Kaspersky
Question

How long should a "full scan take" on a half full 2TB hard drive on a MacBook Pro running Catalina plus...


Userlevel 3
  1.  When I try to do a full scan using Kaspersky Internet Security on my MacBook Pro (2017) with the latest Catalina installed it stays at 1% for hours on end.   Is this normal?
  2. I also have Carbon Copy Cloner installed on an external drive and when it does its daily backup of my system I keep getting the following error.  See attached screenshot.  I can’t for the life of me find the file at fault and have been in touch with the Japanese Kaspersky support here, but their explanation of how to report the issue is far beyond my Japanese.  This notification is on a daily basis and I can’t delete the item causing the problem.  Any suggestion welcome please.  How can I get rid of the offending item?

66 replies

Userlevel 7
Badge +6

Hello @Sister Sabina,

Welcome!

  1. Regarding the Adware error, it appears to be from an browser extension:thinking:
  2. Have you run a full reset of the Safari browser?
  3. Did you discuss the Full Scan 1% issue with the Japanse Support Team?
  4. Can you explain a little bit more what “Japanese Kaspersky support, their explanation of how to report the issue is far beyond my Japanese”, does that mean they’ve given guidance in the Japanese language & it’s difficult to understand? 
  5. Have they given written instructions? If “yes”, please post their instructions so we can guide you?

Please post back?

Thank you:pray_tone3:

Flood:whale:

Userlevel 3

Thanking you for replying so quickly.  Here is the Google translation of what they sent me yesterday.  Bear in mind that it is a machine translation.  But not bad.  I did as they suggested and added all of Adobe apps to the exclude section so they weren’t triggering continue “skip” due to requiring passwords or blocks.

“The heuristic analysis function (behavior detection)

It looks like it has been detected.

Since it cannot be deleted, we will give appropriate guidance

Screenshot to confirm that it is detected by the following procedure

Acquisition of the corresponding file (sample) to be detected, and

Please reply with your answer.

1. Take screenshot

Detects or deletes files / applications from our products

Obtain a screen to confirm that the message to be notified is displayed,

Please give me.

 

[Reference: How to create a screenshot]

https://support.kaspersky.co.jp/492#block12

 

2. Get detected files

 

Compress the detected file (sample / sample) with ZIP with password

Please provide to us in the state where you went.

 

* Specify the password as infected.

 

<< Compression method >>

(1) Click on the file to select it.

(2) After clicking [File] from the menu bar at the top of the screen

を Select [Compress "●●"].

 

* ●● is the name of the selected file.

 

<< How to set a password for the compressed file >>

(1) Click [Launchpad] from Doc and open in the following order.

[Others] → [Terminal]

(2) Enter “zipcloak ●●” on the terminal screen and press the [return] key.

   Press.

 

* A half-width space behind "zipcloak" is required.

* ●● is the name of the selected compressed file.

Drag and drop a ZIP file from the Finder to the terminal on *

コ ピ ー Copy with [Command] + [C] key in Finder, then in terminal

Paste is also possible with [Command] + [V] keys.

る と Please note that if there is a space behind * ●●, it will not work properly.

 

(3) If you are prompted to enter "Password:"

When prompted, enter the password [infected].

 

* When entering the password, enter characters or symbols such as “*”.

仕 様 Specifications not displayed.

 

1. Please let us know the specific timing of the detection in chronological order.

 

[Example]

(1) Download the application “〇〇〇”

(2) Double-click the downloaded file to execute

(3) The file starts after the installation is completed

(4) After starting the file, click “〇〇〇” from the application screen

(5) A message indicating that the threat was detected by Kaspersky is displayed,

Files are forcibly deleted.

A.

(1)

(2)

(3)

 (Four)

 (Five)

 

2. Inform the current date and version of the definition database release

   Please give me.

 

Date and time of release:

   version:

 

[Reference: How to check the Mac version number]

https://home.kaspersky.co.jp/store/kasperjp/ja_JP/html/pbPage.v18_faq_confirm_version/ThemeID.37143000#intab-6

<Confirmation procedure of definition database release date>

 

(1) Click the Kaspersky icon in the notification area to open the main screen.

   start up.

(2) Click [Update] from the main screen.

 

[B] Proceed without skipping protected files during full scan

 

Regarding the above, "We detected a password protected compressed file"

Is it a situation where a message is displayed?

 

If so, our product will

Since scanning cannot be performed, a message to that effect is issued to inform you.

 

However, this "compressed file" does not

We do not have detailed information because it may be made.

 

Therefore, as a workaround, perform a custom scan of "Adobe Creative Cloud" first,

After confirming that there is no problem, refer to the following URL and set an exclusion

Thank you for your cooperation.

 

[Reference: Kaspersky Internet Security 18 for Mac Exclusion]

方法 How to add file / folder / website address to list】

https://support.kaspersky.co.jp/13800

 

Above, sorry to trouble, but thank you.

 

Please reply to technical support without changing the email subject.

 

■ Notes

 

This request number expires in 7 days.

 

Please note that if there is no reply within the time limit, it will expire.

