Browsing through my old development folders I noticed that executables of some applications I developed years ago (using Borland C++Builder) were missing. Luckily I had the same folders in zipped archives. Trying to extract affected .exe files from .zip archives were failing with Access Denied errors. Trying to extract whole folder was resulting in the affected .exe files disappearing.
All this looked like actions of an antivirus software. However, my Kaspersky was showing that everything was fine, computer protected, no alerts, no errors, etc. After manually diving into Kaspersky Quarantine (under More Tools section) I found that my application was silently quarantined as HEUR:Trojan.Win32.Generic.
As this was an application I developed myself, I was pretty sure that it wasn’t a Trojan. Just to be completely sure I scanned the affected .exe files on Virustotal and no other mainstream antivirus had any issues with these files. It was pretty obvious that the detection was a false-positive.
These things obviously happen, my bigger concern was that Kaspersky would completely silently quarantine/delete files without any warring or notification. I contacted Kaspersky support and they confirmed this is “by design”. They suggested workaround was to change following setting: Settings > Scan > Action on threat detection: Change this to Notify.
Unfortunately in my case this didn’t help. Even with Action set to Notify, the suspected files were still being silently deleted. As far as I’m concerned it’s never OK for any software to silently remove files from my hard drive without notifying me. This leaves me with two options – either remove Kaspersky Antivirus from my PC, or remember to regularly check the Kaspersky Quarantine…
To be fair to Kaspersky, few days after I submitted the files in question they recognised that these were false-positives, and few more days later Kaspersky stopped flagging them as Trojans.
March 2017
Windows 10 Pro
Kaspersky Internet Security 2017
Leave a Reply