Guide | How To How To Setup Kaspersky Internet Security 2011 for Maximum Protection

The associated guide may contain user-generated or external content.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Known for being a power user's antimalware tool, Kaspersky has quietly evolved its Kaspersky Internet Security software into a somewhat kinder, gentler application more suitable for the masses.It this tutorial I will show you how to improve the protection offered by Kaspersky Internet Security 2011.

1.Enable 'Block dangerous web sites'​
If the box is checked, Web Anti-Virus blocks access to the websites which have been considered as suspicious or phishing ones by Kaspersky URL Advisor. If Web Anti-Virus cannot return a clear verdict on safety of the website to which a link directs, you will be offered to load this website in Safe Run. When activated in Safe Run, malicious objects do not impose any threat to your computer.

Web Anti-Virus allows to download websites in the safe environment for Microsoft Internet Explorer, Mozilla Firefox and Google Chrome.

If the box is unchecked, Web Anti-Virus does not block access to known suspicious websites automatically.
3817(en).gif

Read : How to enable "Block dangerous web sites "


2.Enable detection of other malicious programs in Kaspersky Internet Security 2011
Kaspersky Internet Security 2011 can detect hundreds thousands of malware programs that may reside on your computer. Some of these programs impose a greater threat for your computer, others are only dangerous when certain conditions are mett.Follow this tutorial and select all the threats to be detected.
g2wpk.png

Read : How to enable detection of other malicious programs in Kaspersky Internet Security 2011

3.Enable 'Concede resources to other applications'
When Kaspersky Internet Security runs scan tasks, this may result in increased workload on the CPU and disk subsystems, which impacts other applications' performance. By default, if such a situation arises, Kaspersky Internet Security pauses virus scan tasks and releases system resources for the user's applications.
3965_1(eng).gif


4.Enable 'Geo Filter'

Web Anti-Virus in Kaspersky Internet Security 2011 contain a new technology Geo Filter. Geo Filter is designed to block access to web sites on the grounds of their belonging to regional web domains avoid web sites from the most infected regional domains. This allows you to block access to websites which belong to regional domains with a high risk of infection.

The domain is recognized as blocked in the following cases:

  • access to the domain is blocked according to the Web Anti-Virus settings configured by a user
    last access to the domain was blocked by a user
  • If Geo Filter detects an attempt to access to a web site from the blocked region, the corresponding message appears.
3816_1(en).gif

Read : How to configure Geo Filter in Kaspersky Internet Security 2011

5.Enable 'Online Banking' (Optional)
When working with online banking, the user needs special protection, since leakages of confidential information may lead to financial losses. Web Anti-Virus can control access to the resources that you use when working with online banking, downloading them in a safe browser, thus ensuring advanced protection. Web Anti-Virus automatically defines which web resources are online banking services. For guaranteed identification of a web resource as online banking service, you can specify its URL in the corresponding list.
3818_1(en).gif

Read : How to configure Online Banking in Kaspersky Internet Security 2011

6. KIS and Application Control​

One of the core components of Kaspersky Internet Security 2010 is the Application Control feature.By tweaking the settings you can drastically improve the degree of protection offered by Kaspersky.

Because we will be using "Application Control" to further protect our computer we will want to known when an applications is placed in a restricted group.
How to get notifed when a applications is placed in Restricted Group.
  • Go to Settings and select Advanced Settings.
  • Click on Notifications and select Settings
  • In Minor notifications , check Applications Placed in Restricted Group. Click OK.

This are two ways to improve Kaspersky overall protection:
A.Unkown to "Untrusted"
If you decide to use this method , Kaspersky will put every application which isn't on their whitelist or digitally signed in the "Untrusted" category.Kaspersky Internet Security will block any actions performed by programs that are in the "Untrusted" Group
hMhQa.png


Be aware that safe programs who aren't in Kaspersky whitelist or aren't digitally signed might be placed in the "Untrusted" group so if a program fails to start, you might have to manually move it away from the "Untrusted" group to make it work.
This method will secure yout computer from 0-day threats, but it will also require the user to be more knowledgeable about which unknown executables should be allowed to run and to be prepared to manually configure this.

  1. How to set unknown programs to "Untrusted"
    • Go to Kaspersky Internet Security "Settings"
    • Select "Application Control"
    • In the "For unknown application:" section change the settings from "Use the heuristic analysis to define group" to "Move to the following group automatically" and select "Untrusted".
      dk8dr.png
    • Click "Apply" and "Ok"
  2. How to move a non-malicious program from the "Untrusted" group.
    So you've setup Kaspersky to not trust the unkwown programs, but KIS puts a legit program in the "Untrusted" group.
    So how can you move it to the Trusted?

    NOTE : Before moving a program from "Untrusted"to "Trusted" make sure is 100% safe.

    How to move a non-malicious program from the "Untrusted" group.
    • Go to Kaspersky Internet Security "Settings"
    • Select "Application Control" and click on "Applications.."
      9e0z5.png
    • In the new window , you will see an "Untrusted" folder , click on it to expand the view.
      zX6nN.png
    • Click on the program that you want to move to "Trusted" and right click on it. Select "Move to group:" > "Trusted"
    NNWdo.png

B.Kaspersky in Interactive Mode (Recommended for advanced users)
When you enable the Interactive Mode , Kaspersky will notify you of all hazardous and suspicious events. So you may get some alerts from Kaspersky but nevertheless this a pretty powerful barrier against unknown applications and threats because it allows you to control its execution strongly.

