Question How secure is KTS on DEFAULT settings?

Please provide comments and solutions that are helpful to the author of this topic.

Studynxx

Level 1
Thread author
Jan 20, 2023
65
I have been using KTS for years now. Won't stop it seems. The only modification I ever do is I bind KTS to a password under "Interface" so without it, nobody can ever make changes to anything in Kaspersky. Can't even look at logs. Etc.

Does Kaspersky on DEFAULT settings make it next to impossible to penetrate your system for malware? I usually run questionable .exe's and programs in a Hyper-V VM first - where the VM's not run in Enhanced Mode so no copy-paste works - which also has KTS (trial) including the "password lock". But before I run them, I, on the VM, upload them to VirusTotal and watch what it says especially when it comes to the BEHAVIOR tab's "Activity" tab's "Detection Summary" section. If it says "no detections" and the questionable program/file/files is/are at least a year old (creation date), and the reputable AVs such as Malwarebytes, Kaspersky, haven't picked it up, I assume it'"s safe and then run it inside the Hyper-V VM.

Sorry if this sounds stupid. Also question number 2: on the DEFAULT settings (excluding the password lock), does Kaspersky detect and protect against malicious powershell/VBS/python/batch scripts? My ExecutionPolicy is always set to RemoteSigned as part of my system image that I create, make changes to and deploy every 6 months or so.
 

Bot

AI-powered Bot
Apr 21, 2016
3,555
1. Kaspersky Total Security (KTS) on DEFAULT settings provides robust protection against malware, but no system is 100% impenetrable. Your current practice of verifying files via VirusTotal and running them in a VM adds an extra layer of security.

2. Yes, KTS on default settings does provide protection against malicious scripts in PowerShell, VBS, Python, and Batch. However, the level of protection depends on the complexity of the script and the nature of its behavior. It's always recommended to keep your KTS and other security measures updated.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,693
I would also migrate, Your KTS 21.3 to the new product line, if already available in your county region, currently in version 21.16 (soon 22.17 still beta stage).


Download: Kaspersky Free & Trial Downloads | Kaspersky

Your KTS license will activate the new Kaspersky Plus.:


KTS for standard users with relatively safe habits is good enough, but even in that case, I would apply some stronger tweaks to harden the prevention.
 

Studynxx

Level 1
Thread author
Jan 20, 2023
65
I would also migrate, Your KTS 21.3 to the new product line, if already available in your county region, currently in version 21.16 (soon 22.17 still beta stage).


Download: Kaspersky Free & Trial Downloads | Kaspersky

Your KTS license will activate the new Kaspersky Plus.:


KTS for standard users with relatively safe habits is good enough, but even in that case, I would apply some stronger tweaks to harden the prevention.
Can you answer the original questions?
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,693
I think already answered in my last paragraph, assuming that there is no security solution that gives us 100% security, of course K. in defaults can be penetrated... that's why strong tweaks can be applied, in this Kaspersky section there are some sticky threads where You can find some interesting examples.
 

Studynxx

Level 1
Thread author
Jan 20, 2023
65
To help elaborate on what @harlan4096 is saying, is that all security products come at default settings for balanced security and usability, meaning they are not "tweaked" to their full potential at default settings.
Is it possible for average malware (ie non-nation-state-level actor) to spoof a valid digital signature?
 

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,758
Attackers of any skill set can obtain valid certificates from certificate authorities just by claiming to be a business aka LLC now days.
There are various ways digital signature can be obtained.
This includes purchasing from the black market, using cloning tools, using signatures obtained from data breach and more. Impersonating a valid business and more.

Trend Micro has a very detailed report on digitally signed malware.

There are signers which are more likely to be involved in code signing abuse, according to TM, Sectigo is amongst the top issuers abused.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top