Kaspersky flagging EmbyServer.exe as PDM:Trojan.Win32.Gen

[BoomerGamer62 18]

13 hours ago, Luke said:

Did it wipe out the program data directory as well? 

if it only wiped system.xml, does it offer a way to get the original file back?

If not then just step through the wizard and I think you'll be fine. You'll need to review server settings, but there is not as much stored in system.xml as you might think.

I first tried restoring the system.xml file that I had (this is one of the files that Kaspersky quarrantined), but the setup wizard froze when I did that.  I removed the system.xml entirely and went through the wizard.  As you said, most everything was back. (Whew)

[api182 2]

1 hour ago, BoomerGamer62 said:

For those affected, you can do the following in Kaspersky:

1.  Add exceptions to the Exception list.  From the home screen, you can find it at:

Settings (little gear at the bottom left)--> Security settings --> Excusions and actions on object detection --> Manage exclusions.   

You want the add two exclusions for the following folders (The "xxx" below will vary depending on your windows user name):

C:\Users\xxx\AppData\Roaming\Emby-Server\programdata\

C:\Users\xxx\AppData\Roaming\Emby-Server\system\

Leave "Object" field and "FIle Hash" field blank.  Select "All components" for Protection Components

2.   To get the removed files back, from the home screeen go to Security --> Quarantine.  You should see a list of files that were deleted from the Emby-Server folder.  Check off all those files and press the "RESTORE" button.

3.  Reboot your system.

CAUTION:  By doing this, you are creating a vunerability where anything that would get put in these two folders would be exempt from scanning for viruses.  Im not thrilled with this either, but this does work until I can think of something better -- or Emby reverses whatever they did.

 

I managed to add the 'exclusion' by simply adding EmbyServer.exe as a 'Trusted Application'.

[Luke 37096]

Does it also have a button to report a false positive?

[jaycedk 384]

It should be reported at Kasperskys forum, and asked why Emby is being flaget.

Forums - Kaspersky Support Forum

[jaycedk 384]

Just to be clear.

Has anyone tried to report it to kaspersky ?

Has anyone looked into why ?

Has anyone asked kaspersky ?

Forums - Kaspersky Support Forum

It's all software and sometimes AV algorithm's get it wrong.

Edited February 9 by jaycedk

[Calin_TM 6]

@jaycedki opened now a ticket on Kaspersky side because i have a purchased license for Kaspersky AntiVirus = KAV

100% is Kaspersky fault here, there are no issues with Emby because I was using a much older version then what has been said around here, i had a 2022 august version installed and even with that version, KAV detected and deleted everything related to Emby.

When i'll get any feedback on my ticket, will update here.

Until then, to workaround this issues, i added the Emby files (both installed and setup) into Trusted Applications, checked the first 4 DO NOT..., rebooted the PC couple of times and it looks ok, then reinstalled the Emby application, no further detection's so far.

[RanmaCanada 345]

Why are you using Kaspersky in the first place?  Do you enjoy having Russian spyware on your system?

[JaimeCarlos 0]

On 2/10/2024 at 1:00 AM, RanmaCanada said:

Why are you using Kaspersky in the first place?  Do you enjoy having Russian spyware on your system?

What would you suggest as an aleternative? It's not as if everybody alrealdy spies on us anyway? Google, Amazon, Facebook... But I ask it mostly because there aren't many really good free antivirus out there.

[RanmaCanada 345]

26 minutes ago, JaimeCarlos said:

What would you suggest as an aleternative? It's not as if everybody alrealdy spies on us anyway? Google, Amazon, Facebook... But I ask it mostly because there aren't many really good free antivirus out there.

The one that comes with windows 10/11 is just fine.  It's cloud based, updated multiple times a day, and Microsoft is using users as guinea pigs for their paid versions.

[Gilgamesh_48 943]

14 minutes ago, JaimeCarlos said:

What would you suggest as an aleternative? It's not as if everybody alrealdy spies on us anyway? Google, Amazon, Facebook... But I ask it mostly because there aren't many really good free antivirus out there.

I recommend using only what is native to the OS you are using as I find AV software to be more scam that effective.  

I have had infections in the fairly distant past when using three different anti-virus software products. I also have seen several different infections on friend's computers when using some of the best AV software. 

About 8 years ago I started only using what is native to Windows and I also started NEVER clicking on any email link. I also only use Thunderbird for email. Except I use Proton email's web interface. I also exercise care when surfing the web and I have not been infected since. Also many of my friends have also started doing the same and they remain infection free.  

I cannot say that the professional AV programs do not work but I do not think they are really needed if you just take reasonable precautions. 

Oh, one more thing: I do not use or even directly read any of the anti-social media. As far as checking of viruses or malware goes > use Microsoft's tools for that but they have not found anything, yet. I may be in some danger but giving my money to the charlatans and crooks that produce most AV products, particularly the ones you either pay for or don't pay for I have decided to withhold support until I actually become convinced that I am in danger or until I see real compelling evidence that there really is danger.

I believe that 99.9% of of infections are the direct result of doing something stupid so I will try and avoid that and I feel about as safe online as I feel walking to my neighborhood market and the biggest danger there is that a LARGE excessively friendly dog might run up and knock me over.  

With proper care the internet is actually a very safe place.

Also good regular backups are more effective at protecting data than just about anything else. 

[Calin_TM 6]

Still pending on feedback from Kaspersky related to the opened ticket
I've sent them the setup install (both a version from 2022 and a 2024 one) and also the whole program installed (~450mb)
As soon as i have something i'll reply back.

[RanmaCanada 345]

4 hours ago, Calin_TM said:

Still pending on feedback from Kaspersky related to the opened ticket
I've sent them the setup install (both a version from 2022 and a 2024 one) and also the whole program installed (~450mb)
As soon as i have something i'll reply back.

Just stop using it, period, unless, like I mentioned above, you enjoy having Russian spyware on your PC.  Dump the POS and use the built in AV in windows 10/11.  

[Calin_TM 6]

Ticket update:
Kaspersky support cannot replicate the issue, me neither.
Most likely false positive, all these detection's and this whole situation was caused by a bad definitions release from Kaspersky which later on they fixed it.
I'm using KAV 21.3.10.391 and have no detection's anymore related to Emby, even after completely uninstalled/re-installed Emby (also removed the exclusions prior to the re-install).

[Calin_TM 6]

anyone has issues with subtitles downloading after the incident with Kaspersky ?
i seem to not be able to make them work again, even tho' i have a VIP Premium account for OpenSubtitles and Premium purchased for Emby also, the OpenSubtitles account is added into  the Emby server, but every movie i check/try to see if it can find me a subtitle, it doesn't find any subtitles anymore.

Perhaps there's an admin around that can see this, otherwise i'll send an email to support, idk...

[jaycedk 384]

@Calin_TMfyi

 

[Luke 37096]

8 hours ago, Calin_TM said:

anyone has issues with subtitles downloading after the incident with Kaspersky ?
i seem to not be able to make them work again, even tho' i have a VIP Premium account for OpenSubtitles and Premium purchased for Emby also, the OpenSubtitles account is added into  the Emby server, but every movie i check/try to see if it can find me a subtitle, it doesn't find any subtitles anymore.

Perhaps there's an admin around that can see this, otherwise i'll send an email to support, idk...

Hi, please attach the Emby server log from when you tried to download subtitles. Thanks

[Calin_TM 6]

On 3/10/2024 at 11:32 PM, Luke said:

Hi, please attach the Emby server log from when you tried to download subtitles. Thanks

I've read the main topic you mentioned above, managed to make subtitle discovering/downloading work again thanks a lot