How To Enable Kaspersky's Interactive Mode
  • Go to Settings and select "General Settings"
  • In the "Interactive Protection" section , uncheck "Select action automatically".
  • Click " Apply" and "Ok"
3911_1(eng).gif



7.On-demand scan settings​
22jYU.png

  • Full Scan -> Settings
    Scope > All files. Enable Scan only new and changed files.
    Additional > Heuristic Analysis > Deep Scan. Rootkit Scan > Enable Detailed/Deep Scan.
    In Scan Scope/Objects to scan -> Add -> Disk boot sectors.
  • Critical Areas Scan / Quick Scan ->Settings:
    Scope > All files. Enable boxes: Scan all files, Scan all installation packages, Scan all embedded OLE objects.
    Additional > Heuristic Analysis > Deep Scan. Rootkit Scan -> Enable Detailed/Deep Scan.
    In Scan Scope/Objects to Scan: Add (if not) > System Backup storage.
  • Objects Scan/Custom Scan -> Settings:
    Scope > All files.
    Additional > Heuristic Analysis - Deep scan. Rootkit Scan > Enable Detailed/Deep Scan.
 

ballader1

New Member
Apr 14, 2011
65
Very nice post, however the only setting i do NOT like is the App control one, I leave it on default because KIS would move every good application that it's not aware of to Untrusted and I would have to move it to Trusted. Althrough if something gets past and goes into Low Restricted for example, I can easily go ahead move it to Untrusted....
 

bogdan

Level 1
Jan 7, 2011
1,362
Well, it is for maximum protection. The downside is that after setting up KIS like this, it will require much more user interaction. I think every user should experiment with the suite and choose settings based on what works best for him/her.
 

bogdan

Level 1
Jan 7, 2011
1,362
Default Settings: When you run an application that is not digitally signed, and it is not a known malicious application (according to signatures) KIS will first look for that application in the Kaspersky Security Network. According to the information it finds there it will place the application in a group. If the application is not found inside the Kaspersky Security Network, KIS uses heuristics to determine the group. It analyzes the application for 30 seconds. If this time interval turns out to be insufficient for defining the threat rating, the application is included into the Low restricted group, while defining the threat rating continues in background mode.

So setting "Move to the following group" to "Untrusted" won't place every unknown file there, just the ones that KIS doesn't find in the Security Network. Nevertheless, I still find that i need to manually move many good applications from Untrusted to something else.

Also the Low Restricted group will leave a considerable number of "doors" opened. Running the Comodo Leak Test as Low Restricted returns a score of 160/340. Running CLT as High restricted improved the score to 280/340.

According to the above arguments, I feel that changing "Move to the following group" to "Low Restricted" will potentially result in a lower protection level than the default settings and I do not recommend it. I would rather leave KIS use heuristics to determine the right group.

I also have mixed feelings about the "Trust applications with digital signature" setting. According to this tutorial that setting should remain checked, but the number of digitally signed apps that are malicious seems to be growing, so for maximum protection, I would disable that setting too.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
bogdan said:
I also have mixed feelings about the "Trust applications with digital signature" setting. According to this tutorial that setting should remain checked, but the number of digitally signed apps that are malicious seems to be growing, so for maximum protection, I would disable that setting too.

True it doesn't mean that digitally signed can be trust it can be in clean or malicious thing. Digitally signed means have a name from the publisher.
 

ballader1

New Member
Apr 14, 2011
65
1) When I said KIS doesn't know about the file, I meant the whole kaspersky thing
2) When I say I leave it on default, I mean the heuristic analysis...
3)I think KIS verifies the dig sigs before it moves the app to Trusted, but I am not so sure about that...
 

bogdan

Level 1
Jan 7, 2011
1,362
Yes it verifies the signature/certificate for its validity but considering how easy some Certification Authorities give certificates and the huge number of Registration Authorities that you have no choice but to trust it is easy to stumble upon a malicious executable signed by some unknown company. As james said I wouldn't trust an executable just because it is digitally signed.

A bit unrelated to the topic: Bad certificates get revoked but it appears that if your browser is unable to connect to the server containing the up to date CRL (Certificate Revocation List) it will by default trust the certificate.
 

MrXidus

Super Moderator (Leave of absence)
Apr 17, 2011
2,503
Wow very informative post well done I like the job you did on the GIF's.

I'd love to give Kaspersky a test run with this setup.
 

McLovin

Level 78
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,228
Very good information on how to setup Kaspersky...next time i use Kaspersky I probs us this method. :p
 

bogdan

Level 1
Jan 7, 2011
1,362
I find the Geo Filter to be extremely annoying if enabled but left on default settings - too many prompts. Of course you can customize it but this might be a tedious job. Users that don't have the patience to answer pop-ups might want to leave it disabled.

Nothing is mentioned about the firewall. If you don't trust all the computers in your network (someone else uses them and they seem to find a way to infect them often) you should set your network to public. This will prevent file & printer sharing functionality though.
See: How to change the network status in Kaspersky Internet Security 2011?
 

ballader1

New Member
Apr 14, 2011
65
@bodgan Hi, I leave Geo-Filter disabled, I think that's a right thing to do, it won't increase the protection much, if u just block websites from certain countries.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top