Problem: Kaspersky antivirus detected FBackup as infected and deleted the exe file. That is a false positive and we already contacted Kaspersky to fix that problem. In the meantime, we offer two solutions bellow.
Description: Example of Kaspersky log:
`Proactive Defense
-----------------
Events monitored: 4
Registry calls: 0
Blocked: 4
Start time: 4/15/2010 11:19:05 AM
Duration: 04:39:26
Detected
--------
Status Object
------ ------
Events
------
Time Name Events
---- ---- ------
4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader)
4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP "Quarantine" action is selected
4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Forced to terminate the process.
4/15/2010 3:55:22 PM C:DOCUMENTS AND SETTINGSADMINLOCAL SETTINGSTEMPIS-3LE0P.TMPFBSETUP.TMP Error moving to Quarantine.
4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Process is trying to inject into another process. This behavior is typical of some malicious programs (Invader)
4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE "Quarantine" action is selected
4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Forced to terminate the process.
4/15/2010 3:55:22 PM R:BACKUP4ALL4.X4.4_203BNORMALFBSETUP.EXE Error moving to Quarantine.
Registry
--------
Time Application Key name Value name Data Data type Operation type Status
---- ----------- -------- ---------- ---- --------- -------------- ------
Settings
--------
Parameter Value
--------- -----
Application Activity Analyzer on
Registry Guard off`
Solution:
In the Kaspersky report page, right click the suspicious file (FBackup.exe) and select "Add to trusted zone"
or
Open Kaspersky, click MySecurityZone - Applications (on the right).
Select All in the dropdown list and scroll down to the bottom.
Locate any applications related to FBackup and right-click them and click "change status" and select Trusted.
Run FBackup again.
Kaspersky antivirus detects FBackup as infected - False positive
-
- Posts: 1921
- Joined: Thu May 23, 2013 7:57 am
Do you know you can monitor your backups remotely with Backup4all Monitor? You can read more here: https://www.backup4all.com/backup4all-monitor.html