Kaspersky Internet Security 6.0 MP2 (builds 6.0.2.614, 6.0.2.621)

Setting Anti-Hacker [10]

More Sections

Kaspersky Anti-Virus detects a network attack which might be a false positive. What should I do?
ID Article: 1160	Other languages: Will be translated:	78	2009 Oct 05 13:58	Printable version

	Useful links
	KLDump.exe: a utility for creation of network attack dump files

Applies to:

Kaspersky Internet Security 6.0 MP2 (versions 6.0.2.614-6.0.2.621 )

Kaspersky Anti-Virus 5.0 for Windows Workstations MP2 / MP3 / MP4

Kaspersky Anti-Virus 6.0 for Windows Workstations (versions 5.0.676 - 5.0.712)

If you suspect your Kaspersky Anti-Virus has detected a false network attack, create a full network attack log on this computer.

You can do it the following way:

1. Disable Intrusion Detection System (IDS) - Protection against network attacks or Anti-Hacker.

Enabled IDS will not allow writing the required full log in cas eof a false positive.

2. Enable network package logging via KLDump utility. Specify the network protocol which pops up in the network attack warning message. For example:

KLDump.exe -f net.log -p UDP

3. Reproduce the situation leading to the false positive. Network packages should now be written into the log file.

4. Send the log to newattack@kaspersky.com with subject "FALSE POSITIVE".