Setup Idea Hardened System with Kaspersky

Operating System
Windows 10 / Windows 11
Login security
    • Hardware security key
    • Password-less (PIN, Biometric, Face)
    • Password (Aa-Zz, 0-9, Symbols)
Primary sign-in
Local account
Primary user
Admin user - Full permissions
Other users
Other accounts are Standard users
Windows UAC
Maximum - always notify
Real-time protection
  • Kaspersky Standard / Plus / Premium
  • Kaspersky KIS / KTS / KSCloud
  • Macrium Reflect Home -> Image Guardian
Software firewall
Provided by a third-party security vendor. Refer to 'Real-time protection' for details.
Custom RTP, Firewall and OS settings
* Custom RTP Kaspersky settings:
Settings -> Performance Settings -> PC Resource Consumption -> Perform recommended Actions Automatically: Deselect
(For users who don't like warning prompts, They may keep this setting Selected by default)

Settings -> Security Settings -> Intrusion Prevention -> Trust Digitally Signed Application: Deselect

Settings -> Security Settings -> Intrusion Prevention -> Trust group for applications that could not be added to existing groups: UnTrusted

Settings -> Security Settings -> Intrusion Prevention -> Trust group for applications started before startup of Kaspersky: High Restricted

Additionally, You can implement Stronger Rules to protected Folders/Files against Ransomware Attacks

Note: settings not mentioned would remain by default.

* OS Settings: disable lots of services with WPD
Periodic security scanners
  • WiseVector StopX (resident modules disabled)
  • Norton Power Eraser
  • AdwCleaner
Secure DNS
CloudFlare / NextDNS / Quad9
VPN
Mullvad / WindScribe
Password manager
KeePass 2 (manually -> Perform Auto-Type inside Mozilla FireFox)
Browsers, Search and Addons
* Browser: Mozilla FireFox

* Search Engine: Google

* Add-ons: uBlock Origin, Dark Reader, IndicateTLS, Simple Translate, LT Language Tool
Maintenance and Cleaning
PatchMyPC and/or RuskZuck to update system applications.
Personal Files & Photos backup
* At least 1 Cloud services: Mega, OneDrive, Google Drive, etc.

* 2 External Devices to save redundant BackUps.
Device recovery & backup
Macrium Reflect Home / AOMEI BackUpper
Recommended for
  1. Experienced users

harlan4096

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,901
This proposal of Setup Idea is relevant to these Kaspersky Products:
  • Kaspersky Standard / Plus / Premium
  • Kaspersky KIS / KTS / KSCloud

These Kaspersky Hardening tweaks try to emulate the old Trusted Application Mode, a feature that was removed by Kaspersky in their home products a few years ago, but in fact, it goes further and imposes stricter restrictions on the system.


* Some tips to working with PatchMyPC, RuckZuck, and new applications installations in general:

In many occasions, some unknown files by KSN spawn during installing new applications, and with current Intrusion Prevention settings, Kaspersky will irrevocably Block/Stop your installation. To avoid this inconvenience, see example below with PathMyPC, We can edit its Applications Rules and set these Exclusions:

1651573180947.png

For a new application installer (We take it for granted that we previously trusted it) that never was executed in the system, We may pre add it to Trusted Group this way:

1651573857222.png

Being in Intrusion Prevention -> Manage Applications: 1 left mouse click over Trusted Group, then 1 right mouse click, and select Add Application to Group, and finally select the new installer.

Once added, find the new installer via Search on top right of the window, select it with 1 right mouse click: Details and Rules -> Exclusions, set the Exclusions and Save.

Finally, run normally the installer :)
 
Last edited: