Kaspersky
Question

Kaspersky System Watcher did not detect malware sample on a virtual machine .

  • 12 May 2021
  • 7 replies
  • 144 views

I have a ransomware sample whose malicious behavior Kaspersky System Watcher was unable to detect  !! , Unfortunately, all files have been encrypted by this ransomware, and its malicious behavior has not been detected or Rollback the changes .
The good news is that I've been testing this sample on a virtual machine .

Now I want to send the sample to Kaspersky Labs to investigate and find out why Kaspersky System Watcher was unable to detect her dangerous behavior.

Note: I analyzed the sample through Kaspersky Threat Intelligence Portal on May 09, 2021, and it was actually detected, and a few minutes later Kaspersky Total Security was able to detect it through cloud protection.

I want to know why Kaspersky System Watcher was unable to detect its malicious behavior ?


7 replies

I have a ransomware sample whose malicious behavior Kaspersky System Watcher was unable to detect  !! , Unfortunately, all files have been encrypted by this ransomware, and its malicious behavior has not been detected or Rollback the changes .
The good news is that I've been testing this sample on a virtual machine .

Now I want to send the sample to Kaspersky Labs to investigate and find out why Kaspersky System Watcher was unable to detect her dangerous behavior.

Note: I analyzed the sample through Kaspersky Threat Intelligence Portal on May 09, 2021, and it was actually detected, and a few minutes later Kaspersky Total Security was able to detect it through cloud protection.

I want to know why Kaspersky System Watcher was unable to detect its malicious behavior ?

Thats actually really unfortunately. The system should have detected such dangerous file and I am suprised it hasn’t. Maybe you should read their Terms of Service and check if you can find anything about such cases. Perhaps you will get some kind of support by them. 

I have a ransomware sample whose malicious behavior Kaspersky System Watcher was unable to detect  !! , Unfortunately, all files have been encrypted by this ransomware, and its malicious behavior has not been detected or Rollback the changes .
The good news is that I've been testing this sample on a virtual machine .

Now I want to send the sample to Kaspersky Labs to investigate and find out why Kaspersky System Watcher was unable to detect her dangerous behavior.

Note: I analyzed the sample through Kaspersky Threat Intelligence Portal on May 09, 2021, and it was actually detected, and a few minutes later Kaspersky Total Security was able to detect it through cloud protection.

I want to know why Kaspersky System Watcher was unable to detect its malicious behavior ?

Thats actually really unfortunately. The system should have detected such dangerous file and I am suprised it hasn’t. Maybe you should read their Terms of Service and check if you can find anything about such cases. Perhaps you will get some kind of support by them. 

I contacted tech support three days ago and sent them the 
ransomware sample .
I have not received anything from them until now 🙂 !! .

Userlevel 7
Badge +9

I contacted tech support three days ago and sent them the, ransomware sample . I have not received anything from them until now 🙂 !! .

Hello @Invisible man

When you logged a case with Technical Support did you receive an incident number? 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Additional resource:

Read before you create a new topic!

I contacted tech support three days ago and sent them the, ransomware sample . I have not received anything from them until now 🙂 !! .

Hello @Invisible man

When you logged a case with Technical Support did you receive an incident number? 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Additional resource:

Read before you create a new topic!

Yes, I received the incident number on the e-mail after contacting technical support directly, and so far I have not received anything. Also, I contacted them through live chat and they told me that a response would be made within 24 hours, and I did not receive any responses from them. Also, after chatting with them through live chat, I received an incident number .

Userlevel 7
Badge +9

@Invisible man

Ok, so now you have two INC#s for the same issue. 

Presumably, when you had the Live chat, you gave them the original INC#? 

They will respond, it may take up to 5 days. 

Also, in each INC, if there’s a statement similar to “If you have no further questions and the issue is in fact resolved, then you can simply ignore this message, and we will close this request for you within 5 days”, if they don’t hear from you, they will close & or resolve the INC; even if you’re the one actually waiting for a reply

Thank you:pray_tone3:

Flood:whale: +:whale2:

Userlevel 7
Badge +3

Yesterday i had simillar problem kaspersky detected threats but when i click on advanced disinfection (restart PC etc) and i see in folder that kaspersky cant deleted these 7 threats kaspersky says deleted but not really.... It is not 1st april dear kaspersky! Iran scan with MBAM and succesfully deleted them. 

@Invisible man

Ok, so now you have two INC#s for the same issue. 

Presumably, when you had the Live chat, you gave them the original INC#? 

They will respond, it may take up to 5 days. 

Also, in each INC, if there’s a statement similar to “If you have no further questions and the issue is in fact resolved, then you can simply ignore this message, and we will close this request for you within 5 days”, if they don’t hear from you, they will close & or resolve the INC; even if you’re the one actually waiting for a reply

Thank you:pray_tone3:

Flood:whale: +:whale2:

Of course, when I reached out to them through the live chat, I gave them the incident number of the main issue And I told them in the live chat that I contacted them via e-mail and did not receive a response, and indeed through live chat they told me that they had successfully received the request the first time and that they would reply to me within 24 hours,
So far, I have not received anything via e-mail .

Reply