Kaspersky
Solved

Kaspersky keeps deleting the file I'm trying to restore

  • 21 November 2020
  • 19 replies
  • 2113 views

Kaspersky recently quarantined a file it detected with a machine learned algorithm. It was a false positive and I’ve been trying to restore it, but whenever I restore it, Kaspersky scans it again and quarantines it again. The only way I was able to prevent it from doing this was to pause the virus protection, restore the file, add it as an exception, and resume protection.

Needless to say, this is a stupidly complicated and risky procedure for dealing with a false positive, especially considering this was a machine learned false positive. For future reference, is there a better way of dealing with this? I feel like there really needs to be the option to add a file as an exception from the quarantine menu or something like that.

icon

Best answer by Berny 3 January 2021, 10:13

@fendern Only if you trust the object please try this :

  • Disable option : Settings > General > Perform recommended actions automatically
  • Kaspersky will ask you to decide which action to take on detected objects
  • Chose for “Quarantine”
  • Restore the  quarantined object
  • :warning: Create an exclusion rule for the object :warning:
  • Enable option : Settings > General > Perform recommended actions automatically
View original

This topic has been closed for comments

19 replies

Userlevel 7
Badge +10

Hello @fendern

Welcome!

  1. Check the detected object using Kaspersky Open Threat portaland select the Submit to reanalyze option, add your email address & comments to send to Kaspersky experts for further analysis.
  2. If you have a subscription license, log a case with Kaspersky Technical Support, fill in the template as in our image, if your KSC version is 21.2, select 21.1 →  Kaspersky have not updated their templates; zip the .exe file, name the zip archive malware, or infected & protect the zip archive with a password, add the zip archive to the request; add the password to the request; in the problem description provide a detailed history, images & or video: if they help explain the problem & the URL/link to this Community topic: Support may request Logs & or other system data, they will guide you if necessary.
  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in their MyKaspersky account.

Please share the outcome with the Community when it’s available? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

So I figured that the problem might be that I was using a slightly outdated version of the software, so I updated and went about my way.

Just a bit ago, it detected another non-virus. I restored it and went to the notification center to add it as an exception. There’s just one problem: [Deleted] It’s not even in the quarantine anymore! How do you even [Deleted].  How does your software go from “add exception” to “completely remove the file?” What the actual [Deleted]

To top everything off, I can’t even [Deleted]  download the file anymore because Kaspersky preemptively deletes it before it gets saved, so the newly quarantined file was never properly saved and can’t be restored!

How do I get it to stop doing this!? [Deleted]

Okay, apparently I had to manually update the software. Does this application just not have automatic updates? Regardless, I guess it’s fixed now.

Userlevel 7
Badge +10

Hello @fendern

Welcome back!

You’re most welcome!

Good to hear the issues are fixed, thanks for updating us. 

Yes, the Kaspersky AV home software, does have automatic updates.

Thank you:pray_tone3:

Flood:whale:+:whale2:

So this was working great for about a month, but suddenly it’s doing it again. What the hell, man?

Userlevel 7
Badge +10

Hello @fendern

Welcome back!

  1. So, what changed
  2. What is the software name
  3. Which KSC version & patch(x) = letter,  is installed, on the Windows taskbar, rightclick the Kaspersky icon, select About
  4. Save the KSC Report (that shows Kaspersky detecting the software), attach:paperclip: the Report to your reply? 
  5. Is KSC Premium or Free? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

  1. Hell if I know.
  2. basic.exe
  3. 21.2.16.590 (b)
  4. done
  5. Free
Userlevel 7
Badge +10

Hello @fendern

Thank you for the data. 

  • If you come to the Community with attitude, cussing & swearing, other Community members are not necessarily going to be keen to help. 
  1. Scan the exe using Kaspersky Open Threat portal, post back the result? 
  2. Basic.exe, which version & source? 
  3. Post images of the exclusions you created? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Bro none of this addresses the issue at hand. KSC deletes the file again AS SOON AS IT RESTORES IT. 

Userlevel 7
Badge +10

Hello @fendern

  1. We’d like to test the issue, kindly provide the information?
  2. Have you paused & exited Kaspersky & reapplied the exclusions? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Please explain to me how I add an exclusion for a file that is permanently in quarantine

Userlevel 7
Badge +10

Hello @fendern

  1. Create a new folder, on desktop, call it anything you wish. 
  2. Create an exclusion for the new folder
  3. Restore the file to the new folder
  4. Check KSCF no longer detects the file
  5. Move the file to the original location

Thank you:pray_tone3:

Flood:whale:+:whale2:

So Kaspersky seems to have spontaneously stopped quarantining the file again. So my question is going to be the same as it was a month ago: how can I deal with this in the future. I’d like to not have to come back here a month from now when Kaspersky decides it just doesn’t like my files again.

I’ve attached the screenshot you seem to want. I don’t know how it helps, but here ya go.

How do I restore the file to a folder other than the one it came from? There’s no option for that. 

Userlevel 7
Badge +10

If the source file is changed, Kaspersky has no control of that. 

If KSCF is reset to default, all previous configurations are wiped out. 

Detection

Exclusion

Exclusion detail

Result

 

If you want help, be helpful; we do not have a crystal ball, nor are we associated with Kaspersky, all Kaspersky Community members are here to help, you may be po’d with Kaspersky, direct your anger & attitude in the right place & manner, not at fellow Kaspersky Community members. 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Dude, what are you talking about? Like, how the #%*! do you want me to behave? Not ask questions? Not be confused when you ask me to do things I can’t do? Not be annoyed when you ask me to do a half dozen things that don’t appear to address the issue I’m having? I came here to get advice for dealing with what appears to be a software bug and I’ve been given the runaround and chastised for having an “attitude.” I don’t know what your problem with me is, but could you please drop it?

Now could you please answer my question? How do I restore a file to somewhere other than where it originally came from? 

Userlevel 7
Badge +10

Hello @fendern

Thank you:pray_tone3:

Flood:whale:+:whale2:

Dude, what rudeness? What do you want me to do differently? What behavior do you want me to change? In what way have I been obscene, rude, unethical, or insulting? Please tell me because you’re just telling me that I’m being rude without explaining how and I’m kind of at a loss for words at this point.

What method are you talking about? Maybe I’m just not understanding, so let me back up. The file is currently in quarantine. You said that I should:

  1. Create a new folder, on desktop, call it anything you wish. 
  2. Create an exclusion for the new folder
  3. Restore the file to the new folder

This is the part where I’m getting confused. In the quarantine menu, I see a “restore” option. Clicking that will result in the .exe being restored to the folder it originally came from, re-scanned, and re-quarantined in a matter of seconds. Is there an option here that I am missing that allows me to restore the file to a different folder so that it won’t be immediately rescanned?

 

Userlevel 7
Badge +8

@fendern Only if you trust the object please try this :

  • Disable option : Settings > General > Perform recommended actions automatically
  • Kaspersky will ask you to decide which action to take on detected objects
  • Chose for “Quarantine”
  • Restore the  quarantined object
  • :warning: Create an exclusion rule for the object :warning:
  • Enable option : Settings > General > Perform recommended actions automatically