Best HIPS: KAV 2013 / OA Firewall Pro

[Shadowave]

Hello guys, today I install Kaspersky Anti-Virus + Online Armor Firewall Pro, and I want to know which is advisable to leave them HIPS+ function :huh::huh:

 

[nishaddesilva]

I'm also interested in this topic these days. Both offer great protection features. As I can remember KIS scored higher than OA in Matousec proactive security test. But let's wait for other users' opinions.

 

[Deleted member 178]

OA was always equal to comodo HIPS, KIS behind them, then Matousec removed OA from their test because financial issues.

if you want use OA be sure than you can disable totally KIS HIPS (via a reboot) but i am not so sure you can. Kaspersky HIPS is very good so i will keep it if you use KAV.

 

[jamescv7]

OA is better than Kaspersky regarding from components. (especially HIPS function)

But... Kaspersky component are doing very well and suppose you used it.

 

[Jack]

Hello guys, today I install Kaspersky Anti-Virus + Online Armor Firewall Pro, and I want to know which is advisable to leave them HIPS+ function :huh::huh:

You must mean Kaspersky Internet Security 2013, because KAV doesn't come with the Application Control feature.

I would go with Kaspersky Internet Security Application Control, because it's very user friendly and easy to use.
If you really want to improve Kaspersky protection by tweaking Application Control settings, you can use this 2 steps:

1. Configure Application Control to set 'Untrusted' status for unknown applications

What is Application Control in Kaspersky Internet Security 2012?
The Application Control component in Kaspersky Internet Security 2012 prevents applications from executing actions which can endanger the system, monitors access to your operating system and personal data using the Digital Identity Protection module.

The Application Control component logs the actions performed by applications in the system, and manages the applications' activities, based on which group they belong to. A set of rules is defined for each group of applications. These rules manage applications' access to various resources. Based on the system security factor, all applications can be divided into four pre-set groups of applications:

Trusted. Applications with a digital signature by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. Those applications' activity is monitored by Proactive Defense and File Anti-Virus.
Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received low value of the threat rating. They are allowed to perform some operations, such as access to other processes, system control, hidden network access. The user's permission is required for most operations.
High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high value of the threat rating. The applications of this group require the user's permission for most actions which affect the system: some actions are not allowed for such applications.
Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high value of the threat rating. Application Control blocks any actions performed by such applications.


How to configure Application Control to set 'Untrusted' status for unknown applications
When heuristic analysis is used by default, Application Control inspects each program for 30 seconds. If after that time the component does not complete identification of its threat rating, the program will receive by default the Low Restricted status (based on the Kaspersky Security Network data). For maximum protection is recommended that you configure the Application Control to set 'Untrusted' status for unknown applications.
By default Application Control will block any actions performed by the programs in the 'Untrusted' group , thus bringing a new level of security for your system.
[attachment=760]
Please note that when using this method, legit programs who aren't in Kaspersky white list or aren't digitally signed might be placed in the 'Untrusted' group so if a program will fail to start or run, it could be because of the limted rights of this specific group so you'll might have to manually move it from the 'Untrusted' group to a group which allows more rights to the program like the 'Trusted' or Limited Rights' groups.
[attachment=762]

In order to configure Application Control to set 'Untrusted' status for unknown applications, perform the following actions:

1. open the main application window
2. in the right upper corner of the main application window, click Settings
3. in the upper part of the Settings window, select Protection Center
4. in the left part of the Settings window, select Application Control
5. in the right part of the Settings window in the Applications restriction section , select Move to the following group automatically and 'Untrusted' from the drop-down menu.
   [attachment=761]
6. in the Settings window, click the OK button
7. close the main application window.

How to move a non-malicious program from the "Untrusted" group
You configured Application Control to set 'Untrusted' status for unknown applications, but now ypu have problems starting or running a legit program.
In the bellow tutorial we will show you, how can to move a program from 'Untrusted' to the 'Trusted'?
NOTE : Before moving a program from "Untrusted" to "Trusted" make sure is 100% safe.

1. open the main application window
2. in the right upper corner of the main application window, click Settings
3. in the upper part of the Settings window, select Protection Center
4. in the left part of the Settings window, select Application Control and click on "Applications"
   [attachment=764]
5. In the new window , you will see an 'Untrusted' folder , click on it to expand the view
   [attachment=763]
6. Click on the program that you want to move to "Trusted" ,then right click on it. Select 'Move to group' and chose 'Trusted'
   [attachment=765]
7. Click the OK button

2. Enable Kaspersky Internet Security 2013 Interactive Mode.

What is 'Interactive' mode ?
In Interactive mode, Kaspersky Internet Security informs the user about all malicious and suspicious events. In this mode the user will manually select actions: allow or block activities.

While using this mode the user it will require much more user interaction but this a powerful barrier against unknown threats because it allows the user to better control its execution.

