Limitations and warnings
October 3, 2023
Kaspersky application has a number of non-critical operational limitations.
Limitations on the operation of certain components and automatic processing of files
Infected files and malicious links are processed automatically according to rules created by Kaspersky specialists. You cannot modify these rules manually. Rules can be updated following an update of databases and application modules. The rules for Firewall, Webcam Protection, Application Manager, and Intrusion Prevention are also updated automatically.
If a device scan is started from My Kaspersky, files will be processed automatically based on the rules specified in the application. Files detected on a device can be processed automatically by request from My Kaspersky without your confirmation.
Specifics of processing files in interactive protection mode
If the infected file is part of an application from the Windows Store, Kaspersky application working in interactive protection mode displays a notification prompting you to delete the file. The Disinfect action is not available.
Limitations on connection to Kaspersky Security Network
During its operation, the application may query Kaspersky Security Network for information. If data from Kaspersky Security Network could not be retrieved, the application makes decisions based on local anti-virus databases.
Limitations of System Watcher functionality
Protection against cryptors (malware that encrypts user files) has the following limitations:
- The Temp system folder is used to support this functionality. If the system drive with the Temp folder has insufficient disk space to create temporary files, protection against cryptors is not provided. In this case, the application does not display a notification that files are not backed up (protection is not provided).
- Temporary files are deleted automatically when you close Kaspersky application or disable the System Watcher component.
- In case of an emergency termination of Kaspersky application, temporary files are not deleted automatically. To delete temporary files, clear the Temp folder manually. To do so, open the Run window and in the Open field type
%TEMP%. Click OK.
- Protection against encryptors is provided only for files that are located on data drives that have been formatted with the NTFS file system.
- The number of files that can be restored cannot exceed 50 per one encryption process.
- The total volume of modifications to files cannot exceed 100 MB. Files with modifications that exceed this limit cannot be restored.
- File modifications initiated via network interface are not monitored.
- Files encrypted with EFS are not supported.
- You must restart the computer to enable protection against encryptors after Kaspersky application is installed.
Encrypted connections scan limitations
Due to technical limitations of the implementation of scanning algorithms, scanning of encrypted connections does not support certain extensions of the TLS 1.0 protocol and later versions (particularly NPN and ALPN). Connections via these protocols may be limited. Browsers with SPDY protocol support use the HTTP over TLS protocol instead of SPDY even if the server to which the connection is established supports SPDY. This does not affect the level of connection security. If the server supports only the SPDY protocol and it is impossible to establish the connection via the HTTPS protocol, the application does not monitor the connection established.
The application does not process traffic transmitted via extensions of the HTTP/2 protocol.
Kaspersky prevents data exchange over the QUIC protocol. Browsers use a standard transport protocol (TLS or SSL) regardless of whether or not support for the QUIC protocol is enabled in the browser.
Kaspersky monitors only those encrypted connections that it is able to decrypt. The application does not monitor connections added to the list of exclusions (Websites link in the Network settings window).
The following components perform decryption and scanning of encrypted traffic by default:
- Safe Browsing;
- Safe Money;
- URL Advisor.
Kaspersky application decrypts encrypted traffic while the user is using the Google Chrome browser if the Kaspersky Protection extension is disabled in this browser.
Kaspersky application does not monitor traffic if the browser loads a web page or its elements from a local cache instead of from the Internet.
Limitations on scanning The Bat client encrypted connections
Since The Bat mail client uses its own certificate store, Kaspersky application identifies the certificate used to establish an HTTPS connection between this client and the server as untrusted. To prevent this from happening, configure The Bat mail client to work with the local Windows Certificate Store.
Limitations on encrypted connections scan exclusions
When scanning encrypted connections with websites that have been added to exclusions, certain components such as Anti-Banner, URL Advisor and Private Browsing may continue to scan encrypted connections. The Safe Money and Safe Browsing components do not scan websites that have been added to exclusions.
Backup and Restore limitations
The following limitations apply to Backup and Restore:
- Online storage of backup copies becomes unavailable when the hard drive or computer is replaced. Visit the Kaspersky Support website for information on how to restore the connection to Online storage after replacing your hardware.
- Editing of service files of the backup storage can result in loss of access to the backup storage and inability to restore your data.
- Since the application backs up through the system shadow copy service, the offline Outlook data file (.ost) is not included in the backup set because it is not designed to be backed up.
Limitations of Secret Vault functionality
When a secret vault is created in the FAT32 file system, the size of the secret vault file on the drive must not exceed 4 GB.
Specifics of kernel memory scanning for rootkits in Protected Browser mode
When an untrusted module is detected in Protected Browser mode, a new browser tab opens with a notification about malware detection. If this happens, you are recommended to exit the browser and run a Full Scan of the computer.
Specifics of clipboard data protection
Kaspersky application allows an application to access clipboard in the following cases:
- An application with the active window attempts to place data in clipboard. The active window is the window that you are currently using.
- A trusted process of an application attempts to place data in clipboard.
- A trusted process of an application or a process with the active window attempts to receive data from clipboard.
- An application process that previously placed data in clipboard attempts to receive this data from clipboard.
Specifics of infected file processing by application components
By default, the application can delete infected files that cannot be disinfected. Removal by default can be performed during file processing by such components as Intrusion Prevention, Mail Anti-Virus, File Anti-Virus, during scan tasks, and also when System Watcher detects malicious activity of applications.
