Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
A small insight in how Kasperksy works
Message
<blockquote data-quote="RoboMan" data-source="post: 815914" data-attributes="member: 53544"><p style="text-align: center">So, malware has breached into your PC. Luckily you have Kaspersky Internet Security installed, and it manages to <u><strong>detect and block</strong></u> the file without further complications.</p> <p style="text-align: center"></p> <p style="text-align: center">But how did it do it? Is it just a context scan and it's done? Well, no. <strong>It's far more complex than that</strong>.</p> <p style="text-align: center">Let's browse together through the basics of <u>how this suite organizes the </u><strong><u>procedure</u></strong> to protect you against any type of malware.</p> <p style="text-align: center"></p> <p style="text-align: center">[ATTACH=full]214041[/ATTACH]</p> <p style="text-align: center"></p> <p style="text-align: center"><strong>[SPOILER="KASPERSKY SECURITY NETWORK (KSN)"][/SPOILER]</strong>[SPOILER="KASPERSKY SECURITY NETWORK (KSN)"]</p> <p style="text-align: center">Besides occasional updates, “traditional” security technology does most of its job offline and requires approximately an hour to respond to a new threat.</p> <p style="text-align: center"></p> <p style="text-align: center">In a modern world, however, an hour can be too long. What if you’re opening a file or loading a web page that seems suspicious, but your traditional security program can’t immediately deem the content malicious? That’s where Kaspersky Security Network kicks in.</p> <p style="text-align: center"></p> <p style="text-align: center">Using this cloud security network, you can ask other users if they’ve come across a similar file or webpage lately. Was it suspicious as well? Based on these conversations, the cloud security network gives you advice: “Hey, this file or web page is way too suspicious, you’d better not open it.”</p> <p style="text-align: center"></p> <p style="text-align: center">So, after KSN has given you the corresponding advice, you get to choose wether you accept it or just ignore it. Kaspersky is aware of this, and has implemented more modules making sure your mistaken choice doesn't ruin your browsing experience.</p> <p style="text-align: center"></p> <p style="text-align: center"><img src="https://imgur.com/tTX4mJW.png" alt="" class="fr-fic fr-dii fr-draggable " style="" />[/SPOILER]</p> <p style="text-align: center"><strong>[SPOILER="SYSTEM WATCHER"][/SPOILER]</strong>[SPOILER="SYSTEM WATCHER"]</p> <p style="text-align: center"></p> <p style="text-align: center">If you have let the file in, Kaspersky will now be carefully monitoring such file and each actions it performs, which areas and files it accesses or tries to communicate with. This module is directly linked with the vulnerability protection, ransomware protection, and rollback protection. If System Watcher thinks boramurdar.exe, which has just been downloaded, has no reason whatsoever to try to establish communication with rundll32.exe, it will not only block the communication, but most probably recommend you to immediately delete the file, because it looks suspicious enough to be a threat to your security. Even if you made a couple of wrong choices, this module will be smart enough to let you rollback malicious actions commited by malware.</p> <p style="text-align: center"></p> <p style="text-align: center"><img src="https://imgur.com/N9juYlH.png" alt="" class="fr-fic fr-dii fr-draggable " style="" />[/SPOILER]</p> <p style="text-align: center"><strong>[SPOILER="APPLICATION CONTROL"][/SPOILER]</strong>[SPOILER="APPLICATION CONTROL"]</p> <p style="text-align: center"></p> <p style="text-align: center">Even before malware consequences, file execution, even before there was anything in this universe, even before God, there was Application Control. This amazing module will work as a first-line of defense between you and malware. Its structure is simple to understand. It's all about trusted groups:</p> <p style="text-align: center"><strong><em>-Trusted</em></strong></p> <p style="text-align: center"><em><strong>-Low Restricted</strong></em></p> <p style="text-align: center"><em><strong>-High Restricted</strong></em></p> <p style="text-align: center"><strong><em>-Untrusted</em></strong></p> <p style="text-align: center">This means, each file on your PC will belong to a group.