So, I recently tested Kaspersky 2020 (Security Cloud Free) in a virtual machine and tested its system watcher capabilities.
For doing this, I use my own custom program that is completely harmless by itself but its installer uses a really... let's say shady way to install the program into the local user autostart directory. The "shady" installer is successfully detected by both version 2019 (19.0.0.X) and 2020 (20.0.0.X). Both flag the installer as PDM:Trojan.Win32.Generic, the typical generic behavoir alert. Version 19 then terminates the program, deletes the installer executable and rolls back all actions it did, as intended.
Version 20 however also terminates the installer and rolls back all of its actions, but guess what?
It just leaves the installer on the disk and doesn't move it to quarantine, even though it clearly identified it as malware!
This could have many reasons.
It could be a major critical flaw in Kaspersky System Watcher.
It could be that fact that SW is now smart enough to detect my installer is not actually malicious enough to instant delete it and chooses to just terminate it instead.
But it gets worse............
When you go to system watcher settings and set the action to "delete application" or "termiante application".....
The installer just fully bypasses Kaspersky, like System Watcher was set to "Ignore"! (The tray icon turns red shortly but then the AV just ignores the threat).
Now my question is... Is this behavoir in ANY kind normal?!
Has anyone else tested system watcher yet and expirienced the same issue?
If not where can I report this bug?