Finding Kaspersky AV on your Windows endpoints

(updated ), by Pearce Barry
icon

Late last week, the U.S. Federal Communications Commission announced it had added Russian-based Kaspersky Lab to its Covered List, maintained by the FCC to identify “entities that pose an unacceptable risk to U.S. national security.” This follows a 2017 action by the U.S. Department of Homeland Security which bars installing/running Kaspersky software on U.S. government systems via Binding Operational Directive 17-01 (cited expressly by the FCC in its Public Notice). The consequences of the FCC’s announcement differ a bit from that of BODs, with entities listed in the FCC’s Covered List being prohibited from receiving support through the agency’s Universal Service Fund.

How do I find my Windows endpoints that have Kaspersky with runZero?

runZero’s modern network scanning engine is powered by research, which allows the platform to identify endpoints with endpoint running anti-virus (AV), like Kaspersky, over the network, without authentication.

To get started, you can scan your network with runZero to collect your asset inventory. Then, from the Asset Inventory, use the following pre-built query to locate Windows assets within your network that have Kaspersky installed:

edr.name:"Kaspersky"
Kaspersky AV prebuilt query is available in the Queries Library

Note that some products from other manufacturers bundle Kaspersky components within them. The above query will surface any Windows assets which have such a product installed.

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Get runZero for free

Don’t have runZero and need help finding potentially vulnerable Kaspersky assets?

Get started
Learn more about runZero

Similar Content

October 11, 2022

Finding FortiOS, FortiProxy, and FortiSwitchManager assets on your network

A critical authentication bypass vulnerability was found in the web administration interface of some Fortinet products. Tracked as CVE-2022-40684, successful exploitation of this vulnerability via crafted HTTP and HTTPS requests can provide remote attackers with admin-level …

September 30, 2022

Finding Microsoft Exchange Servers on your network

GTSC, a Vietnamese security firm, recently discovered two zero-day vulnerabilities that affect Microsoft Exchange Server 2013, 2016, and 2019. These two vulnerabilities are being tracked as CVE-2022-41040 and CVE-2022-41082.

August 4, 2022

Finding DrayTek Vigor routers

The Trellix Threat Labs Vulnerability Research team recently published vulnerability details affecting almost 30 models of DrayTek Vigor routers. This vulnerability resides in the management interface login page and is trivial to exploit via buffer overflow. An …

Read More