Kaspersky
Solved

Rootkit Scanning: Has the display in the Red K icon of KIS 20.0.14.1085(d) of Rootkit Scanning been removed/disabled? [Closed]

  • 28 October 2019
  • 19 replies
  • 1440 views

Userlevel 3
Badge

Has the display in the Red K icon (yes, I changed from Green one!) of KIS 20.0.14.1085(d) of Rootkit Scanning been removed/disabled?

Have I upset a setting? If so, which one, please?

icon

Best answer by wgcuser 10 November 2019, 20:06

View original

This topic has been closed for comments

19 replies

Userlevel 3
Badge

...just to add the O/S is Windows 10 pro 1903 build 18362.295 - 32 bit.

Userlevel 7
Badge +11

Hello  @wgcuser

Welcome again!

If I understand the issue, you switched from Green KIS icon (in the Taskbar) to the Red KIS icon, and now the Red K icon has reverted to Green? 

If that is the issue, to revert to Red KIS icon, rightclick on the KIS icon (in the Taskbar), select About, with the About popup open, press (on the keyboard) IDDQD, the icon should make the switch.

If this is not the problem, please post back and clarify please?

Thank you:pray_tone3:

Userlevel 3
Badge

@FLOOD 

My problem / observation is that I have not noticed any sign of a Rootkit scan on my windows 10 pro 1903 build 18362.295 - 32 bit. PC with KIS 20.0.14.1085(d)  for several weeks and there is no mention of one in the detailed Log.

I mentioned the fact that I have reverted the Green shield back to the Red K - in case my problem was a side effect of this change. - I have now used IDDQD to go back to the shield and will continue to look for any sign of a Rootkit scan taking place.

Is there any setting in KIS that might result in Rootkit scans being disabled?

Userlevel 7
Badge +11

Hello @wgcuser,

Thank you for the clarification. 

  • Rootkit Scan is not available if the software is in limited functionality mode. 
  • Also, patch(E) has been rolling out over the last few weeks, I notice your KIS is patch(D)
  • Do you use Sleep or Hibernate Mode for the PC?
  • Is Fast Boot enabled? 

Please follow these steps:

  1. KIS application: select :gear: , in Settings window, select Manage Settings, select Export Settings, save KIS Configuration file, select Restore Settings, select Security Level, select Maximum Security Level. 
  2. KIS application: select :gear: , in Settings window, select Additional, select Reports & Quarantine, select Clear.
  3. Shutdown device using FULL shutdown, not Restart.
  4. Power device on, login, start KIS.
  5. Run manual KIS Database Update.
  6. Run manual FullScan.
  7. Monitor for 24hrs, at the end of 24hrs, export KIS ALL Events Report and attach to your post please?

Thank you

Userlevel 7
Badge +11

Hello  @wgcuser,

Thank you for the message.

Also ensure Search for software that is intended to conceal traces of a malicious program in the system (rootkits) is :heavy_check_mark: ticked.

Thank you. 

Running three machines Win 8.1 and 10 on KIS 20 (D). I've never changed the icon like the OP did, but I haven't seen the rookit scan in logs for approximately one month. My neighbor runs Win 10 and says the same thing. Unless a user checks the logs, they wouldn't know if the rootkit scan has run so who knows how many people are experiencing this.

I'll see if the (E) update changes anything when I get it.

Userlevel 3
Badge

@FLOOD 

Please find attached report. My Pc has been remained booted for approx 24 hours no sign of any Rootkit Scan.

“Search for software…..” is (and was) ticked. As far as I’m aware the is no fast boot set. No sleep or hibernate set. During the process of setting up your suggested full Full Scan KIS updated to patch E

Is the mechanism for enabling Rootkit scans just a matter of configuring a Windows 10 Task to run once a day? Perhaps “something” has destroyed that Task??

I note that my wife’s Netbook - win 7 Starter same version KIS 20.0.14.1085(E) also does not show any Rootkit scans.

