Antivirus with Application Control/Default-deny modules

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Hola amigos!

Do you know which antivirus software in the actual market have default deny modules, such as Kaspersky's Application Control? I am always trying to test new software, and since every AV keeps evolving and adding new features I have lost track of which ones include this technology and which antivirus even exist right now lol.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,624
Well I would not say KL AC is a default-deny module, although it can be tweaked to emulate this behaviour... TAM would be the closest feature to default-deny...

Panda Dome paid also has a module called "Application Control" similar to TAM, but is limited controlling the wide range of executable files...
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Well I would not say KL AC is a default-deny module, although it can be tweaked to emulate this behaviour... TAM would be the closest feature to default-deny...
Yes that's exactly what I mean. Modules capable of, tweaked or not, denying execution of specific files, such as untrusted/unrecognised.
 
5

509322

Hola amigos!

Do you know which antivirus software in the actual market have default deny modules, such as Kaspersky's Application Control? I am always trying to test new software, and since every AV keeps evolving and adding new features I have lost track of which ones include this technology and which antivirus even exist right now lol.

1. COMODO
2. Kasperksy

For true default-deny, both need a specific set of settings configured. Research it.
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,758
1-Comodo Products
2-Kaspersky App control
3-https://malwaretips.com/threads/shinobi-defense-system.79813/ not antivirus but good default deny protection and you can use it with any av
4-Panda (paid products) but not worth the money
5-Dr.wb security space(has some hardening rules)
5-TrustPort antivirus(has App control like protection)
6-Chinese Av calls Tinder internet security(it's free) a suite with advanced smart hips(more than 60 special rules) but the UI is not English. work like SpyShelter Firewall(even better) ç«ç»’安全
7-Eset IS with hips in interactive mode
 
5

509322

Hola amigos!

Do you know which antivirus software in the actual market have default deny modules, such as Kaspersky's Application Control? I am always trying to test new software, and since every AV keeps evolving and adding new features I have lost track of which ones include this technology and which antivirus even exist right now lol.

You can make COMODO and Kaspersky true default-deny.

You have to disable cloud file reputation lookup in COMODO and KSN lookup in Kaspersky.

In COMODO you have to set the sandbox to Block.

In Kaspersky, you can enable TAM or just go with Application Control.

You have to set both to show alerts\notifications and not to take actions automatically.

I might be missing some details as it has been a very long since I messed with either one in the true default-deny configuration.

If you disable any process in Kaspersky Application Control, they stupidly made it so that it will not notifiy you when the process is blocked. So all the blocks are silent and you are none the wiser if something is broken. Don't you think you would want an option to show alerts for user-disabled process blocks ? I know I sure would. That info is valuable for both troubleshooting and security.

If you try either one configured for default-deny, you will quickly reach the conclusion that it is just better to run SRP.

Of the two, COMODO is a bit better for default-deny... because the sandbox alert will tell you what has been blocked.

HIPS is very informative. It provides infos to you that clearly let you know that something isn't right. You have to know your ecosystem. Information supplied to you is the most valuable thing there is, but you have to understand the infos. Learning it is not that difficult.
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
How is it better than Spyshelter Firewall?
How is it worse than SpyShelter?

More than 60 smart HIPS rules(i mean it covers more places) also has its own antivirus Engine(Spyshelter dont have such feature).its also free and have a good firewall.
SS has 66 action on its list that are monitored and you know that's not all. Is it something uniqe...exceptional...in Tinder IS?
 

Sunshine-boy

Level 28
Verified
Top Poster
Well-known
Apr 1, 2017
1,758
I know how is SS but you need to take a look at this software. I can't explain just test yourself
Is it something uniqe...exceptional...in Tinder IS?
1-Free
2-AV and BB module
3-More actions on the list (like PowerShell, WMI, Bits monitoring and more...)
4-Active community with very kind developers(former Rising developers are working on this App)
I just translated the user manual to English and using it:
http://down4.huorong.cn/doc/personal/manual.pdf
Free Online Document Translator - Preserves your document's layout (Word, PDF, Excel, Powerpoint, OpenOffice, text)
 

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
OK...the name "Huorong" is more known for me and as I remeber you've mentioned about it somwhere on MT :) It's impossible for me to find listed features due to my completely lack of understanding of that langauge but I found in apps one tool called "Huorong System Diagnostic Toolkit" that seems to be very granular and useful in some cases...and it's in English :)


181211151735_1.jpg181211152208_2.jpg
 
Last edited:

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Comodo - only reason im using it is default deny wich im aware of thanks to MalwareTips

If i go with any other 3rd party antivirus i would always add either cf or anti-exe blocking sw nor default deny such OSA or the RE:HIPS nowadays

Also comodo pros:
- atleast you can get interaction with the devs throught forum if youre free user
- submitting files, like asus old drivers i had were unknown but day after comodo set em as trusted ( so i guess theyre fast on this side)
- its very informative about whats blocked, and wich component did that; either hips, firewall, av
- no nags, ads , bs


After all im always back to comodo products

But as youre looking for test environment its different case, i dont have clue what zonealarm antivirus can do since it has behaviour blocker( possible defaunt deny) and the application control is tied to firewall

I really have heard about comodo, panda, kaspersky
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top