How to setup Kaspersky Internet Security 2016 for Maximum Protection (Guide)

[Jack]

Kapersky Internet Security 2016 offers a great level of protection on its default settings. However, there are a few settings which you can change to increase even more the protection offered by Kapersky Internet Security 2016.

This guide should also cover Kaspersky Total Security 2016, and some settings should apply to Kaspersky Antivirus 2016.​

1. Enable "System Changes Control" to block changes to operating system and web browser settings
If the web browser start page or the default search engine has changed without your intention, it might be activity of an adware or malware. In some cases, such changes are caused by add-ons that come with software you install (for example, with media players or instant messengers). Sometimes system settings are affected by malicious scripts that could have reached your computer through insecure websites.

With System Changes Control in Kaspersky Internet Security 2016, you can trace and block unwanted changes to the system settings.

1. Open Settings menu in KIS 2016 by clicking the gear icon in the lower left part of the user interface.
   
2. In the Settings window, go to Protection and select System Changes Control.
   
   
   
   
3. In the component settings view, enabled System Changes Control (the switch on the right must be On). You will be prompted for action whenever a suspicious change of settings is detected.
   • Select the check box Block changes automatically if you want Kaspersky Internet Security to decide which actions to block (Optional).
   
   
   

2. Enable Trusted Applications mode to boost your protection

The Trusted Applications mode in Kaspersky Internet Security 2016 blocks all applications that are not considered Trusted (for example, the applications on which there is no information in Kaspersky Security Network database or those received from an unreliable source).

Before you enable the Trusted Applications mode, make sure Application Control, File Anti-Virus, and System Watcher are enabled in the product.

How to enable or disable the Trusted Applications mode

1. Open Kaspersky Internet Security 2016, then on click Additional Tools.
   
   
   
   
2. In the Tools window, click Trusted Applications mode.
   
   
   
   
3. In the Trusted Applications mode window, click on the Enable button.
   
4. Kaspersky Internet Security 2016 will scan the operating system and the applications installed on the computer. Scanning may take a significant period of time (up to several hours). The scan is performed only at the first startup. Wait until the scan is complete.
   
5. Click Manage applications to adjust restrictions for the applications.

3. Change the Application Control setting for Maximum Protection

Configure Application Control to set 'Untrusted' status for unknown applications

What is Application Control?
The Application Control component logs the actions performed by applications in the system and manages the applications’ activity based on rules. When an application tries to access the operating system or personal data, Application Control allows or blocks access to the resource according to the rules or prompts to select an action.

The Application Control component logs the actions performed by applications in the system, and manages the applications' activities, based on which group they belong to. A set of rules is defined for each group of applications. These rules manage applications' access to various resources. Based on the system security factor, all applications can be divided into four pre-set groups of applications:

• Trusted. Applications with digital signatures issued by trusted vendors, or applications that are listed in the Kaspersky Lab trusted applications database. These applications have no restrictions on their activity in the system.
• Low Restricted. Applications that do not have a digital signature from a trusted vendor and are not listed in theKaspersky Lab database of trusted applications. These applications have certain restrictions on accessing other processes, controlling the system, and accessing the network without notifying the user. However, the user's permission is required for most operations.
• High Restricted. This group includes applications that are not listed in the base of trusted applications and do not have a digital signature. The applications from this group require user's permission for most actions affecting the system; some actions are not allowed to such applications.
• Untrusted. This group includes applications that are not listed in the base of trusted applications and do not have a digital signature. Application Control blocks any action performed by such applications.

How to configure Application Control to set 'Untrusted' status for unknown applications

When heuristic analysis is used by default, Application Control inspects each program for 30 seconds. If after that time the component does not complete identification of its threat rating, the program will receive by default the Low Restricted status (based on the Kaspersky Security Network data). For maximum protection is recommended that you configure the Application Control to set 'Untrusted' status for unknown applications.

By default Application Control will block any actions performed by the programs in the 'Untrusted' group , thus bringing a new level of security for your system.


