Kaspersky [KTS19(d)] detecting Brave Installer as malware: PDM:Trojan.Win32.Generic

Browser Support Desktop Support
1

Brave version 0.58.16 Chromium: 71.0.3578.98 (Official Build) (64-bit)
Win 10x64, 1809
Kaspersky Total Security 1809.0.0.1088(d)

Kaspersky Total Security detecting Brave Installer as malware: PDM:Trojan.Win32.Generic, this is despite the fact that Kaspersky Application Advisor passes the installer as ok & KTS19 automatically accepts the application into the highest trust group: Trusted group Brave Installer Application

Uninstall & reinstall Brave
Reboot.
Exit KTS19

Note - Brave appears to be running ok despite the detection.

Log:
21.12.2018 08.29.08 Removed malware PDM:Trojan.Win32.Generic Application name: C:\Windows\Temp\CR_3FB59.tmp\setup.exe Application path: c:\windows\temp\cr_3fb59.tmp\setup.exe Time: 12/21/2018 8:29 AM
21.12.2018 08.29.08 Removed malware PDM:Trojan.Win32.Generic Application name: C:\Windows\Temp\CR_3FB59.tmp\setup.exe Application path: c:\windows\temp\cr_3fb59.tmp\setup.exe Time: 12/21/2018 8:29 AM
21.12.2018 08.28.58 Terminated malware PDM:Trojan.Win32.Generic Application name: Brave Installer Application path: C:\Windows\Temp\CR_3FB59.tmp\setup.exe Time: 12/21/2018 8:28 AM
21.12.2018 08.28.58 Terminated malware PDM:Trojan.Win32.Generic Application name: Brave Installer Application path: C:\Windows\Temp\CR_3FB59.tmp\setup.exe Time: 12/21/2018 8:28 AM
21.12.2018 08.28.58 Detected malware PDM:Trojan.Win32.Generic Application name: Brave Installer Application path: c:\windows\temp\cr_3fb59.tmp\setup.exe Time: 12/21/2018 8:28 AM
21.12.2018 08.28.58 Detected malware PDM:Trojan.Win32.Generic Application name: Brave Installer Application path: c:\windows\temp\cr_3fb59.tmp\setup.exe Time: 12/21/2018 8:28 AM
21.12.2018 08.27.09 Application added to the Low Restricted group Brave Installer Application: Brave Installer Reason: default Application path: C:\Windows\Temp\CR_3FB59.tmp\setup.exe Time: 12/21/2018 8:27 AM
21.12.2018 08.27.07 Application added to the Trusted group Brave Installer Application: Brave Installer Reason: analysis of digital signature Application path: C:\Program Files (x86)\BraveSoftware\Update\Install{D8A1FE4B-4681-426A-86D4-4FBE8496D42F}\brave_installer-x64.exe Time: 12/21/2018 8:27 AM
21.12.2018 08.00.55 Update of databases and application modules Completed. Average download speed:: 7.35 KB/s Status:: Completed. Downloaded and updated:: 9.42 KB Total duration: 2 minutes 23 seconds Time: 12/21/2018 8:00 AM
21.12.2018 05.57.40 Update of databases and application modules Completed. Average download speed:: 63.34 KB/s Status:: Completed. Downloaded and updated:: 1.86 MB Total duration: 10 minutes 7 seconds Time: 12/21/2018 5:57 AM
21.12.2018 05.15.32 Vulnerability Scan No threats detected Detected: 0 Deleted: 0 Not disinfected: 0 Release date of databases used for scan: 12/20/2018 11:56 PM Total duration: 4 minutes 25 seconds Completion time: 12/21/2018 5:19 AM
21.12.2018 03.54.12 PC Cleaner has finished a scheduled analysis of objects Time: 12/21/2018 3:54 AM
21.12.2018 03.53.32 Search for application updates Search completed, no available updates Important updates available: 0 Recommended updates available: 0 Started: Automatically Status: Completed Time: 12/21/2018 3:53 AM
21.12.2018 03.46.38 Update of databases and application modules Completed. Average download speed:: 18.54 KB/s Status:: Completed. Downloaded and updated:: 536.57 KB Total duration: 9 minutes 5 seconds Time: 12/21/2018 3:46 AM
21.12.2018 03.26.38 Application is not allowed to access webcam Google Chrome Application: Google Chrome Application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Time: 12/21/2018 3:26 AM
21.12.2018 03.22.34 Task started System Watcher Time: 12/21/2018 3:22 AM
21.12.2018 03.22.34 Task started Web Anti-Virus Time: 12/21/2018 3:22 AM
21.12.2018 03.22.34 Task started Mail Anti-Virus Time: 12/21/2018 3:22 AM
21.12.2018 03.22.34 Task started Network Attack Blocker Time: 12/21/2018 3:22 AM
21.12.2018 03.22.34 Task started IM Anti-Virus Time: 12/21/2018 3:22 AM
21.12.2018 03.22.34 Task started Anti-Banner Time: 12/21/2018 3:22 AM
21.12.2018 03.22.34 Task started Anti-Spam Time: 12/21/2018 3:22 AM
21.12.2018 03.22.31 Task started File Anti-Virus Time: 12/21/2018 3:22 AM
21.12.2018 03.22.31 Task started Firewall Time: 12/21/2018 3:22 AM
21.12.2018 03.22.31 Task started Application Control Time: 12/21/2018 3:22 AM
20.12.2018 20.46.39 Task stopped System Watcher Time: 12/20/2018 8:46 PM

