Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
SECRET//NOFORN
SECRET//NOFORN
IOC ERB:
6
IV&V Observations
Observation 1:
Context: Kaspersky ISS 2013, running on Windows 7 SP1, 32 &
64-bit, generates two popup alerts upon EZCheese execution,
stating “Using program interfaces of other applications”, and an
alert highlighting a file EZCheese is trying to read for its file
collection. This particular file was located in the Kaspersky
system directory, which consequently is shown in the popup
alert message as being denied access. All activity was logged
and all files accessed by EZCheese collection were logged.
(Alerts are only displayed on high settings but all activity was
also logged on default settings)
Impact: Increased risk and suspicion when using EZCheese in a
Kaspersky environment
Workaround/Recommendation: Update the User Manual to note
this behavior