Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Do we actually need so many security programs?
Message
<blockquote data-quote="harlan4096" data-source="post: 774825" data-attributes="member: 36043"><p>Not much to say, all exposed by [USER=32260]@Andy Ful[/USER] & [USER=56349]@Lockdown[/USER] are correct...</p><p></p><p>Some months ago I was posting malware results with KTS with TAM enabled, and it was very strong blocking unknown malware, also scripts... in some cases scripts were blocked just because unknown (TAM) and in others apart to be blocked by TAM were also detected by Heur, KSN, AMSI or signatures...</p><p></p><p>As [USER=56349]@Lockdown[/USER] said, if You move all those interpreters to Low/High Restricted and the user is in Interactive Mode, probably a ton of warnings/isues will come <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /> many due to some bugs in Application Control...</p><p></p><p>And I agree, default Mode/Settings of KIS/KTS are weak, but proper for standard users to manage/install and forget... but just enabling Interactive Mode (with those defaults settings) will improve enormously the prevention, because all those "Prompt for Action" in Low Restricted, for example, that are allowed in Auto Mode will get active in Interactive, but We found here the handicap of HIPS products, the users have to answer correctly to those warnings...</p><p></p><p>Any of the defaults rules/rights for trusted groups can be tweaked with own and strong rules, and as [USER=56349]@Lockdown[/USER] pointed, You don't need to run once an application or executable, dll, etc. to appear in the AC, You can add it manually to a specific restriction group easily before run it for the 1st time...</p><p></p><p></p><p>Agree, also there is no much/proper information/features about how to use/tweak it, and the same about TAM and/or working in relation with the others protections modules: Application Control, System Watcher, etc.</p></blockquote><p></p>
[QUOTE="harlan4096, post: 774825, member: 36043"] Not much to say, all exposed by [USER=32260]@Andy Ful[/USER] & [USER=56349]@Lockdown[/USER] are correct... Some months ago I was posting malware results with KTS with TAM enabled, and it was very strong blocking unknown malware, also scripts... in some cases scripts were blocked just because unknown (TAM) and in others apart to be blocked by TAM were also detected by Heur, KSN, AMSI or signatures... As [USER=56349]@Lockdown[/USER] said, if You move all those interpreters to Low/High Restricted and the user is in Interactive Mode, probably a ton of warnings/isues will come :D many due to some bugs in Application Control... And I agree, default Mode/Settings of KIS/KTS are weak, but proper for standard users to manage/install and forget... but just enabling Interactive Mode (with those defaults settings) will improve enormously the prevention, because all those "Prompt for Action" in Low Restricted, for example, that are allowed in Auto Mode will get active in Interactive, but We found here the handicap of HIPS products, the users have to answer correctly to those warnings... Any of the defaults rules/rights for trusted groups can be tweaked with own and strong rules, and as [USER=56349]@Lockdown[/USER] pointed, You don't need to run once an application or executable, dll, etc. to appear in the AC, You can add it manually to a specific restriction group easily before run it for the 1st time... Agree, also there is no much/proper information/features about how to use/tweak it, and the same about TAM and/or working in relation with the others protections modules: Application Control, System Watcher, etc. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