Limitations applicable to certain components in case of application installation together with Kaspersky Fraud Prevention for Endpoints
Operation of the following Kaspersky application components is limited in Protected Browser if the application is installed together with Kaspersky Fraud Prevention for Endpoints:
- Safe Browsing, except Anti-Phishing;
- URL Advisor;
Specifics of the autorun process operation
The autorun process logs the results of its operation. Data is logged in text files named “kl-autorun-<date><time>.log”. To view data, open the Run window and in the Open field type %TEMP% and click OK.
All trace files are saved at the path to setup files that were downloaded during operation of the autorun process. Data is stored for the duration of operation of the autorun process and deleted permanently when this process is terminated. Data is not sent anywhere.
Kaspersky application limitations under Microsoft Windows 10 RS4 with the Device Guard mode enabled
Operation of the following functionality is partly limited:
- Clipboard protection
- Browser protection from keyboard and mouse input emulators (input spoofing)
- Protection from remote management applications
- Browser protection (management through API, protection from attacks that use dangerous messages to browser windows, protection from message queue management)
- Heuristic Analysis (emulation of the startup of malicious applications)
If UMCI mode is enabled in Windows, Kaspersky application does not detect screen lockers.
About logging of events in the Windows event log that are related to the End User License Agreement and Kaspersky Security Network
Events involving accepting and declining the terms of the End User License Agreement, and also accepting and declining participation in Kaspersky Security Network, are recorded in the Windows event log.
Limitations on local address reputation checks in Kaspersky Security Network
Links to local resources are not scanned in Kaspersky Security Network.
Warning about applications that collect information
If an application that collects information and sends it to be processed is installed on your computer, Kaspersky application may classify this application as malware. To avoid this, you can exclude the application from scanning by configuring Kaspersky application as described in this document.
Warning about the creation of an application installation report
An installation report file is created when the application is installed to a computer. If application installation completed with an error, an installation report file is saved and you can send it to Customer Service. You can view the contents of the installation report file by clicking the link in the application window. If the application is successfully installed, the installation report file is immediately deleted from your computer.
Limitations to webcam control in the Microsoft Windows 10 Anniversary Update (RedStone 1) operating system
After installing the application in the Microsoft Windows 10 Anniversary Update (RedStone 1) operating system, control of webcam access is not guaranteed until the computer is restarted.
Limitation on online backup and restoring data from backup copies
You cannot simultaneously run a Kaspersky backup task and Kaspersky Restore Utility data recovery tasks on the same computer.
Firewall does not control local connections that are installed by controlled applications.
Limitations of the Intrusion Prevention component
If VeraCrypt is installed on your computer, Kaspersky application may terminate when working with the Intrusion Prevention component. To resolve this issue, upgrade VeraCrypt to version 1.19 or later.
Limitations when the application is started for the first time after upgrading from Microsoft Windows 7 to Microsoft Windows 10
If you have upgraded Microsoft Windows 7 to Microsoft Windows 8 / 8.1 or Microsoft Windows 10 / RS1 / RS2 / RS3, Kaspersky application operates with the following limitations when started for the first time:
- Only File Anti-Virus (real-time protection) is running. Other application components are not running.
- Self-Defense of files and the system registry is running. Self-Defense of processes is not running.
- The application interface is not available until you restart the computer. The application displays a notification stating that some application components are not running and that the computer must be restarted after completion of adaptation to the new operating system.
- Only the Exit option is available in the context menu of the application icon in the notification area.
- The application does not display notifications, and automatically chooses the recommended action.
Warning about error adapting application drivers when upgrading the operating system from Windows 7 to Windows 10
Upgrading Windows 7 to Windows 10 may result in an error adapting the drivers of Kaspersky application. Drivers are adapted in the background, which means that you do not receive notifications about its progress.
If there is an error adapting the drivers, you will not be able to use the following features of the application:
- Threat detection while the operating system is loading
- Protection of application processes by using the Protected Process Light (PPL) technology of Microsoft Corporation
You can use the following methods to fix the error:
- Restart the computer and restart application adaptation from the notification in the Notification Center.
- Uninstall the application and re-install it.
Smart Home Monitor functionality usage limitations
Changing the settings of an Ethernet network in the system registry may cause the Smart Home Monitor component to show the Ethernet network in the list of detected Wi-Fi networks and display the devices connected to this network.
Limitations on scanning traffic sent over HTTPS in the Mozilla Firefox browser
In Mozilla Firefox 58.x and later versions, the application does not scan traffic transmitted over the HTTPS protocol if browser settings modification is protected by a Primary password. When a Primary password is detected in the browser, the application shows a notification containing a link to an article in the Knowledge Base. The article contains instructions on resolving this problem.
If HTTPS traffic is not monitored, the operation of the following components is limited:
- Safe Browsing;
- Parental Control;
- Privacy Protection;
- Secure Data Input;
- Safe Money.
Limitations of the Kaspersky Protection extension in Google Chrome and Mozilla Firefox
The Kaspersky Protection extension does not operate in Google Chrome and Mozilla Firefox if there is Malwarebytes for Windows installed on your computer.
Special considerations when installing the application in Microsoft Windows 7 Service Pack 0 and Service Pack 1
When installing the application in an operating system that does not support certificates with an SHA256 digital signature, the application installs its own trusted certificate.
About automatic testing of functionality of Kaspersky applications
Kaspersky Lab applications including Kaspersky application, have a special API (application programming interface) for automatic testing of application functionality. This API is intended to be used only by Kaspersky developers.
Secure Keyboard Input limitations when running multiple terminal sessions
Secure Keyboard Input is not available when multiple concurrent terminal sessions are running.