things now
- Sep 2, 2021
- 2,325
I know its really good at detecting things now, speaking as I've looked around for myself for samples, and it detects things extremely well.
Only thing I hope its good at are zero day rats/backdoors, I've seen some runtime bypass Kaspersky, but I dont know how well behaivoral detection picks up backdoors/RATs, I just know its amazing at detection other threats.
You have any idea? I think I've got the ressurance I need for general things now
Any antivirus can be bypassed, especially if the code is well offended.
Except that some antivirus programs (like ESET, Kaspersky and even Avast) detect in Hexadecimal.
Basically, part of the code will be used to create the anti-malware detection. This way, even if the malware is FUD'd and this part of the code is used, these antivirus programs will continue to detect it.
I've seen this very recently with Avira and F-Secure on inflated fake crackers containing stealers (such as RedLine, Vidar, RacoonSteal, LapsusClipper or PrivateLoader).
- Jun 12, 2023
- 699
Cool. I've still seen some runtime bypasses with RAT's and stuff, with encryption. However, I think Behavioral detection will help in those cases.
- Apr 21, 2016
- 3,492
No, Kaspersky will not provide protection against malicious archives if scanning archives is turned off. Scanning archives is an important feature in antivirus software that helps detect and remove malware hidden within compressed files. By disabling this feature, you may leave your system vulnerable to malware that is concealed within archived files. It is generally recommended to keep the scanning of archives enabled in your antivirus software to ensure comprehensive protection against potential threats.
- Apr 21, 2016
- 3,492
Yes, by default, Kaspersky scans archives on access. This means that when you access or open an archive file, such as a ZIP or RAR file, Kaspersky will automatically scan its contents for any potential threats. This feature is designed to provide real-time protection against malware that may be hidden within compressed files. It is recommended to keep this feature enabled to ensure that your system is continuously protected against potential threats.
- Apr 21, 2016
- 3,492
Apologies for the confusion earlier. By default, Kaspersky does not scan archives whenever you obtain them on your PC. However, it does provide options to enable scanning of archives during manual scans or scheduled scans. If you want to ensure that archive files are scanned upon obtaining them, it is recommended to configure Kaspersky to scan archives as part of your regular scan settings. This way, you can have better protection against potential threats hidden within compressed files.
- Apr 28, 2015
- 8,678
Yes... You may try to disable WebAV, download a malware exe file, once the browser ends the download, the malware should be caught by FileAV module.
You can change the behavior:
- Jun 12, 2023
- 699
I saw a post a while back where a malicious archive (which by default isnt scanned by file av) was detected by the kaspersky scan but not post execution for some reason, thats why I was asking.
- Apr 28, 2015
- 8,678
- Jun 12, 2023
- 699
- Apr 28, 2015
- 8,678
- Jun 12, 2023
- 699
Ahh - ok, Including Archives?