Note 1, even tho the log advises: “Removed malware PDM:Trojan.Win32.Generic” at this moment I’ve not manually initiated the removal…
Note 2, tried to upload/attach log (type .txt) seems not to be possible as it’s not a image file.
Does anyone know & or has experienced the same detection please?
Does anyone know if the installer has, as a component, any malaware?

Thanks in advance.

2

Quite the uptick in these reports lately :thinking:
If you downloaded from our official website (or github), it’s just a false positive.
Just answered this for another user, see here for more info:

3

Hi Mattches, thanks for responding, I was toying with logging a support req with K but, habitually: 1. their response is painfully slow, 2. their 1st base response is: “not a Kaspersky problem”, 3. K customers are required to submit DNA “proof” before K will put their hand up that there “may” be an issue on their side…
*What is confusing is, Kaspersky trusting the product & at the same time, Kaspersky detecting a component of the product.

Can you please advise, (as I cannot find: CR_3FB59.tmp\setup.exe, and a manual action has not been done) what component of the installer is causing the false positive?

4

We believe it’s the stub installer itself. We’ve seen reports of Brave getting flagged by Kaspersky:

  • After downloading and running the installer.
  • Immediately after downloading the installer.

Did you attempt the workarond @MediaBird bird mentions in my previous reply? :point_up:

5

Hi Mattches, thanks, I’ll log it, K need to action, they’re not overly FF/Moz friendly, probably 'cause FF/Moz are so “independent”:slightly_smiling_face:

Thanks for your help.

One last question, for the forum, is it only image files that can be uploaded?

6

Re [Did you attempt the workarond @MediaBird bird mentions in my previous reply?] whitelisting, no because Kaspersky need to sync their Total Security product with their K app advisor advice.
I’ve logged with K to facilitate this…

7

Also, Brave (complete package) downloaded/installed & was given full trust automatically by KTS19 without any issues.

Post the installation, KTS19 starts spitting chips, it’s a Kaspersky issue, whitlisting is not the solution, Kaspersky synchronizing their security software with their application advisor is.

8

Hi, there’s the more cumbersome official version that you can do that with:
https://support.kaspersky.com/11444

It’s a little more demanding than my instructions.
Write if it worked :slight_smile:

(Edit: I have to admit, I couldn’t see through the previous posts. Sorry, if it doesn’t work, because you are using the Buisness Version or the Cloud…? :hushed:)

1 Like
9

Hello MediaBird,
Thanks for responding.
The application (Brave) IS trusted.
The issue is Kaspersky Anti-Virus & Kaspersky Application Advisor - 2 entirely separate entities, are not in sync.
Creating an “exclusion” just “hides” the issue (specific to 1 user, i.e. me) and does not help others.
If/when Kaspersky fix this it will assist all users who use Brave & Kaspersky Total Security.
Kaspersky are notoriously slow with fixes, nevertheless, I’ve logged a case with them to attend to the issue.