How to use Kaspersky Internet Security 2012 in 'Interactive' Mode
By default, the automatic protection mode is enabled in Kaspersky Internet Security 2012,in order to change the protection mode perform the following actions:

 

[Jack]

Hello guys, today I install Kaspersky Anti-Virus + Online Armor Firewall Pro, and I want to know which is advisable to leave them HIPS+ function :huh::huh:

The only issue with Kaspersky Anti-Virus and Online Armor is that, since KAV uses something similar to a proxy to filter network/Internet traffic, OA will see all (or at least most) network traffic as originating from KAV (or more specifically, as originating from the KAV process that handles the network traffic filtering). This essentially nullifies OA's ability to monitor which EXE's are accessing the Internet, as all network traffic will appear to be coming from a trusted EXE, and thus OA will never block network traffic from untrusted programs. You can see a better explanation of this issue in this post.
There might be other small incompatibilities, however Kaspersky Antivirus does not come with an HIPS feature (Kaspersky Application Control), so you must mean Kaspersky Internet Security 2013, because KAV does not come with a Host Intrustion Prevention System.
If you really want to use these two programs together, I would exclude each other process from being monitored.

---

Now, if you do have Kaspersky Internet Security installed, I would go with Kaspersky's Application Control, because it's very user friendly and easy to use. It's alerts are easy to understand, and Kaspersky has a really great white list, so you will not see any kind of pop-ups for known downloads.
Now, on default settings Kaspersky Application Control, is not as protective as Online Armor, so if you really want to improve Kaspersky Application Control settings, you can use the following two tweaks:

1. Configure Application Control to set 'Untrusted' status for unknown applications

What is Application Control in Kaspersky Internet Security 2013?
The Application Control component in Kaspersky Internet Security 2013 prevents applications from executing actions which can endanger the system, monitors access to your operating system and personal data using the Digital Identity Protection module.

The Application Control component logs the actions performed by applications in the system, and manages the applications' activities, based on which group they belong to. A set of rules is defined for each group of applications. These rules manage applications' access to various resources. Based on the system security factor, all applications can be divided into four pre-set groups of applications:

Trusted. Applications with a digital signature by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. Those applications' activity is monitored by Proactive Defense and File Anti-Virus.
Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received low value of the threat rating. They are allowed to perform some operations, such as access to other processes, system control, hidden network access. The user's permission is required for most operations.
High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high value of the threat rating. The applications of this group require the user's permission for most actions which affect the system: some actions are not allowed for such applications.
Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high value of the threat rating. Application Control blocks any actions performed by such applications.


How to configure Application Control to set 'Untrusted' status for unknown applications
When heuristic analysis is used by default, Application Control inspects each program for 30 seconds. If after that time the component does not complete identification of its threat rating, the program will receive by default the Low Restricted status (based on the Kaspersky Security Network data). For maximum protection is recommended that you configure the Application Control to set 'Untrusted' status for unknown applications.
By default Application Control will block any actions performed by the programs in the 'Untrusted' group , thus bringing a new level of security for your system.

Please note that when using this method, legit programs who aren't in Kaspersky white list or aren't digitally signed might be placed in the 'Untrusted' group so if a program will fail to start or run, it could be because of the limted rights of this specific group so you'll might have to manually move it from the 'Untrusted' group to a group which allows more rights to the program like the 'Trusted' or Limited Rights' groups.

In order to configure Application Control to set 'Untrusted' status for unknown applications, perform the following actions:

1. open the main application window
2. in the right upper corner of the main application window, click Settings
3. in the upper part of the Settings window, select Protection Center
4. in the left part of the Settings window, select Application Control
5. in the right part of the Settings window in the Applications restriction section , select Move to the following group automatically and 'Untrusted' from the drop-down menu.
   
   
6. in the Settings window, click the OK button
7. close the main application window.

How to move a non-malicious program from the "Untrusted" group
You configured Application Control to set 'Untrusted' status for unknown applications, but now you might have problems starting or running a legit program.
In the bellow tutorial we will show you, how can to move a program from 'Untrusted' to the 'Trusted'.
NOTE : Before moving a program from "Untrusted" to "Trusted" make sure is 100% safe.

1. open the main application window
2. in the right upper corner of the main application window, click Settings
3. in the upper part of the Settings window, select Protection Center
4. in the left part of the Settings window, select Application Control and click on "Applications"
5. In the new window , you will see an 'Untrusted' folder , click on it to expand the view
6. Click on the program that you want to move to "Trusted" ,then right click on it. Select 'Move to group' and chose 'Trusted'
7. Click the OK button

2. Enable Kaspersky Internet Security 2013 Interactive Mode.

What is 'Interactive' mode ?
In Interactive mode, Kaspersky Internet Security informs the user about all malicious and suspicious events. In this mode the user will manually select actions: allow or block activities.

While using this mode the user it will require much more user interaction but this a powerful barrier against unknown threats because it allows the user to better control its execution.

How to use Kaspersky Internet Security 2013 in 'Interactive' Mode
By default, the automatic protection mode is enabled in Kaspersky Internet Security 2013,in order to change the protection mode perform the following actions:

1. open the main application window
2. in the right upper corner of the main application window, click Settings
3. in the upper part of the Settings window, select Protection Center
4. under Interactive Protection, uncheck "Select action automatically", then click on OK.

[attachment=4277]

 

[Shadowave]

Thank you guys, I'll leave this combination ( KAV2013 + OA )for 30 days, because I did not activated license on OA and I will wait to see how it behaves on my pc. :d

 

[nishaddesilva]

Does Kaspersky have a full HIPS feature or is it just the Application Control's rating function that works as a HIPS?
If it has a full HIPS will it ask the user for responses in interactive mode, such as "Program A is trying to access the memory of Program B- Allow or Reject?" even if the Application Control is turned off?