A small insight in how Kasperksy works

Do you like Kaspersky?

  • Yes, I do!

    Votes: 46 92.0%
  • I don't like it

    Votes: 4 8.0%

  • Total voters
    50

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
So, malware has breached into your PC. Luckily you have Kaspersky Internet Security installed, and it manages to detect and block the file without further complications.

But how did it do it? Is it just a context scan and it's done? Well, no. It's far more complex than that.
Let's browse together through the basics of how this suite organizes the procedure to protect you against any type of malware.

214041


Besides occasional updates, “traditional” security technology does most of its job offline and requires approximately an hour to respond to a new threat.

In a modern world, however, an hour can be too long. What if you’re opening a file or loading a web page that seems suspicious, but your traditional security program can’t immediately deem the content malicious? That’s where Kaspersky Security Network kicks in.

Using this cloud security network, you can ask other users if they’ve come across a similar file or webpage lately. Was it suspicious as well? Based on these conversations, the cloud security network gives you advice: “Hey, this file or web page is way too suspicious, you’d better not open it.”

So, after KSN has given you the corresponding advice, you get to choose wether you accept it or just ignore it. Kaspersky is aware of this, and has implemented more modules making sure your mistaken choice doesn't ruin your browsing experience.

tTX4mJW.png
If you have let the file in, Kaspersky will now be carefully monitoring such file and each actions it performs, which areas and files it accesses or tries to communicate with. This module is directly linked with the vulnerability protection, ransomware protection, and rollback protection. If System Watcher thinks boramurdar.exe, which has just been downloaded, has no reason whatsoever to try to establish communication with rundll32.exe, it will not only block the communication, but most probably recommend you to immediately delete the file, because it looks suspicious enough to be a threat to your security. Even if you made a couple of wrong choices, this module will be smart enough to let you rollback malicious actions commited by malware.

N9juYlH.png
Even before malware consequences, file execution, even before there was anything in this universe, even before God, there was Application Control. This amazing module will work as a first-line of defense between you and malware. Its structure is simple to understand. It's all about trusted groups:
-Trusted
-Low Restricted
-High Restricted

-Untrusted
This means, each file on your PC will belong to a group.

Trusted: this group will be given to those files which are digitally signed by a trusted vendor which has been manually added by Kaspersky to the Trusted Vendor List.
Low and High Restricted: this group will be given to those files which could represent a minimal or serious danger to the enviroment, which you want to give restricted access to the SO areas.
Untrusted: this group will be given to those files that are not signed/not signed by a Trusted Vendor from the list, or which Kaspersky thinks is malicious or shouldn't be executed.

Take into account, you can tick a box and make Kaspersky to not trust digitally signed applications, meaning explicitly KIS will only trust those signed files which are in the list (else all signed software will be allowed). Also remember, you can move files from one group to another manually.

This is a huge step for your security, since files which are not allowed to run or are run with restricted permissions can barely encrypt your files or steal your information. Please be advised to achieve such level of protection this module needs to be tweaked.

KcEpGQm.png
IbJEXVM.png
This module will automatically decide if the system will allow internet communication with each file. This is decided pretty easily and it's strictly linked to the Application Control module.

Remember how each file has a trust group that decides wether we believe a file is legit good or not? This is exactly how firewall decides too. It will read the file, and then such file's trust group. It will grant internet access to those files places on the Trusted Group, and will deny internet access to untrusted files.

Take also into account, firewall's decisions can be modified or void with your manual interaction, such as AC module.

ery0rLS.png

This is a basic insight on how the most important modules of Kaspersky work together as a team to help you protect your PC.

Did you know how it worked? Has it ever failed you protecting your system?​
 
Last edited:

Momus

Level 2
Verified
Oct 21, 2017
61
Many thanks RoboMan for posting. It's quite funny as I do read these things in a forum post like this as I certainly would not have read this procedure in any form of help section by Kaspersky. Would you recommend the cloud version of Kaspersky or would you simply advice giving KIS a try? I'm afraid of a rather heavy software...
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
KSCloud has all the known protection modules (layers) of KIS/KTS, but also addional features to better management of multiple systems vía Web Console, good for diferent devices/systems in family, for example.
 
Last edited:

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Many thanks RoboMan for posting. It's quite funny as I do read these things in a forum post like this as I certainly would not have read this procedure in any form of help section by Kaspersky. Would you recommend the cloud version of Kaspersky or would you simply advice giving KIS a try? I'm afraid of a rather heavy software...
What @harlan4096 just said! Also, please remember we tend to mention Kaspersky Cloud Security Free here (KSCF) and this free version does NOT bring the modules KIS does!
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Currently I'm using Eset but I really miss Kaspersky's "Manage applications" section of the Application Control module. A full list of every programs I've run in my system. So easy to change groups and also super convenient to block network access of a program from the list without needing to manually adding the program like most other AV's firewall module. A brilliant feature that I think every AV should have.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Anyone ever used the basic KAV? Just trying it out on my laptop, of course it don't have the features of KIS or above but it runs so lightly I'm really impressed.
KAV is lighter than KIS due to the lack of Application control, which noticeably slows down your machine (for some users like me). Some may not notice any difference. Other components don't slowdown much
KAV is almost identical to kaspersky security cloud free except with cloud free you must login to an account => you don't need to pay for KAV
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Thanks for that, not the fastest laptop ever made but it does the job & runs really well with KAV, it also has HMP.Alert on as I have a multi long licence which seems to make little difference to how it runs. May just stick with this config & Mullvad as it works & try KSC free. Going down the road as less is better, so shall see - Thanks @Evjl's Rain
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Exactly under what name does Kaspersky HIPS work? Because I'm pretty sure I've never seen a module named HIPS. Maybe it works in the background? Tied to System Watcher?
Kaspersky HIPS = Application Control in Home products, in new KES11 (EndPoint) they have changed the name and now Home Products Application Control = KES (Bussines product) HIP (see my tests at MalWare Hub about 2 months ago).

KES also has a module called Application Control, but to block execution of applications according to different criteria/conditions...
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Exactly under what name does Kaspersky HIPS work? Because I'm pretty sure I've never seen a module named HIPS. Maybe it works in the background? Tied to System Watcher?

I guess Kaspersky HIPS is always ON. If you uncheck "perform recommended actions automatically", you'll receive detailed hips warnings. On default HIPS messages are answered automatically without user intervention.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
This happens to me in KTS 2020, when I see high cpu usage in task manager, I open Kaspersky and I find rootkit scan stuck at %0 but this does not happen all the time
I think we should disable rootkit and idle scans because I do think they work a lot more often than they should
random scans are not good for disk lifespan and may create false perception for regular users that kaspersky is heavy
I have seen zero effect on security after disabling those 2 options
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top