Kaspersky
Question

Notification Centre Protection issue resolution options

  • 28 November 2019
  • 12 replies
  • 8281 views

Userlevel 1
  • Bronze Theorist
  • 12 replies

I have a protection issue in my notification centre (Kaspersky Anti-Virus) which says :

HEUR:Exploit.MSOffice.Generic detected and then gives the pathname for the object. The options listed when I click the Resolve button are:

Add to exclusions

Ignore

Open containing folder

View report

Learn more

If Ignore means to leave the object on my computer, and Add to Exclusions does the same, then how do I remove the malware or whatever it is? If it has already been removed by the scan and this is just a report of it, then how do I clear the warning message?

Hope someone can help!

 

 

 

 


12 replies

Userlevel 7
Badge +11

Hello  @JoBl,

Welcome!

:octagonal_sign:HEUR:Exploit.MSOffice.Generic (Kaspersky), Exploit:O97M/CVE-2017-11882!rfn (Microsoft):octagonal_sign:

:arrow_right:KAV version & patch(x)? Is KAV updated to the latest 20.0.14.1085(f)?:arrow_left:

So we can guide you, please provide KAV Report:  open KAV, select More Tools, select, Reports, select Detailed Reports, leave ALL Events as default,  select 24hrs, select Export, save report as a .txt file, &  :paperclip: attach :paperclip: to your reply?

Thank you

Kaspersky Anti-Virus 20.0.14.1085 release notes, Patches A – F

Vulnerability Report: List of Advisories

Userlevel 1

Here is the detailed report - doesn’t say much?

 

And yes, databases and application are up to date.

 

Thank you.

 

Userlevel 7
Badge +11

Hello  @JoBl,

As per my previous reply, please export the ALL EVENTS (default) Report & attach to your reply?

Thank you. 

Userlevel 1

Sorry. I have redone the detailed report for All Events, for the last 24 hours and also for the last 30 days. I did the latter because the date the detected object was reported was 17th November and I have been wondering what to do with it since then. 

As it is not repeated each day since, does that mean that it has been removed?  And if so, then which option is the correct one to take so that it stops showing as an unresolved item?

Thanks for helping me with this - hope I have produced the correct reports for you.

BTW - When I take the More Tools tab, there is no reporting option in the pulldown, so I accessed the detail reports via the Notification centre.

 

Cheers

Jo

 

Userlevel 1

…. and here are the files!

Userlevel 7
Badge +11

Hello  @JoBl,

You’re very welcome!

Thank you for the Reports:pray_tone3: , I’ll look and advise later.

  • Is KAV Free or Premium? 

KAV (Free) Reports

KAV Premium Reports

So I don’t give anyone else the wrong information, KAV doesn’t have Tools, Reports:thinking: ?

Please let me know?

Thank you. 

 

Userlevel 1

 

I have KAV premium I guess, as the Reports option is a button on the main application window. And the More Tools menu does not have a reporting option in this case.

So maybe give people both pathways to the reports, as I guess they will have one or the other! :)

Looking forward to hearing back from you.

Cheers

Userlevel 7
Badge +11

Hello  @JoBl,

Thank you for replying:pray_tone3:

All good:clap_tone3: , you managed to extract the data, despite my clumsy efforts :disappointed_relieved: .
I will keep your information in mind, for my next victim:wink:

  • I’ll post back after reviewing the data.

In the meantime have you read the references above: 

HEUR:Exploit.MSOffice.Generic (Kaspersky), Exploit:O97M/CVE-2017-11882!rfn (Microsoft) ? 

Thank you

 

Userlevel 7
Badge +11

Hello  @JoBl,

May I have image(s) of Google Chrome extensions page(s), showing all extensions please?

Thank you

Userlevel 1

Hi,

Is this what you mean? Hope so, as it’s getting late here now, so I’ll check back in the morning. Hope it’s readable. 

Cheers 

 

Userlevel 1

Not sure what happened there, so I’ll try again using Paint.

 

Userlevel 7
Badge +11

Hello  @JoBl

Thank you for the image.

Please do the following steps:

:one:  Create a System Restore Point.
:two:  Google Chrome, Reset to default  chrome://settings/reset, select Restore settings to their original defaults, select Reset Settings, allow process to complete, exit Chrome, do not restart.
:three:  KAV Clear Reports - (should be Settings, Additional, Reports & Quarantine

:four:KAV Export settings & Restores settings:

:a: Select Settings, select Manage settings, select Export settings, save .cfg file
:b: Select Restore settings, acknowledge UAC popup, allow process to complete.

:five:  Windows File Explorer:

  1. Clear C:\Windows\Temp, note: there may be some files/folders requesting “Admin permission” to delete, grant the permission, additionally, there may be some file/folders “in use”, select  “OK” or “Skip”
  1. Clear C:\Users\YOURNAME\AppData\Local\Temp, note: there may be some files/folders requesting “Admin permission”, grant the permission, additionally, there may be some file/folders “in use”, select  “OK” or “Skip.”
  1. Repeat Step :five:b. if there are any other (Windows) User accounts. 

:six:  Clear/empty Recycle Bin.

:seven:  Shutdown computer using Shutdown, not Restart, when computer is fully OFF, power on, login.

:eight:  Start KAV only (no other applications)

  1. Select Settings, select Security Level, select Maximum Security Level
  2. Run KAV manual Database Update, allow it to complete. 
  3. Run KAV Vulnerability Scan, allow it to complete. 
  4. Run KAV Full Scan, allow it to complete.
  5. Start Chrome, do not use, start only, start Windows File Explorer, go to: C:\Users\YOURNAME\AppData\Local\Google\Chrome\User Data\Default\Cache - screen print & post back image please? 
  6. Monitor issue. 

Note1:​​​​

After a monitoring period of your choosing, you may wish to reset KAV Security Level, that’s perfectly fine, select whatever Security Level you determine is suitable. 

  • If the issue returns, please let me know?

Thank you.

 

Reply