Jump to content

Kaspersky Rescue Disk tests 2018 FAQ


boulawan

Recommended Posts

Kaspersky Rescue Disk tests 2018 FAQ

 

Kaspersky Rescue Disk 2018 is a new version of a free product, that helps with detection and recovery from malware out of the operating system. Rescue disk can recognize both Windows and Unix-like operation systems. 

Step 0. Full system backup.

We strongly recommend to create a full backup of system disk before testing of this beta version! If an operation system lose its bootability, you will restore it.

Step 1. Get ready of Kaspersky Rescue Disk

Rescue disk can be written on CD\DVD or flash drive. The flash drive size should be at least 512 Mb 

For CD/DVD you could use any burning CD/DVD software.

For flash drive usage:

a)       on Windows:

For example, you can use Rufus utility https://rufus.akeo.ie/ . ISO must be written in  DD image mode

image.png.1703fc44a38703095ff3c912135bc124.png

image.png.b6bf8aba4684fd086ea5fe0da789b067.png

 

b ) on Linux or Mac:

Use built-in DD utlity.

After usage, you can clean your flash drive with the help of https://technet.microsoft.com/en-us/library/jj200124(v=ws.11).aspx (p.1-6)

Step 2. Kaspersky Rescue Disk loading

You should select flash or CD/DVD as a first boot device in UEFI/BIOS BootMenu or set up boot priority for loading RD.

In case of Secure Boot activated in UEFI, you should enroll hash of loader.efi 

image.png.5478c4d784b19ff60a0f4a94c936eeb7.png

image.png.2f44b9d6f150c29cc891160cfad48ac6.png

 

image.png.07c81117dfb0b247389247392d7ce4f6.png

There are several options available in boot menu

image.png.e7c988302269ea4d20d7d5777b4b2cda.png

 

Graphic mode is recommended in most cases. Limited graphic mode could be useful in the case of full mode failure. Also, limited graphic mode is not recommended for usage on VMware virtual machines due VMware driver factor . 

The product can ask for database update at start.

Step 3. Tests.

Q: What to test?

 

1. Most priority cases:

1)      Bootability of the image. The product must boot on both BIOS and UEFI systems,  also Apple computers are supported.

2)      Network connection must be working correctly (both wired and wireless).

3)      Mouse and touchpad working.

4)      Installed Windows OSes detection. Parallel unix installation is supported.

image.png.03c3637c47a90fdd0cb3007779bfd411.png

 

image.png.343f4abcbca9faa2dc56e5c99208be30.png

 

5)  Windows partitions must be mapped correctly. Letters should be shown correctly:

image.png.e384c15f2558b85c116acf07169c5341.png

 

6) On Linux and Mac local volumes should be mapped

image.png.cca39075cf14a51f3d3c6a43674276f1.png

 

Supported file systmes:

The product must mount and allow to scan disk partitions with FileSystems :

·                    NTFS,

·                     The FAT32,

·                     FAT16

·                     exFAT

·                    Ext2

·                    Ext3

·                    Ext4

·                    HFS

·                    HFS+

·                    xFS

- etc.

There's no opportunity to scan removable drives.

7)      Possibility of hardware info collection. Another flash drive will be necessary as a storage.

image.png.98478020aa2f0e5c7162d1cc08037359.png

or from the graphic mode

image.png.17fa57efbb369d31c5a28ca357e3d61f.png

The information should be saved in the product catalog (see Step 4 below)

2. Detects and cure cases

You can try to check detect and rescue from known threats. For the sample you can use safe Eicar-file ( http://www.eicar.org/download/eicar.com )

Advanced users can check detects of real malware (don't forget to create a backup)

3. Utilities (Registry Editor) and user interface

 

image.png.af9c1c14257bf2ee13aa0d15cc890e58.png

image.png.c9155abeeea730d316296fb14b783af7.png

 

Step 4. What to collect if you meet an error :

1.       Hardware Info (another flash drive is necessary) 

2.        KRD_2018 directory with all content. It will be created in the root of a partition

 

source:https://forum.kaspersky.com/index.php?/topic/386599-kaspersky-rescue-disk-2018-testing-faq/&tab=comments#comment-2771621

Link to comment
Share on other sites


  • Replies 3
  • Views 1.3k
  • Created
  • Last Reply

At a time when they are fighting to have their products used in the U.S. they come out with a free product that appears to be more invasive than ever.  I would not call that a good marketing strategy.  It will only create more backlash because of the amount of information it appears to be looking at and collecting not to mention that from this article it appears that it requires a little computer knowledge to use.  Not something you would want grandma to download and run, especially when it says to backup before using it and we all know grandma doesn't know how to do that.  

Link to comment
Share on other sites


On quinta-feira, 25 de janeiro de 2018 at 4:41 PM, boulawan said:

1. Most priority cases:

2)      Network connection must be working correctly (both wired and wireless).

Weird, the Beta version is bigger than the previous version(520 vs 320 MB). So it probably includes a much bigger signature database. The old version DOES NOT require any network connection, which is one of it's "charms".

Though I would disagree that beta-testing a bleeding edge system utility would be something "grandma" would do, I will stop using the Rescue Disk if it DOES require a network connection.

BTW, the root password is fixed, so if you boot into this with network enabled hackers would have full access to our machine, assuming they can connect, which is not a "good feature".

Kaspersky's statement that he "ordered all detections of Cookie Cleaner's backdoor to be deleted as soon as he realized it was US government spyware" made me think twice about using his products. Maybe ALL AV products should come with a "NSA compliant" statement in their TOS.

:(

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...