[Fixed] A vulnerability in KAVKIS 2020 products family allows full disabling of protection

> Note! Thank you for your report. For the purposes of the further analysis of the vulnerability, that you kindly report to us, could you please fill *all* fields [in square brackets]. This information will help us to respond you more quickly and triage your report. Thanks a lot for your assistance. I use Translator, T_T Sorry **Summary** can turn off anti-virus functionality in an external process. **Description** Use the SetWindowsHookEx function to inject the DLL. The ClientLoadLibrary was hooked to prevent injection, but dlls with specific file names were injectable(tiptsf.dll). After that, I was able to hook some WinAPIs and turn off antivirus. **Environment** - Scope: Application - Product name: Kaspersky Internet Security - Product version:20.0.14.1085 - OS name and version (incl SP): Windows 10 RS5 - Attack type: Bypass - Maximum user privileges needed to reproduce your issue: no privileges **Steps to reproduce** 1. FindWindow and get hwnd from kaspersky internet security(avpui.exe) 2. I have invoked the SetWindowsHookEx function to inject the DLL. 3. After hooking the TrackPopupMenu function, send a pop-up message through PostMessage. 4. When self-protection is turned on, it generates a new avpui.exe and then generates a Dialog that asks users to confirm. the generated process also injects dll. 5. In the newly created avpui.exe, hook the IsDialogMessageW function and switch to a message that occurs when you click the OK button. 6. download ransomware & run. ## Impact The bypass function can be used to turn off the antivirus before the malware is activated.