Anti-virus software removes registry entries

0

On Windows7 x64 with installed Kaspersky anti-virus program, kaspersky removes the explorer-context-menu installation of "imageconv" (software imageconv)

If i stop Kaspersky, i can install and use imageconv. If Kaspersky starts, kaspersky delete my registry-entries.

The exe-program is standalone,

  • installed in the registry only.
  • exe-location is hardcoded into registry
  • uninstalled by the removal of the registry-entries only

question: How to stop Kaspersky delete those registry-entries?

Peter Rader

Posted 2013-08-14T08:46:07.003

Reputation: 125

Answers

1

  1. Goto Kaspersky log, check what threat type it identify.
  2. Then goto kaspersky settings, exclusion, threat type, type the threat name and see if it works.

if it doesn't work, fire a support ticket to Kaspersky.

user218473

Posted 2013-08-14T08:46:07.003

Reputation:

0

It sounds like an issue with Kaspersky and the way they built it. There a few things you can do. First contact Kaspersky and tell them that the AV is deleting files that aren't malicious. Secondly you can go to the place in the registry where the entry is stored. Export it. It will output a file with .reg at the end. After you run Kaspersky just use that file. Or you can create a batch file or a CMD file that you can set to run in the background and have it add the file to the registry every time Kaspersky stops. Of course you would need to add the CMD to the startup for this to work so it will always be running and checking for the Kaspersky process.

Ben P. Dorsi-Todaro

Posted 2013-08-14T08:46:07.003

Reputation: 81

If i run the command, the import is successfull but Kaspersky delete it immediately. – Peter Rader – 2013-08-14T09:01:42.240

@PeterRader Unfortantly it sounds like it is a false positive with Kaspersky. There really isn't much you can do with closed source programs other then dealing with such issues. All malware detection tools will pickup a false positive at some point in time. McFee one one time detected explorer.exe as threat, and tried to get people to remove it. – Ben P. Dorsi-Todaro – 2013-08-14T09:12:45.230

Asked: 2013-08-14T08:46:07.003

Viewed: 143 times

Active: 2013-08-14T10:39:16.937