@Klinker  I only mentioned the the red & green icons because I wanted give the whole picture.

I (and other users) find the Rootkit Scan very intrusive and very noticeable! With the spinning globe visible on the taskbar icon and “Rootkit...” displayed when it’s doing a scan.

Userlevel 7
Badge +11

Hello  @wgcuser,

Thank you for posting back and the report. 

  1. Regarding the Red/Black/Green Kaspersky application icon, initially I didn’t understand the reason it was mentioned, however, I do now, your explanation is perfectly logical. (imo), enabling/disabling R/B/G will not impact RootKit Scans. 
  2. Windows “scheduled” tasks are not involved, in any way, in KIS RootKit Scans.
  3. RootKit Scans, are initiated only by (KIS) pre-programmed “background” schedule. 
  4. (Just for information), when you raised your topic I began to monitor RKS’s in my systems, the RK scans appear to run each evening between 22:00 & 23:45. 
  • May I have a screen print of KIS (application) Settings, Performance window please? 

Thank you

Userlevel 3
Badge

@FLOOD 

Performance settings as Requested attached.

Having looked at them I’m inclined to use:-

Disable scheduled tasks while running on battery power  - Unticked (this PC is Mains only)

Use Gaming mode - Unticked Don’t game

Release resources to the operating system when the computer starts  - Ticked - elderly PC!

Release resources to the operating system when the computer starts - Ticked Quicker startup.

Prevent infection during operating system restart - Ticked.

Postpone computer scan tasks when the CPU and disk systems are at high load - Unticked Perhaps my PC is Always at High Load?

Perform Idle Scan  Ticked  -Any Scan would be nice.

Search for software that is intended to conceal traces of a malicious program in the system (rootkits) -Ticked This is what we want!!

 

Userlevel 7
Badge +11

Hello@wgcuser,

Thank you for the image and the information.

  • Re: Search for software that is intended to conceal traces of a malicious program in the system (rootkits) is the setting I asked about originally.
  • If Idle Scan is enabled, scan tasks and update tasks run while the computer is locked or the screensaver is on, not at other times. 
  • Re: Perform Idle Scan, can you clarify “any scan would be nice”, implies issues with “other: scans (additional to the existing RootKit Scan issue), is that what you mean?
  • What’s “strange” about the issue is, (you’re) reporting the same issue for 2 devices; thinking back to when the issue began “several weeks ago”, in the 24hours preceeding the issue, were there any hardware, software, network and or environmental changes at all?
  • On both devices, are Windows updates occuring automatically and are all updates applied successfully? 
  • Before doing this, for all browsers, export Bookmarks, then run Privacy Cleaner Wizard, please tick:ballot_box_with_check: every box, at PCWizard completion, select Reboot. 
  • Also, please read post by Yury N, Anti-Rootkit Technologies Group Manager, you’ll (possibly) need to use a translator.
  • It might also be worth asking Kaspersky Technical Support to investigate:thinking:

Please post back.

Thank you

Userlevel 3
Badge

Hello@wgcuser,

Thank you for the image and the information.

  • Re: Search for software that is intended to conceal traces of a malicious program in the system (rootkits) is the setting I asked about originally.
  • If Idle Scan is enabled, scan tasks and update tasks run while the computer is locked or the screensaver is on, not at other times.  Response: Ah! ...I've looked at KL's video which explains. I probably had these setting ticked but never allowed PC's to go to sleep or screen savers to come one! - Hence no scans. Updates of database do seem to happen.
  • Re: Perform Idle Scan, can you clarify “any scan would be nice”, implies issues with “other: scans (additional to the existing RootKit Scan issue), is that what you mean? Response: Ignore my comment!
  • What’s “strange” about the issue is, (you’re) reporting the same issue for 2 devices; thinking back to when the issue began “several weeks ago”, in the 24hours preceeding the issue, were there any hardware, software, network and or environmental changes at all? Response: I do try to keep win 7 up to date. With Win 10 I've been postponing updates - I read the Ask Woody site and their Defcon Ratings, my 30 day postponement ended today so there has now been a few updates, but still running 1903 Hardware / Software unchanged as far as I can recall.
  • On both devices, are Windows updates occuring automatically and are all updates applied successfully? Response: See above. I have manual control over the Win7 Updates.
  • Before doing this, for all browsers, export Bookmarks, then run Privacy Cleaner Wizard, please tick:ballot_box_with_check: every box, at PCWizard completion, select Reboot. Response:Bit pressed for time today - but will perform this hopefully in the next 24hours.
  • Also, please read post by Yury N, Anti-Rootkit Technologies Group Manager, you’ll (possibly) need to use a translator. Response: I did need a translator! Yury N seems to agree with me over the intrusive nature of the RK Scanning.
  • It might also be worth asking Kaspersky Technical Support to investigate:thinking: Response:True, when all else fails contact support!