The expiration date of your request number will be extended each time you reply.

 

If the expiration date has expired, you can contact us again by listing INC000011355542 on the inquiry page.

 

****************************************************** ***********

Kaspersky Technical Support Center

URL: https://support.kaspersky.co.jp/”

Userlevel 7
Badge +6

Hello @Sister Sabina

You’re very welcome!

Thank you for replying and for the transcript:ok_hand_tone3:

  1. Has Safari been reset to default? 
  2. May I know the KIS version & patch please?
  3. How long has KIS been installed?
  4. Has a Full Scan ever run successfully to completion? 

Please post back?

Thank you:pray_tone3:

Flood:whale:

Userlevel 3
  1. No it hasn’t.  Stupid question!  How do I do that?
  2. KIS 20.0.0.829a.b
  3. Just over a year from memory.
  4. Only once.  It is still at 1% after about 5 hours now. I run simple scans every morning but I know that doesn’t mean much.

I truly thank you.  

Userlevel 7
Badge +6

Hello @Sister Sabina

You’re very welcome!

Thank you for the information:ok_hand_tone3:

There is no such thing as a stupid question, do not worry:slight_smile:

For Safari, please do the following:

:a:

  1. Click on “Safari” located in the menu bar in the top left hand corner of the screen
  2. Click on “Reset Safari...”
  3. Place a checkmark beside all available options
  4. Press the “Reset” button
  5. Click on the Hard Drive icon located on the desktop
  6. Browse to “Users > (Users Home) > Library > Safari folder”
  7. Drag every file except “Bookmarks.plist” into the Trash
  8. Browse to “User > (Users Home) > Library > Preferences”
  9. Locate “com.apple.Safari.plist”, “com.apple.internetconfigpriv.plist” and “com.apple.internetconfig.plist” and drag them to the trash. NOTE: If “com.apple.internetconfigpriv.plist” does not exist, ignore it and just trash the other two files
  10. Empty Trash

:b:

  1. Go to Finder, select your user/home folder. 
  2. With the Finder window as the front window, either select Finder/View/Show View options or select command - J.  
  3. When the View options opens, check ’Show Library Folder’. 
  4. That should make your user library folder visible in your user/home folder.  
  5. Select Library./Caches/com.apple.Safari/Caches.db and move it to the trash.
  6. Empty Trash. 
  7. Restart Safari.

Please let me know when all steps in A & B are complete?

Thank you:pray_tone3:

Flood:whale:

Userlevel 3
  1. Complete
  2. no “com.apple.Safari/Caches.db” exists
Userlevel 7
Badge +6

Hello @Sister Sabina

Thank you for replying and for following the procedures:ok_hand_tone3:

  1. At the moment is the Full Scan still running?
  2. Are you running the Full Scan because of the “not-a-virus:Heur.AdWare.Script.Agent.gen” detection?

Please let me know?

Thank you:pray_tone3:

Flood:whale:

Userlevel 3
  1. Yes, I’m still running the full scan but it is still on 1%.  And that is now after some 6 hours.
  2. Not just because of that error msg but just to make sure that my macbook pro isn’t causing the problem. I believe that the “not-a-virus:Heur.AdWare.Script.Agent.gen”  is residing in a Carbon Copy Cloner backup which is on an external drive.  I have thought about trying to run KIS on that drive to see whether it can get to the actual file causing the problem which the Japanese support wants.  However, that is on a 6TB HDD. It just seems to be going round and around each day.  Reporting the same problem.
Userlevel 7
Badge +6

Hello @Sister Sabina

Thank you for replying and the information.

I’d like you to stop the Full Scan, then perform the following steps to do a clean install of KIS please:

  1. Confirm KIS System requirements
  2. Uninstall KIS using the KIS Uninstallation Wizard, at the completion of the uninstall, shutdown and restart the MAC, login. 
  3. Run a KIS software compatibility check
  4. Install KIS - following all documented steps please? 
  5. With nothing else running, run a Full Scan

Please let me know when all steps are complete?

Thank you:pray_tone3:

Flood:whale:

 

Userlevel 3

Sorry that it took so long to get back to you.  Bedtime.  After reading your email just now I checked to see how the current scan was going and found the following (screenshots attached)  Do you still want me to proceed as you have suggested above?  The Time Machine disk which it is currently scanning is some 5TB (full 6TB HDD) on an external HDD drive so that is probably why it is taking so long.  Or do you want me to just let it run its course seeing as it is “infected!”? The Carbon Copy Cloner where the Safari infection seems to also reside is some 2TB.  I will await your reply before proceeding.  Thank you for your patience.

 

Userlevel 7
Badge +6

Hello @Sister Sabina

No apology necessary, we all need :sleeping: , I hope yours was free of Scan dreams?:relaxed:

  1. Has the Scan percentage changed? 
  2. Selecting any of the 3 horizontal dots, what options are available

     

Please let me know?

Thank you:pray_tone3:

Flood:whale:


For information, Kaspersky’s “not-a-virus:HEUR:AdWare(x)

quote

A potentially unwanted application is a program that contains adware, installs toolbars or has other unclear objectives.

