Question How secure is KTS on DEFAULT settings?

Please provide comments and solutions that are helpful to the author of this topic.
S

Studynxx

Level 8
Thread author
Verified
Well-known
Jan 20, 2023
429
368
667
I have been using KTS for years now. Won't stop it seems. The only modification I ever do is I bind KTS to a password under "Interface" so without it, nobody can ever make changes to anything in Kaspersky. Can't even look at logs. Etc.

Does Kaspersky on DEFAULT settings make it next to impossible to penetrate your system for malware? I usually run questionable .exe's and programs in a Hyper-V VM first - where the VM's not run in Enhanced Mode so no copy-paste works - which also has KTS (trial) including the "password lock". But before I run them, I, on the VM, upload them to VirusTotal and watch what it says especially when it comes to the BEHAVIOR tab's "Activity" tab's "Detection Summary" section. If it says "no detections" and the questionable program/file/files is/are at least a year old (creation date), and the reputable AVs such as Malwarebytes, Kaspersky, haven't picked it up, I assume it'"s safe and then run it inside the Hyper-V VM.

Sorry if this sounds stupid. Also question number 2: on the DEFAULT settings (excluding the password lock), does Kaspersky detect and protect against malicious powershell/VBS/python/batch scripts? My ExecutionPolicy is always set to RemoteSigned as part of my system image that I create, make changes to and deploy every 6 months or so.
 
1. Kaspersky Total Security (KTS) on DEFAULT settings provides robust protection against malware, but no system is 100% impenetrable. Your current practice of verifying files via VirusTotal and running them in a VM adds an extra layer of security.

2. Yes, KTS on default settings does provide protection against malicious scripts in PowerShell, VBS, Python, and Batch. However, the level of protection depends on the complexity of the script and the nature of its behavior. It's always recommended to keep your KTS and other security measures updated.
 
  • Like
  • HaHa
Reactions: harlan4096, Jack and Studynxx
I would also migrate, Your KTS 21.3 to the new product line, if already available in your county region, currently in version 21.16 (soon 22.17 still beta stage).

Kaspersky: Basic, Standard, Plus, Premium - info & FAQ

Our new solutions embody our vision of modern-day cybersecurity. In addition to new names, you will find a brand new user interface, and a host of new functionality. Solutions are presented by several plans. The plans differ by level of protection, and by the number of features and services made ...
forum.kaspersky.com forum.kaspersky.com

Download: Kaspersky Free & Trial Downloads | Kaspersky

Your KTS license will activate the new Kaspersky Plus.:

Comparison of subscription plans

support.kaspersky.com support.kaspersky.com

KTS for standard users with relatively safe habits is good enough, but even in that case, I would apply some stronger tweaks to harden the prevention.
 
  • Like
Reactions: Brahman, Jonny Quest, roger_m and 2 others
harlan4096 said:
I would also migrate, Your KTS 21.3 to the new product line, if already available in your county region, currently in version 21.16 (soon 22.17 still beta stage).

Kaspersky: Basic, Standard, Plus, Premium - info & FAQ

Our new solutions embody our vision of modern-day cybersecurity. In addition to new names, you will find a brand new user interface, and a host of new functionality. Solutions are presented by several plans. The plans differ by level of protection, and by the number of features and services made ...
forum.kaspersky.com forum.kaspersky.com

Download: Kaspersky Free & Trial Downloads | Kaspersky

Your KTS license will activate the new Kaspersky Plus.:

Comparison of subscription plans

support.kaspersky.com support.kaspersky.com

KTS for standard users with relatively safe habits is good enough, but even in that case, I would apply some stronger tweaks to harden the prevention.
Click to expand...
Can you answer the original questions?
 
I think already answered in my last paragraph, assuming that there is no security solution that gives us 100% security, of course K. in defaults can be penetrated... that's why strong tweaks can be applied, in this Kaspersky section there are some sticky threads where You can find some interesting examples.
 
  • Like
Reactions: Berny, Jonny Quest and ForgottenSeer 109138
Practical Response said:
To help elaborate on what @harlan4096 is saying, is that all security products come at default settings for balanced security and usability, meaning they are not "tweaked" to their full potential at default settings.
Click to expand...
Is it possible for average malware (ie non-nation-state-level actor) to spoof a valid digital signature?
 
Practical Response said:
Attackers of any skill set can obtain valid certificates from certificate authorities just by claiming to be a business aka LLC now days.
Click to expand...
There are various ways digital signature can be obtained.
This includes purchasing from the black market, using cloning tools, using signatures obtained from data breach and more. Impersonating a valid business and more.

Trend Micro has a very detailed report on digitally signed malware.
www.trendmicro.com

Understanding Code Signing Abuse in Malware Campaigns

Using a machine learning system, we analyzed 3 million software downloads, and provide insights in this three-part blog series. In this part of this series, we discuss the problems regarding code signing abuse.
www.trendmicro.com www.trendmicro.com

There are signers which are more likely to be involved in code signing abuse, according to TM, Sectigo is amongst the top issuers abused.
 
  • +Reputation
  • Like
Reactions: Khushal and Gandalf_The_Grey

You may also like...