PE Version 5.3.1 and Kaspersky (new issue?)

Over the weekend I had to reload Windows XP on my desktop PC. As a result, I took the opportunity to download the PE Version 5.3.1 (all 60 MB of it).

My attempt to load the PE lasted a few seconds, with Kaspersky alterting me that it had quarantined bas805.exe (and bas805 falling in a heap as the file was whipped out from underneath it) with the following log entry:

The perceived problem was detected by heuristic analysis.

My 60MB download has been spirited away by Kaspersky Internet Security 2010. I guess I can find it again without another marathon download.

Kaspersky is up-to-date (It's just been reinstalled over the weekend, too).

I saw the other thread on Kaspersky wrt a working PE earlier in the month, prior to version 5.3.x being released. I had no trouble during that period: I think this is a separate issue.

Please advise my course of attack to get the PE 5.3.1 loaded (presuming that the latest bas805 is harmless).

Peter

Hi,

F Secure has a setting by which I can set it to ask what to do if a virus threat is found, rather than just binning the "infected" file. Does Kaspersky have a similar setting?
Assuming Kaspersky has quarantined BAS805, as opposed to binning it completely you should be able to find it and remove from quarantine and go on from there.

Piers

This sounds like another false positive from Kaspersky - Using heuristics can create false positives as an entirely innocent file can have some characteristics which may match with something considered less innocent.

As Piers says, if it's been quarantined you should be able to un-quarantine it and carry on from there.

It turned out that Kaspesky Internet Security was not going to allow the PE module to instal regardless of what options I turned off.

I logged a case with Kaspersky Technical Support. Within 24 hours, I received an Email from them recognising the problem and apologising for the inconvenience: the problem would be "fixed as soon as possible".

A few hours after that, I tried to instal PE vers. 5.3.1 again and it installed perfectly. Hopefully, the problem has been cured 'for good'.

As annoying as it was to be without my beloved PICAXE Programming Editor for a couple of days, I am quite impressed with the response from Kaspersky Technical Support. It was streets ahead of the half hearted, 29-day response I got on another issue from my previous virus checker vendor.

Peter

Thanks for the update.

I would guess Kaspersky updated their virus definition templates so the file is no longer detected as a false positive. It may be worthwhile asking them how you can install software you accept is safe when flagged as a false positive without having to wait at all.

All virus checkers can potentially flag false positives and it shouldn't be necessary to contact the vendor to get that bypassed and software installed. It's a question of who has control of your PC; you or them. The situation may arise again, with BAS805 or something else, and there's a major problem if a vendor won't accept the software is virus free and no way to install. All you can do is uninstall the anti-virus.

I have software which is legitimately classified as 'malware' because of what it does but it is not malware as such ( though it likely would be if delivered in someone else's software ) and I wouldn't be able to use that if anti-virus simply barred its use with no option to override it.