- Jun 24, 2016
- 2,503
So, malware has breached into your PC. Luckily you have Kaspersky Internet Security installed, and it manages to detect and block the file without further complications.
But how did it do it? Is it just a context scan and it's done? Well, no. It's far more complex than that.
Let's browse together through the basics of how this suite organizes the procedure to protect you against any type of malware.
This is a basic insight on how the most important modules of Kaspersky work together as a team to help you protect your PC.
Did you know how it worked? Has it ever failed you protecting your system?
But how did it do it? Is it just a context scan and it's done? Well, no. It's far more complex than that.
Let's browse together through the basics of how this suite organizes the procedure to protect you against any type of malware.
Besides occasional updates, “traditional” security technology does most of its job offline and requires approximately an hour to respond to a new threat.
In a modern world, however, an hour can be too long. What if you’re opening a file or loading a web page that seems suspicious, but your traditional security program can’t immediately deem the content malicious? That’s where Kaspersky Security Network kicks in.
Using this cloud security network, you can ask other users if they’ve come across a similar file or webpage lately. Was it suspicious as well? Based on these conversations, the cloud security network gives you advice: “Hey, this file or web page is way too suspicious, you’d better not open it.”
So, after KSN has given you the corresponding advice, you get to choose wether you accept it or just ignore it. Kaspersky is aware of this, and has implemented more modules making sure your mistaken choice doesn't ruin your browsing experience.
In a modern world, however, an hour can be too long. What if you’re opening a file or loading a web page that seems suspicious, but your traditional security program can’t immediately deem the content malicious? That’s where Kaspersky Security Network kicks in.
Using this cloud security network, you can ask other users if they’ve come across a similar file or webpage lately. Was it suspicious as well? Based on these conversations, the cloud security network gives you advice: “Hey, this file or web page is way too suspicious, you’d better not open it.”
So, after KSN has given you the corresponding advice, you get to choose wether you accept it or just ignore it. Kaspersky is aware of this, and has implemented more modules making sure your mistaken choice doesn't ruin your browsing experience.
If you have let the file in, Kaspersky will now be carefully monitoring such file and each actions it performs, which areas and files it accesses or tries to communicate with. This module is directly linked with the vulnerability protection, ransomware protection, and rollback protection. If System Watcher thinks boramurdar.exe, which has just been downloaded, has no reason whatsoever to try to establish communication with rundll32.exe, it will not only block the communication, but most probably recommend you to immediately delete the file, because it looks suspicious enough to be a threat to your security. Even if you made a couple of wrong choices, this module will be smart enough to let you rollback malicious actions commited by malware.
Even before malware consequences, file execution, even before there was anything in this universe, even before God, there was Application Control. This amazing module will work as a first-line of defense between you and malware. Its structure is simple to understand. It's all about trusted groups:
-Trusted
-Low Restricted
-High Restricted
-Untrusted
This means, each file on your PC will belong to a group.
Trusted: this group will be given to those files which are digitally signed by a trusted vendor which has been manually added by Kaspersky to the Trusted Vendor List.
Low and High Restricted: this group will be given to those files which could represent a minimal or serious danger to the enviroment, which you want to give restricted access to the SO areas.
Untrusted: this group will be given to those files that are not signed/not signed by a Trusted Vendor from the list, or which Kaspersky thinks is malicious or shouldn't be executed.
Take into account, you can tick a box and make Kaspersky to not trust digitally signed applications, meaning explicitly KIS will only trust those signed files which are in the list (else all signed software will be allowed). Also remember, you can move files from one group to another manually.
This is a huge step for your security, since files which are not allowed to run or are run with restricted permissions can barely encrypt your files or steal your information. Please be advised to achieve such level of protection this module needs to be tweaked.
-Trusted
-Low Restricted
-High Restricted
-Untrusted
This means, each file on your PC will belong to a group.
Trusted: this group will be given to those files which are digitally signed by a trusted vendor which has been manually added by Kaspersky to the Trusted Vendor List.
Low and High Restricted: this group will be given to those files which could represent a minimal or serious danger to the enviroment, which you want to give restricted access to the SO areas.
Untrusted: this group will be given to those files that are not signed/not signed by a Trusted Vendor from the list, or which Kaspersky thinks is malicious or shouldn't be executed.
Take into account, you can tick a box and make Kaspersky to not trust digitally signed applications, meaning explicitly KIS will only trust those signed files which are in the list (else all signed software will be allowed). Also remember, you can move files from one group to another manually.
This is a huge step for your security, since files which are not allowed to run or are run with restricted permissions can barely encrypt your files or steal your information. Please be advised to achieve such level of protection this module needs to be tweaked.
This module will automatically decide if the system will allow internet communication with each file. This is decided pretty easily and it's strictly linked to the Application Control module.
Remember how each file has a trust group that decides wether we believe a file is legit good or not? This is exactly how firewall decides too. It will read the file, and then such file's trust group. It will grant internet access to those files places on the Trusted Group, and will deny internet access to untrusted files.
Take also into account, firewall's decisions can be modified or void with your manual interaction, such as AC module.
Remember how each file has a trust group that decides wether we believe a file is legit good or not? This is exactly how firewall decides too. It will read the file, and then such file's trust group. It will grant internet access to those files places on the Trusted Group, and will deny internet access to untrusted files.
Take also into account, firewall's decisions can be modified or void with your manual interaction, such as AC module.
This is a basic insight on how the most important modules of Kaspersky work together as a team to help you protect your PC.
Did you know how it worked? Has it ever failed you protecting your system?
Last edited:
