Kaspersky's AVZ Antiviral Toolkit is a portable second-opinion scanner
When it comes to system security, I'm more of a paranoid user who prefers to run a truckload of security software on a system I'm working on.
While I make sure that I run only programs that do not cause stability or compatibility issues when they run at the same time, I also run second-opinion scanners regularly to get a third, fourth or fifth opinion on the security state of the PC.
You may think that this is overkill, but if your livelihood depends on the system, you would probably do the very same thing.
Anyway, AVZ Antiviral Toolkit is a free portable second-opinion scanner for Windows that you can download from Kaspersky's Support website.
It is an on-demand scanner that does not protect your system in real-time. It is compatible with all recent versions of the Windows operating system and requires quite the elaborate setup before you can run the tool.
Kaspersky asks you to turn of the firewall if it is on, launch all web browsers installed on the system, and close all other applications running on it.
Once done, you can run the program and start to scan the system. There is no explanation unfortunately why you have to turn off the firewall or run all browsers.
The program displays all search parameters in three tabs in its interface.
- Search Scope: You select the drives that you want to scan here, whether you want to include a scan of running processes, use the heuristic system check, and search for vulnerabilities. Here you also find options to copy deleted or suspicious files, and define automatic actions for select types of malware.
- File Types: Defines which types of files are scanned. This is set to potentially dangerous files by default, but can be changed to all files or files matching a user-defined string. The program will scan NTFS streams and archives by default as well, but ignore all files larger than 10 Megabytes. You can remove those restrictions and options here.
- Search Parameters: The program's heuristic analysis and anti-rootkit search parameters are defined here. AVZ Antiviral Toolkit will check Winsock Service Provider settings, for keyloggers, and may also be configured to search for TCP/UDP ports used by Trojan horses.
A scan may take a while depending on the selected parameters and performance of the PC system. The program displays a log that it updates in real-time during the scan.
I highly suggest you do not configure automatic actions on first scan to avoid the automatic handling of false positives the program may detect. The program has been designed to find threats that are not yet known to Kaspersky programs.
The menu bar displays additional tools the program makes available. The service menu alone links to more than 20 different tools that you can use. This includes a built-in process manager, services and drivers manager or injected DLLs manager to an autoruns manager or hosts files manager. Many of the tools listed here can come in quite handy if you need to analyze or repair a system.
That's not all though. You can use the file menu to save and load configurations, run a system analysis,run system restore or backups, or view infected or quarantined files.
There is a lot to explore, and the best way to learn more about individual features is to open the help file. It is very extensive and provides you with detailed information about each feature the program makes available.
The program is portable and seems to be updated regularly. While I cannot say that for all modules it makes available, most worked fine when I tested them on a 64-bit Windows 7 system.
It is definitely not a program that you should trust blindly though due to the heuristic approach in regards to detecting malware, but if you are careful and research its findings, then you should not run into any issues using it.
Martin, insofar as you are “a paranoid user”, why would you want to turn off your firewall on instructions from Kaspersky Lab, which is headquartered in Moscow, Russia? As you point out, “There is no explanation unfortunately why you have to turn off the firewall”. Your advice is normally quite sober, but what you say here seems at first glance self-contradictory.
I’m using a hardware firewall and not Windows Firewall, so that was not a problem for me. I personally would not have turned off the firewall if I’d run a software firewall.
Kaspersky is also only mentioning Windows Firewall explicitly, and no other firewall software.
You are paranoid. Ask yourself a question why rest of the world should use USA-originated software after the NSA leaks? Don’t turn on a computer, it’s dangerous.
I prefer to be “selectively paranoid”. NSA will not file anything illegal on my computer except some “downloaded movies” which is not their priority. Kaspersky on other hand can use my computer as part of attack bot.
P.S. I may be completely subjective since I grew up in Ukraine.
I use TinyWall 2.1.4 (a Windows firewall extender).
Could I just turn my router off?
In my experience, I have found Kaspersky to be one of the strongest AV’s available (ie, the only vendor able to knock out tdss rootkit at the time.)
My guess is that they want the browsers running and firewall off so they can packet sniff the traffic coming in and out, looking for telltale signs of malware. I think adding this type of detection is clearly brilliant, but not always well understood. Kaspersky would do well to explain the reasoning upfront.
There is no explanation unfortunately why you have to turn off the firewall?
“The AVZ utility collects information about your computer, analyzes launched processes for a malicious code unknown to Kaspersky Lab yet. The AVZ utility downloads the latest antivirus databases, scans the system for a malicious code, disinfects/removes infected files and creates a report with scan and analysis results of its work.”
That still does not explain why you need to turn it off.
So why don’t you try leaving your FW on while running the scan?
I don’t use Windows Firewall, but I would leave it on if I would use it and see what happens.
If you select the script #7 as suggested on the site (Data Bases update), your FW might block it, like mine (Windows Firewall+GUI) did. I had to re-launch the program.
The AVZPM, AVZGuard, and Boot Cleaner technologies are not supported in Windows 9x, or in 64-bit versions of the operating systems Windows XP, Windows Vista and Windows 7.
I guess that explains the following errors:
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed.
1.5 Checking IRP handlers
Error loading driver – operation interrupted [C000036B]
Regardless, AVZ keeps crashing on my Win7 AMD64 machine without saving any log. Too bad, since it looked like a very promising app.
i dont trust any AV vendors any more. a program like this could do any number of things including take snapshot of your system and installed programs to sell to profiling and data mining companies.
better resort is just reinstall OS from image every few weeks or run from VM.