Kaspersky
Question

Is the threat (trojan virus) neutralised when Kaspersky detects it? Or does that happen when I push the Resolve button? [MOVED]

  • 25 September 2021
  • 7 replies
  • 204 views

Hello all,

I saw that Kaspersky had discovered a Trojan (Trojware) approx. 2 hours ago. I didn’t notice the notification at the moment the virus was discovered. When I opened Kaspersky Security Cloud I clicked the "Details” button exactly the same as seen here: https://support.kaspersky.com/common/start/15436 and clicked the “Resolve” button. Threat was neutralised and that was it.

Here comes my question: Did Kaspersky neutralise the threat (virus) before I “Resolved” it manually? Was my computer compromised for the 2 hours of my ignorance? I also couldn’t find the log of resolved virus, once I clicked “Resolve” that virus wasn’t logged anywhere in the Report window.

 

I’m really curious about this.

 


7 replies

Userlevel 7
Badge +11

Hello @JayBro

Welcome!

  1. :a:Read before you create a new topic!
  • Yes, when KIS detected the threat it will have neutralised it.
  1. Did you check Quarantine?
  2. Re not showing in report, have any Report logging notifications been changed? 
  3. IF you have concerns, exit all applications & browsers, clear C:\Windows\Temp & C:\Users\USER\AppData\Local\Temp; run a manual Database update, shutdown the machine using Shutdown, not Restart, power on, login, run a Full scan → allow it to complete….

 

 

Please let us know?

Thank you:pray_tone3:

Flood:whale:+:whale2:

Hi,

Thanks for your feedback. 

I am using 21.3.10.391 (f) Kaspersky security cloud on windows 10.

  1. Quarantine is empty and I haven’t emptied it.
  2. I’ve in fact found 2 event in “Reports”
  3.  Result was first “detected” and then “Not processed”, Event: Disinfection not possible, Reason: postponed.

  4. I went to the location of the threat and it wasn’t there. Did Kaspersky delete it automatically or what happened with it?

Userlevel 7
Badge +11

I am using 21.3.10.391 (f) Kaspersky security cloud on windows 10.

  1. Quarantine is empty and I haven’t emptied it.
  2. I’ve in fact found 2 event in “Reports”
  3.  Result was first “detected” and then “Not processed”, Event: Disinfection not possible, Reason: postponed.

  4. I went to the location of the threat and it wasn’t there. Did Kaspersky delete it automatically or what happened with it?

Hello @JayBro

Thank you for the information!

Apologies for the delay. 

  1. We’re a little confused, the topic is in Category Kaspersky Internet Security, however, your last reply advises the software is Kaspersky Security Cloud:thinking:
  2. Normally, when a report shows “postponed”, it indicates the process is waiting on an event, for example a - machine shutdown & restart - was this done after these steps: “clicked the “Resolve” button. Threat was neutralised and that was it”, which you advised when you posted the topic? 
  3. We’d like to see the entire object name please, drag the Object name vertical line column to the right, you can still hide your user name, we don’t need to see that.
  4. Is Kaspersky Security Cloud Family, Personal or Free? 

Please post back?

Thank you:pray_tone3:

Flood:whale:+:whale2:

Userlevel 7
Badge +9

 I went to the location of the threat and it wasn’t there.

Is the location  “C:\Users\       \AppData\Loca\Temp\0a298682-7346-4538-85b7-????????????”
an empty folder, can you please specify.

  1. Excuse me for the confusion. I later realised that I posted this post in the wrong category. I am indeed using Kaspersky Security Cloud - Family, payable version, not free. I am sorry for posting in the wrong category, that surely creates some confusion.
  2. I pressed “Resolve” approximately 24 hours after the 2 logged events in “Reports”. I wasn’t notified of this threat. I noticed a red flag over the Kaspersky icon 1 day later (according to the log time in Reports - not 2 hours as I initially thought) that’s how I’ve discovered about the threat… Very odd.
  3. Entire object:

C:\Users\xyz\AppData\Local\Temp\0a298682-7346-4538-85b7-4d0e709c9f9f.tmp\0a298682-7346-4538-85b7-4d0e709c9f9f

      4. When I went to the location after resolving no such file or folder were there.

Userlevel 7
Badge +9

@JayBro Topic moved , no problem …

Is the K icon still red , please  clear  Temp files + reboot and run another scan ?

https://support.kaspersky.com/common/windows/1161

 

Thank you. No, the K icon stopped being red once I’ve pressed “Resolve” and the .tmp file was also gone, so I suppose it was fixed on the spot. I still don’t understand why the threat was detected and then not processed, because of that I’m concerned about this threat. Could you still say for sure this virus was neutralised/blocked (before doing any harm) when it was discovered and “not processed”. I manually “Resolved” it a day later. What was happening with this threat in the meantime as Kaspersky was waiting for my input? What’s the function of “Resolve”, what does it do? Isn’t anti-virus supposed to take action and keep me safe when something harmful is discovered and not wait for my input to “resolve” it? Maybe it does but it’s just all a bit confusing.

I rebooted the machine and ran a couple of full scans, all of them came clear and there is no sign of the malicious .tmp file.

Reply