Setup Idea Hardened System with Kaspersky

Operating System
Windows 10 / Windows 11
Login Unlock
    • Passwordless PIN or Biometrics
Sign-in with
Local account (offline)
Primary user
Administrator rights - Full permissions that can perform harmful changes
Additional users
Set with Standard user rights
Windows UAC
Always notify
Always-on protection
  • Kaspersky Standard / Plus / Premium
  • Kaspersky KIS / KTS / KSCloud
  • Macrium Reflect Home -> Image Guardian
Firewall
Firewall (user-choice). See details below.
Custom RT/Firewall security
* Custom RTP Kaspersky settings:
Settings -> Performance Settings -> PC Resource Consumption -> Perform recommended Actions Automatically: Deselect
(For users who don't like warning prompts, They may keep this setting Selected by default)

Settings -> Security Settings -> Intrusion Prevention -> Trust Digitally Signed Application: Deselect

Settings -> Security Settings -> Intrusion Prevention -> Trust group for applications that could not be added to existing groups: UnTrusted

Settings -> Security Settings -> Intrusion Prevention -> Trust group for applications started before startup of Kaspersky: High Restricted

Additionally, You can implement Stronger Rules to protected Folders/Files against Ransomware Attacks

Note: settings not mentioned would remain by default.

* OS Settings: disable lots of services with WPD
Periodic scanning
  • WiseVector StopX (resident modules disabled)
  • Norton Power Eraser
  • AdwCleaner
Secure DNS
CloudFlare / NextDNS / Quad9
VPN
Mullvad / WindScribe
Password manager
KeePass 2 (manually -> Perform Auto-Type inside Mozilla FireFox)
Browsers and Extensions
* Browser: Mozilla FireFox

* Search Engine: Google

* Add-ons: uBlock Origin, Dark Reader, IndicateTLS, Simple Translate, LT Language Tool
Utilities for Maintenance
PatchMyPC and/or RuskZuck to update system applications.
Files & Photos backup
* At least 1 Cloud services: Mega, OneDrive, Google Drive, etc.

* 2 External Devices to save redundant BackUps.
Emergency recovery plan
Macrium Reflect Home / AOMEI BackUpper
Recommended for
  1. Experienced users

harlan4096

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
8,061
This proposal of Setup Idea is relevant to these Kaspersky Products:
  • Kaspersky Standard / Plus / Premium
  • Kaspersky KIS / KTS / KSCloud

These Kaspersky Hardening tweaks try to emulate the old Trusted Application Mode, a feature that was removed by Kaspersky in their home products a few years ago, but in fact, it goes further and imposes stricter restrictions on the system.


* Some tips to working with PatchMyPC, RuckZuck, and new applications installations in general:

In many occasions, some unknown files by KSN spawn during installing new applications, and with current Intrusion Prevention settings, Kaspersky will irrevocably Block/Stop your installation. To avoid this inconvenience, see example below with PathMyPC, We can edit its Applications Rules and set these Exclusions:

1651573180947.png

For a new application installer (We take it for granted that we previously trusted it) that never was executed in the system, We may pre add it to Trusted Group this way:

1651573857222.png

Being in Intrusion Prevention -> Manage Applications: 1 left mouse click over Trusted Group, then 1 right mouse click, and select Add Application to Group, and finally select the new installer.

Once added, find the new installer via Search on top right of the window, select it with 1 right mouse click: Details and Rules -> Exclusions, set the Exclusions and Save.

Finally, run normally the installer :)
 
Last edited: