Limitations and warnings

Kaspersky Anti-Ransomware Tool for Business has the following known limitations:

• The application does not check the SMTP server certificate when sending reports to the administrator.
• If you use a proxy server to connect to the Internet, the SMTP server must be in the local area network to send reports to the administrator.
• In some cases, the application does not delete files that were created by malware.
• The application does not delete or restore files used by another process.
• The application does not protect or restore files located on storage devices that have a file system other than NTFS.
• The application does not restore registry keys created by malware.
• The application does not support EFS-encrypted files.
• When processes or process flows affected by malware are terminated, the operating system might become unstable.
• The application rolls back all file modifications that were made during analysis of a process.
• In some cases, empty folders may remain after the application has been uninstalled.
• In rare cases, the application interface may become unstable if the application is used in multiple user sessions. This problem does not affect the protection level.
• Reports include information on detected objects only. If an object could not be scanned, this information is not included in a report.
• The application settings are not automatically transferred when updating from the beta1 and beta2 versions.
• For the Trusted machines feature to work, the Audit logon events function must be enabled in Windows.
• The application does not detect activity in the shared folders of legitimate software that could be used to damage the user's data or adware activity.
• The application may not determine the exact IP address or name of the remote machine that initiates malicious activity in the shared folders. However, the session of the attacking machine is blocked for a period specified in the settings.
• The application controls file changes initiated through the loopback interface (when performed network access to the shared resource of the local file system from the same workstation where the shared resource is located) for requests through the SMB protocol only.
• The application does not control file changes initiated by processes running at the operating system kernel level.
• As part of the rollback procedure, files can be downloaded from a cloud storage to the folder specified in the cloud storage settings.
• In the interval after installing the application and before restarting the computer, there is a restriction on file rollback. Their number is limited to 10.
• Malware scan feature does not scan symbolic links, locked files and archives content.
• After upgrading from Microsoft Windows 7 to Microsoft Windows 10, you need to reinstall the product to fully support Microsoft Windows 10 21H1 and higher.
• Kaspersky Anti-Ransomware Tool for Business doesn't detect the EICAR test file.