Other unwanted adware programs might get installed without the user's knowledge. 

end quote

Essentially, there may be programs, applications, extensions (you’ve) intentionally installed that may be detected by Kaspersky. 

Kaspersky’s detection for  “not-a-virus:HEUR:AdWare(x)” is to alert (you) to the existence of the object, in case (you) were unaware of the object’s existence. 

Not-a-Virus: What is it?

Userlevel 3

Ok, I understand that.  I was wondering whether a reformat of both the Time Machine HDD and Carbon Copy Cloner HDDs, then going back again to reset Safari would clear up this matter once and for all.  I would rather get rid of these “nasties” so am prepared to do the reformats and start afresh with the backups.  It would seem that these “not-a-virus:HEUR:AdWare(x)” alerts are now deep seated in prior backups.  Time Machine has backups going back to early 2018

Would running say the likes of Malwarebytes as well as Kaspersky help?

Userlevel 7
Badge +6

Hello @Sister Sabina,

First, please tell me:

  1. Has the Scan percentage changed? 
  2. Selecting any of the 3 horizontal dots, (see your image, in my last reply) what options are available? 
  3. Regarding reformat, yes, however, there are other things to do as well.. Let me know 1 & 2 please and I’ll provide a process to follow. 
  4. MBam, yes, however, there are other things to do as well.. Let me know 1 & 2 please and I’ll provide a process to follow. 

Thank you:pray_tone3:

Flood:whale:

Userlevel 3

No it is still on 1% at 12,810,974 odd scanned items and still going.  It’s still scanning the Time Machine.  For the two items in the orange triangle I have 1. delete or 2. ignore.  All the others items in a long list have been placed in “isolation”

 BTW I have selected to have Safari disable all “extension” in “develop”.  Not sure whether that might stop this in future.  Not that I use Safari these days.  I prefer to use Brave mostly

Userlevel 7
Badge +6

Hello @Sister Sabina

Thank you for replying and the information:ok_hand_tone3:

  1. For the first 2 :warning: detections, please select delete - please let me know the result? 
  2. Does “isolation” mean quarantine? 
  3. What does  “in “develop” “ mean please, I’m not sure I understand the context:thinking:

Please let me know?

Thank you:pray_tone3:

Flood:whale:

For information, important, Brave is not a Kaspersky supported browser

Userlevel 3
  1. I deleted both of the files showing the orange triangles plus all the other items showing up as “not-a-virus:HEUR:AdWare(x)
  2. “isolation” is the Japanese translation, not sure what it is in English, but it did give me the choice to delete all which I did. 隔離されました。in image 3 means “this item has been isolated”.
  3. The “develop” option is found under preferences in Safari and if checked is shown in the taskbar from where you can select various options.  Screenshots attached.
  4. Oops I had better go back to either Chrome or Firefox then?

 

Userlevel 7
Badge +6

Hello @Sister Sabina,

Thank you for replying and the information:ok_hand_tone3:

  1. Since deleting all detections, what is the Scan percentage please? 
  2. In the Safari Develop menu, please select Empty Caches
  3. Re “Oops”,:grin: yes indeed!

Please let me know?

Thank you:pray_tone3:

Flood:whale:

Userlevel 3
  1. Still at 1% with well over 13,000,000 files scanned but still in Time Machine.
  2. Yes, I did already empty the caches.
  3. Which is better to use: Chrome or Firefox?
Userlevel 7
Badge +6

Hello @Sister Sabina,

Thank you for replying and the information:ok_hand_tone3:

Re “which is better?” Each has :heavy_plus_sign: s & :heavy_minus_sign: s, after we get the problems fixed, install both, test, make a decison based on the outcome, or do what I do, use both:slight_smile:


Ok, let ‘s get to work: 

  1. Cancel the Full Scan.
  2. Shutdown, restart, login, make sure KIS is active. 
  3. Format Time Machine HDD.
  4. Format Carbon Copy Cloner HDD

Let me know please, when 1. 2. 3. 4. are complete? In the interim I’ll write up the rest of the steps required and post again. 

Thank you:pray_tone3:

Flood:whale:

Userlevel 3

ok, here goes.

Userlevel 3

all 4 completed.  Nice and clean to say the least. Also reverted to Firefox.

:grin:

Userlevel 7
Badge +6

Hello @Sister Sabina

:open_mouth: That was so quick:grin: !! 
I’m still wrting up all the steps, please have a :coffee: break, do not do anything until I post please?

Thank you:pray_tone3:

Flood:whale:

Userlevel 3

ok. Shall do.  And thank you for all your time and effort spent on this.

Userlevel 7
Badge +6

Hello @Sister Sabina

You’re most welcome:relaxed:

While you’re waiting (for me), and enjoying a :coffee: , please run a KIS Full Scan, nothing else, let me know 1. If there are any detections 2. If the Scan hangs on any %?

Thank you:pray_tone3:

Flood:whale:

Userlevel 3

shall do.

Reply / Ответить