Finding Kaspersky AV on your Windows endpoints
Late last week, the U.S. Federal Communications Commission announced it had added Russian-based Kaspersky Lab to its Covered List, maintained by the FCC to identify “entities that pose an unacceptable risk to U.S. national security.” This follows a 2017 action by the U.S. Department of Homeland Security which bars installing/running Kaspersky software on U.S. government systems via Binding Operational Directive 17-01 (cited expressly by the FCC in its Public Notice). The consequences of the FCC’s announcement differ a bit from that of BODs, with entities listed in the FCC’s Covered List being prohibited from receiving support through the agency’s Universal Service Fund.
runZero’s modern network scanning engine is powered by research, which allows the platform to identify endpoints with endpoint running anti-virus (AV), like Kaspersky, over the network, without authentication.
To get started, you can scan your network with runZero to collect your asset inventory. Then, from the Asset Inventory, use the following pre-built query to locate Windows assets within your network that have Kaspersky installed:
Note that some products from other manufacturers bundle Kaspersky components within them. The above query will surface any Windows assets which have such a product installed.
Get runZero for free
Don’t have runZero and need help finding potentially vulnerable Kaspersky assets?Get started
August 4, 2022
Finding DrayTek Vigor routers
The Trellix Threat Labs Vulnerability Research team recently published vulnerability details affecting almost 30 models of DrayTek Vigor routers. This vulnerability resides in the management interface login page and is trivial to exploit via buffer overflow. An …Read More
July 29, 2022
Hunting for X.509 Certificates
X.509 certificates are used to secure communications over both trusted and untrusted networks. Protocols such as Transport Layer Security (TLS) rely on X.509 certificates to keep their communications secure between endpoints. Each X.509 certificate is composed of a public …Read More
June 21, 2022
Finding Microsoft VPN/PPTP with runZero
Last month, researcher Alex Nichols at Nettitude reported a vulnerability in Microsoft’s Windows VPN software that could allow for remote code execution or local privilege escalation by an attacker. This vulnerability lies in a use-after-free condition that can occur in the …Read More