What to do if Kaspersky detects wpad

  • 6 May 2021
  • 0 replies

Userlevel 7
Badge +7

If Kaspersky products show detection notifications about wpad.dat, wpad.domain.name, Trojan.Script.Agent.dc and etc, then read the information below:

There exists something called WPAD or Web Proxy Autodiscovery Protocol, it's designed to pinpoint the location of the necessary configuration file, called the pac-file. Usually such location would look like this: wpad.domain[.]name/wpad.dat. Experienced users will understand that this "location" is actually a DNS suffix.
A lot of routers/modems are preset that DNS suffix.

This isn't new, this has been used for 20 years now.

Using a DNS suffix like that means that it is theoretically possible for a mal-wisher to change the file at its location, and eventually have it loaded into the user's system, thus setting up an unwanted proxy server, and intercept browsing data.


Follow these steps:

  1. Try to connect to the Internet via some other Internet connection, for example, via mobile hot spot. Or try to connect without router. Will there be a detection?
  2. If there is no detection after step 1: please reset router to default settings then connect again to the Internet via router.
  3. Also update firmware on the router, if there is a newer version is available on the router manufacturer site. Change password of the router.
  4. If points 2 and 3 do not solve the problem and point 1 fix problem, then this router is not recommended for use. Or contact the support of the router manufacturer.

This topic has been closed for comments