PDM false positive with KIS 2020 patch B

  • 18 July 2019
  • 6 replies

I have encountered a false positive (PDM:Trojan.Win32.Generic) with KIS 2020 patch B which is caused by python 3 in Windows Linux Subsystem on Windows 10 1903 x64

It can be reproduced by installing Windows Linux Subsystem (Ubuntu 18.04 in my case)
and install Miniconda (python 3.7.3 in my case)

And the false positive can be reproduced by installing either one of the two totally different python package from two totally different sources which excludes the possibility malware is planted in both packages
conda install -c conda-forge mpi4py 

or 2) 
pip install git+https://gitlab.mpcdf.mpg.de/ift/nifty_gridder.git

I also have system trace enabled when I try to reproduce the false positive, not sure how can I submit it.

6 replies

Userlevel 7
Badge +10
Hello Henryskyleung,
Welcome! And thank you for your comprehensive information, images, and collecting traces👏🏼
KIS 2020, are you using KIS free or licensed, is 2020, the commercial release?
To upload the traces (.zip folder), select the upload icon, between the link icon & smilie icon, otherwise upload to cloud storage of your choice & post the link for us please?
Also, in KIS REPORTS, please find the detections, export the report for the smallest timeframe possible, for example 24 hrs, save the report .txt file, upload using again please?
Also, have you, via https://virusdesk.kaspersky.com, scanned the object that is generating the alert?
If YES, what was the result?
If NO, please do so, if the report is "safe" or "unknown", please select "submit for analysis", enter your email address in the "Send to the Antivirus Lab" prompt.
Please let us know?
Many thanks.
Licensed, yes commercial release I believe and the trace is too large to be uploaded here (71.1MB zip)
Userlevel 7
Badge +10
Licensed, yes commercial release I believe.
the trace is too large to be uploaded here (71.1MB zip)

Hello Henry,
Thanks for replying and the additonal information.
You're too quick for me😉, I added a bit of extra information to my original reply.
Any large .zip can be uploaded to cloud storage, share the link please, however, did you activate traces, REBOOT, after restart, ensure KIS is active, replicate issue, disable traces?
If not, would you be kind enough to follow those steps please and provide the .zip traces?
Many thanks.
Userlevel 7
Badge +8

Also and in addition to FLOOD , if you suspect a FP please contact the Technical Support https://center.kaspersky.com

Userlevel 7
Badge +10

Licensed, yes commercial release I believe.

Hello Henry,
That took longer than necessary, anyway Tech Support "subject matter expert" advises: KIS 2020 patch B, is the Technical release.
  • Please raise a case with Kaspersky Technical Support - via: https://my.kaspersky.com/techsupport#/requests/new
  • There's no 2020 template, therefore, select Win 10, KIS 2019,, Malware, False Positive:
  • In the problem description, enter all the excellent info you've provided us - including the traces & the files KIS is objecting to, zip the files, & mark them so the lab are aware.
  • Also mention in the problem record (there is no 2020 template) so the ticket submission is based on last available information, therefore not definied accurately.
And, please do let us know the outcome, we're very interested.
Thanks so much!
Userlevel 7
Badge +5

Hello @henryskyleung 

Was it solved? Please let me know, Thanks!

Best regards.