In order to configure Application Control to set 'Untrusted' status for unknown applications, perform the following actions:

1. Open Settings menu in KIS 2016 by clicking the gear icon in the lower left part of the user interface.
2. In the Settings window, go to Protection and select select Application Control
3. In the Applications Control settings, under Change trust group for unknown applications select 'Untrusted' from the drop-down menu. Click "Save" to apply this settings
   
   

How to move a trusted program from the "Untrusted" group
If Application Control blocks the work of an important application, you can adjust the rights of the application.

We have now configured the Application Control to set 'Untrusted' status for unknown applications, however this may cause sometimes issues when starting or running a legit program that aren't in Kaspersky database.

In the bellow guide I will show you, how you can move a program from the 'Untrusted' group to the 'Trusted' group.

1. Open Settings menu in KIS 2016 by clicking the gear icon in the lower left part of the user interface.
2. In the Settings window, go to Protection and select select Application Control
3. In the Applications restriction settings, select Manage Applications.
   
   
4. In the new window , you will see an 'Untrusted' folder , click on it to expand the view. Net, click on the program that you want to move to "Trusted", then right click on it. Select 'Move to group' and chose 'Trusted'.
   
   

4. Enable riskware detection in Kaspersky Internet Security 2016

Kaspersky Lab products can detect thousands of malicious programs. Some of them pose great risks to your computer, others can be harmful only under certain conditions. By default, detection of the following types of threats is enabled in Kaspersky Lab products:

• Viruses and worms
• Trojans
• Malicious tools
• Adware
• Dialers
• Suspicious packers
• Multipacked files

You can also enable detection of legitimate programs, which can be used for malicious purposes.

1. Open the Settings window, go to the Additional section and select Threats and Exclusions in the right frame.
2. In the Threats and Exclusions settings view, select the check box Detect other software that can be used by criminals to damage your computer or personal data.
   
   

5. Configure the Kaspersky File Antivirus and Web Antivirus for Maximum Protection. (May slow down your system)

Kaspersky Internet Security 2016 offers an easy way to quickly setup the File Antivirus and Web Antivirus for Maximum Protection, however using this option may affect your system performance.

Spoiler: Configure File Antivirus and Web Antivirus for Maximum Protection. (May slow down your system)

1. Open Settings menu in KIS 2016 by clicking the gear icon in the lower left part of the user interface.
   
   
   
   
2. In the Settings window, under General and select Maximum security level from the Default Settings menu.
   
   

To avoid a significant system impact we will manually change some of the settings for the File Antivirus.

1. Open Settings menu in KIS 2016 by clicking the gear icon in the lower left part of the user interface.
2. In the Settings window, go to Protection and select File Anti-Virus settings, then click on "Advanced Settings"
   
   
3. In the File Anti-Virus Advanced Settings, in the Scan Methods section, change the "Heuristic Analysis" to "Deep scan"
   
   

6.Use Kasperksy in "Interactive Proteciton" to have total control (Recommended for Advanced Users Only)

What is 'Interactive Protection' mode ?
In Interactive Protection mode, Kaspersky Internet Security informs the user about all malicious and suspicious events. In this mode the user will manually have to select an action (allow or block).

While using this mode the user it will require much more user interaction but this a powerful barrier against unknown threats because it allows the user to better control its execution.

How to enable Kaspersky Internet Security 2016 in 'Interactive Protection' mode

1. Open Settings menu in KIS 2016 by clicking the gear icon in the lower left part of the user interface.
   
2. In the Settings window, under General, in the Interactive Protection section, uncheck Perform recommended actions automatically.
   
   

How to restore Kaspersky Internet Security 2016 to default settings​

If at any point you wish to revert to the default Kaspersky Internet Security 2016 settings, please follow the below steps.

1. Open Settings menu by clicking the gear icon in the lower left part of the user interface.
   
2. In the Settings window, under General tab, click on Manage Settings and select Restore Settings.
   
3. In the Restore settings window, select Restore all settings and click on Next. Kaspersky should now revert back to its factory settings.
   