  • List item

I’m not sure what you mean by: “…because you are using the Business Version or the Cloud…?” Are you referring to the Kaspersky product I’m using or Brave?

Kaspersky Total Security 1809(d)
Brave version 0.58.16 Chromium: 71.0.3578.98 (Official Build) (64-bit)

1 Like
10

Hi, there was once a user who wanted to install Brave on a computer at work. A Kaspersky business solution was running on the PC and he couldn’t whitelist it himself. So he couldn’t install Brave. I had only considered that you might have the same “problem”.

PS: I also just sent a ticket to Kaspersky. :slight_smile:

1 Like
11

Hi MediaBird - Re “logged a case” Great!
I made sure I let Kaspersky know Mattches advice “This is a known issue with Kaspersky. We’ve been in communication with them… etc”.
The more cases logged the more likely they are to do something about it.
And, if everyone who logs a case refers to the “advice” Kaspersky won’t be so inclined to fob off each individual with “it’s a problem specific to 1 (you/me/the drovers dog)user…”
Been down that road many times, until, at the point where you’re tearing your hair out they advise “Ooops, there’s a bug” we’ve raised a BR #… " and eventually a fix roles out…
I’m glad I came searching in the Brave Forum.

1 Like
12

What a great discussion!
Going to chime back in here and say that if you have a Twitter account, hitting them up there (and encouraging other to do so) may also be useful :slight_smile:

13

Kaspersky Internet Security blocks and erases Brave browser! :frowning:
I have made many atempts to install new Brave update (chromium based) and kaspersky blocks the install of Brave. If I pause Kasperky protection I can install Brave… but when I turn on Kaspersky protection again… Brave is erased by Kasperky. So I will keep use Brave: the old version (not chromium based) because it is still installed on my desktop Pc.
I would like tou install the new Brave update (chromium based) and even use it like default browser but my Kaspersky «says» it´s impossible. Can you help me?

14

I have sent a message to https://twitter.com/kl_support asking help about that: Kaspersky Internet Security blocks and erases Brave browser!

1 Like
15

Hi Mattches,

Thanks for your previous "great discussion" comments, made me :blush:.

I’ve just had a response from K, as I suspected, it’s their stock standard: " We have been trying to replicate the issue to experience the issue first hand but unfortunately have not been able. Please provide dna, proof you are human, traces blah, blah, etc… "

As this is happening to multiple users is there a [Brave PM] where we can share our Kaspersky INC#’s (INC# being the reference used for each Kaspersky case logged), to feedback to Kaspersky?

And, is it possible please to have the https://twitter.com/kl_support link, I’d like to keep track of Kaspersky’s consistency… :smirk_cat:

16

Hello paulonuvem,
Just to add to Mattches update, may I ask what version of Kaspersky you’re using?

17

Kaspersky Internet Security 19.0.0.1088 (d)

Any case, I found a way to keep new Brave (chromium based) working:
I went to manage apps rules of KIS allowing Brave and to settings of KIS changing to «Revert» if KIS blocked and erase an allowed aplication…

18

https://twitter.com/kl_support have answered me: «Good day! For sure! it is not common behavior of our application. Is it possible to send a screen-shot or photo with the error message from Kaspersky side?»

And I have said them: «Any case, I found a way to keep new Brave (chromium based) working:
I went to manage apps rules of KIS allowing Brave and to settings of KIS changing to «Revert» if KIS blocked and erase an allowed aplication… But it was «hard» work…»

19

Thanks to everyone tweeting/submitting support tickets to Kaspersky on our behalf. Appreciate the help!

Working hard to get this resolved asap and truly apologize for the inconvenience. Thank you all for being patient.

20

Hi, to add my mustard:
I once had trouble with Kaspersky’s VPN (called “Secure Connection”). I then sent the problems to support (even several times). Again and again I should reproduce something, it was not recognized then etc…

In short: They seem to take quite bad care of such requests, like the ones we sent here. Hopefully they will “react” to the whitelist request…