Please post back.

Thank you

 

Userlevel 3
Badge

@FLOOD  No sign of any returning Rk scan. So today removed (but kept licence data) and reinstalled KIS, as suggested by an auto-response email following contact with KLab Support.

Presently running v20.0.14.1085c (expect it will go up to e in due course) and have seen a Rk scan taking place!!:point_up:

Will resist temptation to “adjust” my settings. :blush:

Userlevel 7
Badge +11

Hello  @wgcuser,

Thank you for letting me know:clap_tone3:

What I think is “peculiar” is, KIS is only patch(C), (D) was distributed early September, and (E) schedule was mid to end of October:thinking:

On the Netbook, has KIS been reinstalled and are the RootKit Scans running?

Please let me know?

Thank you. 

Userlevel 3
Badge

@FLOOD 

Kind of you to ask. I’m currently just completing a quick scan and database update on the win7 Netbook. No Rk scan - except the one I initiated a few days ago.

Later I’ll reset it to the Defaults via the Export/Restore Settings and see how that goes.

Userlevel 7
Badge +11

Hello  @wgcuser,

You’re very welcome!

Rootkit Scans are automatically managed by KIS, how did you “initiate” the one that has run? 

Have you “discussed” KIS version (on your device) with the Lab? If not please do so.

& please keep me posted?

Thank you:pray_tone4:

Userlevel 3
Badge

@FLOOD 

Indeed the Rk Scan should be automatically managed by KIS, except due to reasons unknown it doesn’t happen for me! Research shows that the cmd line avp.exe start scan_qscan   will deliver a Rk scan.

Batch file to C:\ program files\kaspersky lab\kaspersky internet security 20.0\avp.exe start scan_qscan

Or tacking    start scan_qscan onto a short cut to avp.exe seemed to do the trick.

Yes I’ll take up the problem with the Lab.

Userlevel 7
Badge +11

Hello   @wgcuser,

Hmmm, ok, when you said “Presently running v20.0.14.1085c (expect it will go up to e in due course) and have seen a Rk scan taking place!!”, I took that to mean, after uninstalling and installing a new KIS, RKS’s were now running automatically.

So really, there has been no progress with the original RKS issue…:thinking:  

Keep us posted please?

Thank you

 

Userlevel 3
Badge

@FLOOD 

Since my last post the ‘new copy’ of KIS 20.0.14.1085 has updated from patch c to patch e.

I’ve been turning the PC on at about 09:00 and leaving it on for about 12 hours with the screen saver cutting in after about 4 minutes inactivity. The Detailed Reports show a Quick Scan at the scheduled time of 11:00 and a daily Rootkit Scan at between 14:51 and 15:58. - So I guess this is progress.

Userlevel 7
Badge +11

Hello  @wgcuser,

Thank you for reporting back:pray_tone3:

I’m happy to hear e has arrived:ok_hand_tone3:

“Progress”, yes indeed, from no RootKit Scan to a regular daily RootKit Scan, that’s definitely progress. 

& on your wife’s computer, what is the status please? 

Please let me know?

Thank you