</p> <p style="text-align: center"></p> <p style="text-align: center"><strong><span style="color: rgb(65, 168, 95)">Trusted</span></strong><span style="color: rgb(65, 168, 95)">:</span> this group will be given to those files which are digitally signed by a trusted vendor which has been manually added by Kaspersky to the Trusted Vendor List.</p> <p style="text-align: center"><strong><span style="color: rgb(247, 218, 100)">Low and</span> <span style="color: rgb(251, 160, 38)">High Restricted</span></strong><span style="color: rgb(250, 197, 28)">:</span> this group will be given to those files which could represent a minimal or serious danger to the enviroment, which you want to give restricted access to the SO areas.</p> <p style="text-align: center"><strong><span style="color: rgb(184, 49, 47)">Untrusted</span></strong>: this group will be given to those files that are not signed/not signed by a Trusted Vendor from the list, or which Kaspersky thinks is malicious or shouldn't be executed.</p> <p style="text-align: center"></p> <p style="text-align: center">Take into account, you can tick a box and make Kaspersky to not trust digitally signed applications, meaning explicitly KIS will only trust those signed files which are in the list (else all signed software will be allowed). Also remember, you can move files from one group to another manually.</p> <p style="text-align: center"></p> <p style="text-align: center">This is a huge step for your security, since files which are not allowed to run or are run with restricted permissions can barely encrypt your files or steal your information. Please be advised to achieve such level of protection this module needs to be tweaked.</p> <p style="text-align: center"></p> <p style="text-align: center"><img src="https://imgur.com/KcEpGQm.png" alt="" class="fr-fic fr-dii fr-draggable " style="width: 683px" /><img src="https://imgur.com/IbJEXVM.png" alt="" class="fr-fic fr-dii fr-draggable " style="width: 683px" />[/SPOILER]</p> <p style="text-align: center"><strong>[SPOILER="FIREWALL"][/SPOILER]</strong>[SPOILER="FIREWALL"]</p> <p style="text-align: center"></p> <p style="text-align: center">This module will automatically decide if the system will allow internet communication with each file. This is decided pretty easily and it's strictly linked to the Application Control module.</p> <p style="text-align: center"></p> <p style="text-align: center">Remember how each file has a trust group that decides wether we believe a file is legit good or not? This is exactly how firewall decides too. It will read the file, and then such file's trust group. It will grant internet access to those files places on the Trusted Group, and will deny internet access to untrusted files.</p> <p style="text-align: center"></p> <p style="text-align: center">Take also into account, firewall's decisions can be modified or void with your manual interaction, such as AC module.</p> <p style="text-align: center"></p> <p style="text-align: center"><img src="https://imgur.com/ery0rLS.png" alt="" class="fr-fic fr-dii fr-draggable " style="" />[/SPOILER]</p> <p style="text-align: center"></p> <p style="text-align: center">This is a basic insight on how the<strong> most important modules of Kaspersky wor</strong>k together as a team to help you protect your PC.</p> <p style="text-align: center"></p> <p style="text-align: center">Did you know how it worked? Has it ever failed you <u><strong>protecting your system</strong></u>?</p></blockquote><p></p>
[QUOTE="RoboMan, post: 815914, member: 53544"] [CENTER]So, malware has breached into your PC. Luckily you have Kaspersky Internet Security installed, and it manages to [U][B]detect and block[/B][/U] the file without further complications. But how did it do it? Is it just a context scan and it's done? Well, no. [B]It's far more complex than that[/B]. Let's browse together through the basics of [U]how this suite organizes the [/U][B][U]procedure[/U][/B] to protect you against any type of malware. [ATTACH type="full" width="804px" alt="214041"]214041[/ATTACH] [B][SPOILER="KASPERSKY SECURITY NETWORK (KSN)"][/SPOILER][/B][SPOILER="KASPERSKY SECURITY NETWORK (KSN)"] Besides occasional updates, “traditional” security technology does most of its job offline and requires approximately an hour to respond to a new threat. In a modern world, however, an hour can be too long. What if you’re opening a file or loading a web page that seems suspicious, but your traditional security program can’t immediately deem the content malicious? That’s