Finding Kaspersky AV on your Windows endpoints

, by Pearce Barry

Late last week, the U.S. Federal Communications Commission announced it had added Russian-based Kaspersky Lab to its Covered List, maintained by the FCC to identify “entities that pose an unacceptable risk to U.S. national security.” This follows a 2017 action by the U.S. Department of Homeland Security which bars installing/running Kaspersky software on U.S. government systems via Binding Operational Directive 17-01 (cited expressly by the FCC in its Public Notice). The consequences of the FCC’s announcement differ a bit from that of BODs, with entities listed in the FCC’s Covered List being prohibited from receiving support through the agency’s Universal Service Fund.

How do I find my Windows endpoints that have Kaspersky with Rumble?

Rumble’s modern network scanning engine is powered by research, which allows the platform to identify endpoints with endpoint running anti-virus (AV), like Kaspersky, over the network, without authentication.

To get started, you can scan your network with Rumble to collect your asset inventory. Then, from the Asset Inventory, use the following pre-built query to locate Windows assets within your network that have Kaspersky installed:

edr.name:"Kaspersky"
Kaspersky AV prebuilt query is available in the Queries Library

Note that some products from other manufacturers bundle Kaspersky components within them. The above query will surface any Windows assets which have such a product installed.

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Get Rumble free for 21 days

Deploy Rumble and build your asset inventory in minutes.

Start your trial
Rumble Screenshot

Similar Content

May 12, 2022

Wrangling the May 2022 Patch Tuesday

Microsoft recently released security updates for over 70 vulnerabilities, including 3 zero-days and 7 critical vulnerabilities that affect a wide-range of their products and services. The list of patches covers an actively exploited zero-day vulnerability in the Windows …

Read More

May 5, 2022

Finding F5 BIG-IP instances

Technology vendor F5 recently published information on over 40 vulnerabilities, mostly affecting their BIG-IP line of products. While these vulnerabilities include a mix of types and severities, a particular authentication bypass vulnerability that can affect all BIG-IP …

Read More

April 29, 2022

Finding Netatalk instances

A critical vulnerability in the Netatalk open source file server software was found in some popular network attached storage (NAS) devices. Netatalk provides services for the deprecated AFP (Apple Filing Protocol, formerly known as Appletalk Filing Protocol), and runs on a …

Read More