Anyone get Kaspersky to work?

Started by PeterR, October 17, 2023, 03:14:30 AM

Previous topic - Next topic

PeterR

Anyone have IMatch working with Kaspersky?  What settings or exclusions do you use?

I have used Kaspersky with IMatch for years, but recently upgraded to Kaspersky Plus (their newest version).  Now I am getting an error "Problem running Exiftool" when IMatch starts.  I'm not sure it happened after the Kaspersky upgrade, but somewhere close to then.

I have tried disabling Kaspersky protection, but that does not help.  Theoretically, if Kaspersky is disabled, then it can't be the cause of the problem.  (I didn't uninstall Kaspersky yet, since that's a big effort.)  I added the IMatch and Exiftool to Kaspersky's cryptic exceptions, but that didn't help.

I know that other posts said to use Windows Defender, but Kaspersky has some additional features I would like to keep.

Someone somewhere must be using IMatch and Kaspersky.  How did you do it?

mopperle

So you simply do not know what Kapersky really does? You put files/folders to an exception list and it still does not work? Maybe Kapersky deleted some essential files without warning you. All very suspicious and a reason to get rid of this shit.
Working in the software security business for the last 35 years, I can assure you, all those ,,great additional features" included in those products are just useless and sometimes dangerous bloatware.

Mario

Quote"Problem running Exiftool"
That means that your AV software most likely blocked IMatch from starting ExifTool or the AV has terminated ExifTool.

What does Kaspersky support say?

Did you make an "exclusion/exception" for the IMatch executable "C:\Program Files\photools.com\imatch6\IMatch2023x64.exe" and "C:\Program Files\photools.com\imatch6\exiftool.exe"?

Since the free Windows Defender became so good, AV vendors have a hard time justifying their annual fees. And some come up with all kinds of mumbo-jumbo that just gets in the way, or they produce too many false alarms.
And blocking or terminating a software without telling the user and providing details is a really bad thing to do.

I can do nothing about this. IMatch and ExifTool are signed with my personal digital certificate. IMatch gets a 100% clean from Google's VirusTotal. ExifTool is a software installed on millions of computers.

Why Kaspsersky causes problems on your computer, only their support can tell.

PeterR

After a while, Kaspersky support was able to help.  You need to put in IMatch and Exiftool as both a FILE exclusion and a PROGRAM exclusion.  Then you need to reboot, even though Kaspersky doesn't warn you to reboot.  There are a lot of options on the exclusion screen, and Kaspersky support said to just check them all (not a problem since I trust IMatch fully).  It is odd that temporarily disabling Kaspersky did not allow IMatch & Exiftool to run, so I guess it is not a full disabling and so not a good indicator of whether Kaspersky was the problem.  But now it is working and IMatch, Exiftool, Kaspersky, and I am happy.

Mario

Very good. Did Kaspersky not display a message, informing you that it blocked IMatch / ExifTool?

I mean, when their protection kicks in at the wrong moment, blocking IMatch while it is writing data to the database or ExifTool when it is writing to a file, bad things might happen.
A virus checker should always inform the user when it performs such drastic measures.
Maybe Kapsersky does not do it to not irritate or confuse the user? The same user which then has to figure out why a software is suddenly not working anymore.

It's a real pest with virus checkers these days.
Even when I sign every file with my digital certificate (which costs 100US$ per year!) and upload them Virus Total to run all checks, some AV vendors don't get the message and cause all kinds of trouble.

I had some fun time with Norton AV (Symantec) when IMatch 2023 came out.
Some users could not install IMatch 2023. Windows installer always complained that it cannot delete / replace a PNG image (!) in the IMatch resources folder. We finally figured out that they all had Norton AV installed.  Disabling their "online protection" allowed IMatch to install. Re-enabling the online protection afterwards caused no problems anymore.

So I've tried to contact Norton. I wanted to send them a copy of IMatch so they can analyze it and fix the problem on their end.
After looking for a while, I've found a web form where I could report a false positive.
They offer three ways to submit a sample:

1. Upload the file
2. Provide a download link
3. Provide a SHA256 checksum.

I tried 1. first. After a while an error message came up, telling me that the maximum size for the upload is 90MB. But the IMatch installer has 350 MB.

Now I tried option 2. Providing a link to a trial version of IMatch on my web site.
After a while, an error message came up, telling me that the maximum size is 90 MB.

Now I tried option 3. Created a SHA256 checksum of the IMatch installer and sent the form.
An error was returned. They only accept checksums for files already uploaded to Virus Total. Duh!

So I've uploaded the IMatch trial to Virus Total (again). Waited until the testing procedure was complete (100% clean from 60 virus engines!).

Now I've uploaded the checksum again to Norton.
After a while an error message showed up, telling me that they only support files up to 90MB in size.

And that's just one vendor of over 60 anti virus vendors.
There is no common "portal" for developers or a way to submit false positive reports (or samples) to all AV vendors. I would have to contact all 60 (or at least the 15 or 20 most frequently used) vendors every time I ship an IMatch update.

I'm sure they have hard-coded "trusted" exceptions for major companies like Microsoft or Adobe in their products (via the digital certificate). But they have none for small vendors like me, causing hassle for my users and me...

mopperle

QuoteBut they have none for small vendors like me, causing hassle for my users and me...
Not only small vendors have such problems. I worked for a software company with 14.000 employees and 4 billion USD annual revenue and we had similar problems with various AV software vendors beside such nice things like the Apple Appstore.  ::)

PeterR

Quote from: Mario on October 17, 2023, 06:47:22 PMVery good. Did Kaspersky not display a message, informing you that it blocked IMatch / ExifTool?

 I mean, when their protection kicks in at the wrong moment, blocking IMatch while it is writing data to the database or ExifTool when it is writing to a file, bad things might happen.
A virus checker should always inform the user when it performs such drastic measures.
Maybe Kapsersky does not do it to not irritate or confuse the user? The same user which then has to figure out why a software is suddenly not working anymore.
No, Kaspersky did not display an error message.  Nor could I find any log file showing what it had blocked. I agree that it should have displayed a message, or at least logged the action.  One reason that I use Kapersky is that it is a little more customizable than other AV products.  That makes it harder to use for less advanced users, but better for the more sophisticated ones.  However, this latest version is a little bit "simplified".  So, in this case, Kaspersky did not do what it should have.  Or maybe I don't know where to find their log in this version, it used to be accessible in past versions.

I think most people want their AV product to "just work" and never bother them or tell them anything, so the vendors are moving in that direction (except for all the nags you get to buy more add-ons from them, even from paid AV products).  Less logging and fewer notifications; the AV just takes whatever action it thinks is best.  And they would rather have a false-positive that makes a harmless program fail then a false-negative that will leave someone infected. 

Mario

I still think a AV software should tell a user when it actively terminated a program. So the user is informed and may learn that something is afoul.