How should I configure Kaspersky 2018 to be as secure as possible?

LukeLovesSecurity

Level 4
Thread author
Verified
Jul 28, 2017
185
I plan on using the configuration I presented here. Kaspersky is pretty much the heart of the configuration. So how should I configure my settings to have the best security possible? I can only find guides for KIS 2016. Is 2018 different as far as settings?
 

Huchim

Level 5
Verified
Well-known
Oct 17, 2015
240
You can start using that config for 2016, in recent versions, Kaspersky have included VPN, software updater and software cleaner, the main components of protection works with almost same settings of 2016
 
  • Like
Reactions: XhenEd

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
As mentioned above, there are hardly any provisions needing configuration in the newer versions.
  • Since you've HMPA alongside, disable "Automatic Exploit Prevention" in Kaspersky System Watcher to cut out any chances of conflicts. Yes, quite some users use them together without issues but you cannot predict their compatibility during an exploit attack (hard to come by right?). HMPA covers more attack vectors and apparently has a stronger exploit mitigation implementation.
  • We already have this and this guide to maximize KIS/KTS settings. Both have a little different content and you can choose the best tweaks from each.
  • Trusted Applications Mode (sort of default-deny) will be great unless you experiment frequently with less known apps. High Heuristics might affect performance.
  • Disable "Trust Digitally Signed Applications". Set "Trust group" of unknown apps to "High Restricted" / "Untrusted" .. and that of apps starting before Kaspersky as "High Restricted". Check if the latter causes any trouble. It used to work fine for me.
  • Follow the "Protected folders .." tweaks from the 2nd link for fortified data protection.
  • Keep the "search for rootkits.." ON unless you find that it visibly affects your performance.
  • In Additional>Network settings, select "Monitor all ports".
  • Make sure to use the built-in Software Updater timely.
  • Make sure to enable System Changes Control (as in guide 1) & choose the desired options.
  • In Firewall settings, you can configure "configure packet rules" (make changes here only if you know what you're doing) and "configure application rules". In the latter, you can change Internet access permissions for different apps or app groups. Eg. if you do not want some unknown installed programs to call out or vice versa, this will be handy.
  • If you want the finest control on what's happening in your OS, disable "Perform recommended actions automatically" in "General settings". This will provide you HIPS-based alerts on tons of activities, it will keep you busy learning though!
There are a lot of provisions in Kaspersky to experiment and that is for you to discover.
 
Last edited:

LukeLovesSecurity

Level 4
Thread author
Verified
Jul 28, 2017
185
As mentioned above, there are hardly any provisions needing configuration in the newer versions.
  • Since you've HMPA alongside, disable "Automatic Exploit Prevention" in Kaspersky System Watcher to cut out any chances of conflicts. Yes, quite some users use them together without issues but you cannot predict their compatibility during an exploit attack (hard to come by right?). HMPA covers more attack vectors and apparently has a stronger exploit mitigation implementation.
  • We already have this and this guide to maximize KIS/KTS settings. Both have a little different content and you can choose the best tweaks from each.
  • Trusted Applications Mode (sort of default-deny) will be great unless you experiment frequently with less known apps. High Heuristics might affect performance.
  • Disable "Trust Digitally Signed Applications". Set "Trust group" of unknown apps to "High Restricted" / "Untrusted" .. and that of apps starting before Kaspersky as "High Restricted". Check if the latter causes any trouble. It used to work fine for me.
  • Follow the "Protected folders .." tweaks from the 2nd link for fortified data protection.
  • Keep the "search for rootkits.." ON unless you find that it visibly affects your performance.
  • In Additional>Network settings, select "Monitor all ports".
  • Make sure to use the built-in Software Updater timely.
  • Make sure to enable System Changes Control (as in guide 1) & choose the desired options.
  • In Firewall settings, you can configure "configure packet rules" (make changes here only if you know what you're doing) and "configure application rules". In the latter, you can change Internet access permissions for different apps or app groups. Eg. if you do not want some unknown installed programs to call out or vice versa, this will be handy.
  • If you want the finest control on what's happening in your OS, disable "Perform recommended actions automatically" in "General settings". This will provide you HIPS-based alerts on tons of activities, it will keep you busy learning though!
There's a lot more provisions in Kaspersky to experiment and that is for you to discover.
Thanks for the help! Very informative. :D
 
  • Like
Reactions: Parsh

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top