Setup Idea Hardened System with Kaspersky

Log-in security
    • Biometrics (Windows Hello PIN, TouchID, Face, Iris, Fingerprint)
Windows UAC
Always notify
Real-time security
  • Kaspersky Standard / Plus / Premium
  • Kaspersky KIS / KTS / KSCloud
  • Macrium Reflect Home -> Image Guardian
Firewall security
About custom security
* Custom RTP Kaspersky settings:
Settings -> Performance Settings -> PC Resource Consumption -> Perform recommended Actions Automatically: Deselect
(For users who don't like warning prompts, They may keep this setting Selected by default)

Settings -> Security Settings -> Intrusion Prevention -> Trust Digitally Signed Application: Deselect

Settings -> Security Settings -> Intrusion Prevention -> Trust group for applications that could not be added to existing groups: UnTrusted

Settings -> Security Settings -> Intrusion Prevention -> Trust group for applications started before startup of Kaspersky: High Restricted

Additionally, You can implement Stronger Rules to protected Folders/Files against Ransomware Attacks

Note: settings not mentioned would remain by default.

* OS Settings: disable lots of services with WPD
Periodic malware scanners
  • WiseVector StopX (resident modules disabled)
  • Norton Power Eraser
  • AdwCleaner
Browser(s) and extensions
* Browser: Mozilla FireFox

* Search Engine: Google

* Add-ons: uBlock Origin, Dark Reader, IndicateTLS, Simple Translate, LT Language Tool
Secure DNS
CloudFlare / NextDNS / Quad9
Desktop VPN
Mullvad / WindScribe
Password manager
KeePass 2 (manually -> Perform Auto-Type inside Mozilla FireFox)
Maintenance tools
PatchMyPC and/or RuskZuck to update system applications.
File and Photo backup
* At least 1 Cloud services: Mega, OneDrive, Google Drive, etc.

* 2 External Devices to save redundant BackUps.
System recovery
Macrium Reflect Home / AOMEI BackUpper
Recommended for
  1. Experienced users


Thread author
Staff Member
Malware Hunter
Apr 28, 2015
This proposal of Setup Idea is relevant to these Kaspersky Products:
  • Kaspersky Standard / Plus / Premium
  • Kaspersky KIS / KTS / KSCloud

These Kaspersky Hardening tweaks try to emulate the old Trusted Application Mode, a feature that was removed by Kaspersky in their home products a few years ago, but in fact, it goes further and imposes stricter restrictions on the system.

* Some tips to working with PatchMyPC, RuckZuck, and new applications installations in general:

In many occasions, some unknown files by KSN spawn during installing new applications, and with current Intrusion Prevention settings, Kaspersky will irrevocably Block/Stop your installation. To avoid this inconvenience, see example below with PathMyPC, We can edit its Applications Rules and set these Exclusions:


For a new application installer (We take it for granted that we previously trusted it) that never was executed in the system, We may pre add it to Trusted Group this way:


Being in Intrusion Prevention -> Manage Applications: 1 left mouse click over Trusted Group, then 1 right mouse click, and select Add Application to Group, and finally select the new installer.

Once added, find the new installer via Search on top right of the window, select it with 1 right mouse click: Details and Rules -> Exclusions, set the Exclusions and Save.

Finally, run normally the installer :)
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.