Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Antivirus with Application Control/Default-deny modules
Message
<blockquote data-quote="509322" data-source="post: 782028"><p>You can make COMODO and Kaspersky true default-deny.</p><p></p><p>You have to disable cloud file reputation lookup in COMODO and KSN lookup in Kaspersky.</p><p></p><p>In COMODO you have to set the sandbox to Block.</p><p></p><p>In Kaspersky, you can enable TAM or just go with Application Control.</p><p></p><p>You have to set both to show alerts\notifications and not to take actions automatically.</p><p></p><p>I might be missing some details as it has been a very long since I messed with either one in the true default-deny configuration.</p><p></p><p>If you disable any process in Kaspersky Application Control, they stupidly made it so that it will not notifiy you when the process is blocked. So all the blocks are silent and you are none the wiser if something is broken. Don't you think you would want an option to show alerts for user-disabled process blocks ? I know I sure would. That info is valuable for both troubleshooting and security.</p><p></p><p>If you try either one configured for default-deny, you will quickly reach the conclusion that it is just better to run SRP.</p><p></p><p>Of the two, COMODO is a bit better for default-deny... because the sandbox alert will tell you what has been blocked.</p><p></p><p>HIPS is very informative. It provides infos to you that clearly let you know that something isn't right. You have to know your ecosystem. Information supplied to you is the most valuable thing there is, but you have to understand the infos. Learning it is not that difficult.</p></blockquote><p></p>
[QUOTE="509322, post: 782028"] You can make COMODO and Kaspersky true default-deny. You have to disable cloud file reputation lookup in COMODO and KSN lookup in Kaspersky. In COMODO you have to set the sandbox to Block. In Kaspersky, you can enable TAM or just go with Application Control. You have to set both to show alerts\notifications and not to take actions automatically. I might be missing some details as it has been a very long since I messed with either one in the true default-deny configuration. If you disable any process in Kaspersky Application Control, they stupidly made it so that it will not notifiy you when the process is blocked. So all the blocks are silent and you are none the wiser if something is broken. Don't you think you would want an option to show alerts for user-disabled process blocks ? I know I sure would. That info is valuable for both troubleshooting and security. If you try either one configured for default-deny, you will quickly reach the conclusion that it is just better to run SRP. Of the two, COMODO is a bit better for default-deny... because the sandbox alert will tell you what has been blocked. HIPS is very informative. It provides infos to you that clearly let you know that something isn't right. You have to know your ecosystem. Information supplied to you is the most valuable thing there is, but you have to understand the infos. Learning it is not that difficult. [/QUOTE]
Insert quotes…
Verification
Post reply
Top