That's it. If you know other settings which will increase the level of security offered by Kaspersky Internet Security 2016, please post them in this thread and I'll update this guide. Thank you!​

 

[harlan4096]

Very well explained, great guide!

Although File-AV & Web Anti-AV modules in maximum level may slowdown Web surfing and/or the system in general depending on the hardware specs better to try and check

 

[DardiM]

Great Post ! I just modified my Kaspersky Total Security after have read this guide

 

[shmu26]

what about this one:
in application control, set trust group for programs that start before Kaspersky to high restricted

 

[DJ Panda]

Thanks for the guide @Jack sadly Kaspersky isn't able to run well on my system. If it could I would use it in a heartbeat.

 

[jamescv7]

Its been a long time since Kaspersky's Configuration is too powerful and technical that must have updated manual guide for the avid user.

Especially that Application Control is full of complexity which may use in good or bad way depends on the preparation setup.

 

[harlan4096]

Talking about Application Control tweaks, here there are 2 interesting articles:

How to protect against file-encrypting malware (cryptoware) in Kaspersky Internet Security 2015
How to protect your computer from Trojan-Ransom (WinLock) using Application Control in Kaspersky Total Security

Also, I even would go to uncheck "Trust digitally signed application", but I understand that for standard/medium users could be a bit problematic to manage in certain conditions

 

[Professor Severus Snape]

Enable riskware detection is very useful, i think kaspersky should enable it as default setting in future.
just finish follow some step in above post, Btw, good job Jack for helpful thread

 

[shmu26]

if we are already talking Application Control and TAM, how does Kaspersky protect vulnerable windows processes, such as rundll and the others, from being exploited in a file-less attack?
Is there a way to tweak the protection for this?

 

[Wihat]

I just bought a KIS license key

 

[harlan4096]

if we are already talking Application Control and TAM, how does Kaspersky protect vulnerable windows processes, such as rundll and the others, from being exploited in a file-less attack?
Is there a way to tweak the protection for this?

Kaspersky 2016/2017 has its own anti-exploit technology integrated in System Watcher...

 

[HarborFront]

Hi

Just to ask.

With the max settings does KIS 2017 still needs the Kaspersky Anti-Ransom Tool for Business to better protect against ransomware?

Thanks

 

[Evjl's Rain]

no, Kas. antiransomware tool uses KSN and system rollback which already included in KIS. Also you won't be able to install KARW on top of KIS

 

[HarborFront]

no, Kas. antiransomware tool uses KSN and system rollback which already included in KIS. Also you won't be able to install KARW on top of KIS

Thanks

 

[minegroasprilla]

@Jack , No guide for version 2017?

 

[harlan4096]

Those steps are also valid for K2017...

 

[Sundaram999]

Thanks Jack!!!

 

[koko]

Thanks for the post!

 

[MalwareBlockerYT]

Hey Harlan, I remember that you made a complete guide for KIS 2016.
Will you make a new guide for current version 2017?.

I was thinking the same thing....

 

[Nikos751]

Really great guide!
Some thoughts and questions..

1. My concern for TPM being enabled or unknown programs being categorised as "Untrusted" instead of being automatically categorised, is about the reliability problems that can occur with new or not widely used files and scripts. What if I use such files e.x to update a devices firmware and KIS blocks some executable from doing it's work?
I have tweaked Application Control in order to block network access to any categorised as "low restricted" program, and create new entries in Personal Data section in order to block any "low restricted" program from having any read,write,create or delete rights. I think these are the most safe moves in order not to reduce reliability. Any comment on these is well accepted

2. I have some questions too.
In default settings (take actions automatically is ticked in General settings, no settings changed in general), I understand that "prompt for action" pre-set policies mean that any low restricted program will automatically gain all these rights, and no question box will appear. Is this fully true?
If so, providing the user has not added any custom rule, is the above equivalent of moving a "low restricted" application to the "trusted" group? Or, KIS will monitor better apps for bad behaviour if they belong to the "low restricted group" and not to the "trusted" group?

Thank you