Kaspersky Self-Deletes and Force-Installs UltraAV on Users’ Endpoints

Kaspersky deleted itself and deployed another antivirus instead without warning, say former US users.

The Russian cybersecurity company will be banned from sales and software updates in the US, starting September 29th, 2024. In June this year, the U.S. government added Kaspersky to the Entity List. The list includes foreign individuals, companies, and organizations considered a national security risk.

The Russian company says they’ve notified customers about installing UltraAV at the beginning of September.

Source – r/antivirus

Yet, comments on Kaspersky’s support forum and Reddit cybersecurity threads signal that the customers did not get any information about when and how the transition from Kaspersky AV to UltraAV will happen.

For many of Kaspersky’s former users, the automated installation of UltraAV’s software was a surprise. Some of them also got UltraVPN stealthily installed on their endpoints.

More about the UltraAV antivirus

UltraAV is part of Pango Group, a US located identity protection and security services provider. UltraAV’s website only showcases user reviews for the company’s VPN product – UltraVPN. Pango partnered with Bitdefender, another cybersecurity company, for VPN services.

Source – Pango.co

According to its vendor, the UltraAV antivirus offers:

• core malware protection
• zero-day threat detection
• data theft protection
• industry leading encryption

Searching UltraAV user reviews on platforms like Gartner, G2, or ExpertInsights retrieved no results. PCmag’s Lead Analyst, Neil J. Rubenking, says

Those who kept the faith with Kaspersky and got forcibly switched to UltraAV may quite reasonably wonder about their protection. None of the labs have published test scores for UltraAV, though scores may appear in the next few months. Our own reviews of UltraAV and UltraVPN are still in process.

Source – PCmag.com

How to deal with software inventory when taking over legacy infrastructure

Kaspersky being able to install software on computers with no system warning should trigger an alarm for MSPs, MSSPs and System Administrators worldwide.

To get full control and visibility over all processes happening across your infrastructure, the best solution is using a cybersecurity platform. Heimdal’s XDR, for example, brings it all into the same dashboard:

• NextGen AV
• Ransomware Encryption Protection
• DNS security
• Patch & Asset Management
• Privileged Access Management and more

An MSP onboarding a new client will get full visibility and control over any legacy software and infrastructure. This will empower them to prevent any third-party software self-installing on the company’s endpoints.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Newsletter

If you liked this post, you will enjoy our newsletter.

Get cybersecurity updates you'll actually want to read directly in your inbox.

I agree to have the submitted data processed by Heimdal Security according to the Privacy Policy

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.