where Kaspersky Security Network kicks in. Using this cloud security network, you can ask other users if they’ve come across a similar file or webpage lately. Was it suspicious as well? Based on these conversations, the cloud security network gives you advice: “Hey, this file or web page is way too suspicious, you’d better not open it.” So, after KSN has given you the corresponding advice, you get to choose wether you accept it or just ignore it. Kaspersky is aware of this, and has implemented more modules making sure your mistaken choice doesn't ruin your browsing experience. [IMG]https://imgur.com/tTX4mJW.png[/IMG][/SPOILER] [B][SPOILER="SYSTEM WATCHER"][/SPOILER][/B][SPOILER="SYSTEM WATCHER"] If you have let the file in, Kaspersky will now be carefully monitoring such file and each actions it performs, which areas and files it accesses or tries to communicate with. This module is directly linked with the vulnerability protection, ransomware protection, and rollback protection. If System Watcher thinks boramurdar.exe, which has just been downloaded, has no reason whatsoever to try to establish communication with rundll32.exe, it will not only block the communication, but most probably recommend you to immediately delete the file, because it looks suspicious enough to be a threat to your security. Even if you made a couple of wrong choices, this module will be smart enough to let you rollback malicious actions commited by malware. [IMG]https://imgur.com/N9juYlH.png[/IMG][/SPOILER] [B][SPOILER="APPLICATION CONTROL"][/SPOILER][/B][SPOILER="APPLICATION CONTROL"] Even before malware consequences, file execution, even before there was anything in this universe, even before God, there was Application Control. This amazing module will work as a first-line of defense between you and malware. Its structure is simple to understand. It's all about trusted groups: [B][I]-Trusted[/I][/B] [I][B]-Low Restricted -High Restricted[/B][/I] [B][I]-Untrusted[/I][/B] This means, each file on your PC will belong to a group. [B][COLOR=rgb(65, 168, 95)]Trusted[/COLOR][/B][COLOR=rgb(65, 168, 95)]:[/COLOR] this group will be given to those files which are digitally signed by a trusted vendor which has been manually added by Kaspersky to the Trusted Vendor List. [B][COLOR=rgb(247, 218, 100)]Low and[/COLOR] [COLOR=rgb(251, 160, 38)]High Restricted[/COLOR][/B][COLOR=rgb(250, 197, 28)]:[/COLOR] this group will be given to those files which could represent a minimal or serious danger to the enviroment, which you want to give restricted access to the SO areas. [B][COLOR=rgb(184, 49, 47)]Untrusted[/COLOR][/B]: this group will be given to those files that are not signed/not signed by a Trusted Vendor from the list, or which Kaspersky thinks is malicious or shouldn't be executed. Take into account, you can tick a box and make Kaspersky to not trust digitally signed applications, meaning explicitly KIS will only trust those signed files which are in the list (else all signed software will be allowed). Also remember, you can move files from one group to another manually. This is a huge step for your security, since files which are not allowed to run or are run with restricted permissions can barely encrypt your files or steal your information. Please be advised to achieve such level of protection this module needs to be tweaked. [IMG width="683px"]https://imgur.com/KcEpGQm.png[/IMG][IMG width="683px"]https://imgur.com/IbJEXVM.png[/IMG][/SPOILER] [B][SPOILER="FIREWALL"][/SPOILER][/B][SPOILER="FIREWALL"] This module will automatically decide if the system will allow internet communication with each file. This is decided pretty easily and it's strictly linked to the Application Control module. Remember how each file has a trust group that decides wether we believe a file is legit good or not? This is exactly how firewall decides too. It will read the file, and then such file's trust group. It will grant internet access to those files places on the Trusted Group, and will deny internet access to untrusted files. Take also into account, firewall's decisions can be modified or void with your manual interaction, such as AC module. [IMG]https://imgur.com/ery0rLS.png[/IMG][/SPOILER] This is a basic insight on how the[B] most important modules of Kaspersky wor[/B]k together as a team to help you protect your PC. Did you know how it worked? Has it ever failed you [U][B]protecting your system[/B][/U]?[/CENTER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
