Kaspersky
Question

Suspicious Action Blocked/Allow Events, "Use browser command line" with Internet Control Panel.

  • 22 May 2019
  • 5 replies
  • 2163 views

I noticed recently I started getting lots of kaspersky. notifications on my windows 10 task bar, lots of Suspicious Action Blocked/Allow logs. Most were either Suspicious Behaviour Blocked Win Explorer "duplicate internal process handle" or Suspicious Behaviour Allowed Internet Explorer "use browser command line". Is it ok that the Win Explorer actions are being allowed? I've done scans with Kaspersky, Malwarebytes and hitmanpro and no threats are found, Thanks!

Update: After looking at my 30 day log, I noticed the same events have been happening for at least 30 days., so i'm not sure why I've just started recently seeing notifications. It also seems like it might be related to safe money but i'm not sure.

5 replies

Userlevel 7
Badge +11
Hello Agentgraves84,
Welcome!
You're correct, these events are normal when SafeMoney/Protected browser is active.

Re: "Suspicious Behaviour Blocked Win Explorer""duplicate internal process handle"

When Protected Browser/ Safe Money is in use, Kaspersky reports many NORMAL processes as their functions or some of their functions are categorised differently according to the environment in use, this is the Kaspersky software working correctly.

However, having said that, I'm not familiar with:

"Suspicious Behaviour Allowed Internet Explorer "use browser command line".

Is Internet Explorer your Windows default browser?
Operating system name/version?

Please let us know?
Thanks!
Thanks for the welcome 🙂 I suspected the blocked Windows Explorer action was connected to safe money as I noticed those events when I launched it.

I actually made a mistake with the Suspicious action that is being allowed. It's actually "Use browser command line" with Internet Control Panel as the application. Application path being windows/system32/inetcpl.cpl. Any thoughts as to what that might be? I have both Edge and IE explorer installed.

I normally wouldn't think twice about it but I got a windows notification while I was surfing the other day (nothing shady or illegal) saying my firewall was disabled. I immediately thought a virus or something somehow slipped through so I quickly disconnected and re-booted. Everything booted up fine with my firewall enabled again. I have done several scans with various software but no threats are found. Thanks again!

Using Windows 10 Home 64
Version 1809
Userlevel 7
Badge +11
Hello Agentgraves84,
Thank for posting back!
Re: Winodws Firewall alert:
The "emergency" quick thinking actions you took are exactly what's required.
Re:
"Use browser command line, Internet Control Panel. windows/system32/inetcpl.cpl"
Internet Options inetcpl.cpl
Opens the classic Internet Options window.
Manage Internet settings that Internet Explorer and other browsers may use.

Can you check, how often this specific event is reported?
Is Safe Browser/Protected browser running when this event occurs?
Please check:
**start Internet Explorer - normal browser
a) change several Internet Explorer settings
check Kaspersky application Reports - any events?
**start Protect Browser
b) change several Internet Explorer settings
check Kaspersky application Reports - any events?
Also, if it's not too much trouble, may we have a GSI https://support.kaspersky.com/common/diagnostics/3632#block7 please?
Thanks!
Thanks for the suggestions, I really appreciate it. I thought I would try resetting kasperky settings back to default in case something somehow got changed and so far I haven't seen any of those suspicions event allowed logs. Fingers crossed that fixed it. If I see it happen again, I will certainly post back with my sys info.

I did notice something else today however. I booted up my pc and sat down about 30 min later and saw there were 2 windows notifications that my firewall and antivirus were turned off again. When I checked my event logs, it showed the protection applications did not start up until 10min or so from start up. I double checked and start Kaspersky on Startup is definitely checked. I have rebooted several times and everything is starting normally. All scans are still showing no threats. I have read Windows defender can sometimes cause problems, I have had a few windows updates that last couple of days so i'm not sure if there's a windows conflict somewhere. Any thoughts as to what I might try?
Userlevel 7
Badge +11
Hello Agentgraves84,
Thanks for posting back!
May we have a GSI please?
When the GSI is starting please select/include "Windows Logs".
Please upload GSI to any cloud storage you use and post back the link for us.
Many thanks!

Reply