Kaspersky
Question

How to exclude a file properly for all modules. The file is detected as Not-A-Virus: VHO: pswtool.win32.snadboy.gen

  • 11 March 2021
  • 4 replies
  • 46 views

I tried to exclude a file so that the antivirus ignored him.
I specified route, object, hash code, exclude for all component.
But the antivirus detects me by other modules:
Not-A-Virus: Heur: pswtool.win32.snadboy.gen
Not-a-virus: pswtool.win32.snadboy.2011
Not-A-Virus: VHO: pswtool.win32.snadboy.gen
I finally had to exclude it 3 times, one for each module that detected it.

 

I use KTS 21.2.16.590(b), Windows 10 20H2 (19042.804) x64

 

There is a way to exclude only once time, something like: Not-A-Virus: *: pswtool.win32.snadboy.gen

I have the same issues with Process Hacker, I excluded it, but, when I try update itself, KTS detected it like bad behavior and make rollback to the old version, but no restore all old files.


4 replies

Userlevel 7
Badge +8

@RydemStorm  At your own risk and only if you trust the object please try this :

  • Disable option : Settings > General > Perform recommended actions automatically
  • Kaspersky will ask you to decide which action to take on detected objects
  • Chose for “Quarantine”
  • Restore the  quarantined object
  • Create an exclusion rule for the object 
  • Enable option : Settings > General > Perform recommended actions automatically :warning:

I did that, in some way, but, others modules eventually detect like a threat the file.

I would like keep the hash of file, and if is possible the object.

I added the file to exclude like a not-a-virus:PSWTool.Win32.SnadBoy.2011.

After some time was detected like not-a-virus:HEUR:PSWTool.Win32.SnadBoy.gen, I excluded again.

But later was detect like not-a-virus:VHO:PSWTool.Win32.SnadBoy.gen, was required exclude again.

I have actually the process hacker running without problems, but, when update itself, the KTS detect and rollback the installation.

I have pending create new rules to exclude process hacker to avoid the detection. I prefer wait to know how do that in more proper way.

 

 

 

Userlevel 7
Badge +8

@RydemStorm Please contact Kaspersky Technical Support https://my.kaspersky.com/techsupport#/requests/new

Done, I am waiting response.

Request number: INC000012575544

Reply