How to setup Kaspersky Internet Security 2016 for Maximum Protection (Guide)

[Evjl's Rain]

Really great guide!
Some thoughts and questions..

1. My concern for TPM being enabled or unknown programs being categorised as "Untrusted" instead of being automatically categorised, is about the reliability problems that can occur with new or not widely used files and scripts. What if I use such files e.x to update a devices firmware and KIS blocks some executable from doing it's work?
I have tweaked Application Control in order to block network access to any categorised as "low restricted" program, and create new entries in Personal Data section in order to block any "low restricted" program from having any read,write,create or delete rights. I think these are the most safe moves in order not to reduce reliability. Any comment on these is well accepted

2. I have some questions too.
In default settings (take actions automatically is ticked in General settings, no settings changed in general), I understand that "prompt for action" pre-set policies mean that any low restricted program will automatically gain all these rights, and no question box will appear. Is this fully true?
If so, providing the user has not added any custom rule, is the above equivalent of moving a "low restricted" application to the "trusted" group? Or, KIS will monitor better apps for bad behaviour if they belong to the "low restricted group" and not to the "trusted" group?

Thank you

your solution is good
"take actions automatically..." unchecked: it's broken, annoying, it showed countless of the exact same popups when I was trying to install a program although I manually put it into "Trusted"

1/ according to what I observed, if TAM is enabled, everything which is not recognized by KSN or doesn't have a digital signature will be put into "Untrusted". I created a .bat file myself, when I ran it, TAM immediately put it into "Untrusted" and of course that .bat file was not functioning. I'm against TAM because it's not for normal users, it's rather for advanced users who like to control everything in their machines. For regular users, if we enable TAM and something is blocked, we tend to manually allow them and -> infected because they are now "Trusted". IMHO, tweaked "Low restricted" > "highly restricted" & "Untrusted"
If TAM is disabled, the same files will be put into "low restricted". I have never seen KIS putting anything to other groups, everything will be "Low restricted" and stays there forever. I have never seen them switching between groups

sorry for my explaination if you don't understand

 

[Nikos751]

Thanks for your time!

 

[AtlBo]

Attempting to describe Kaspersky's philosophy for protecting (from the viewpoint of someone who hasn't used the program), the only term I can could up with is "singularity". Other apps seem to focus more on elements of protection such as firewall/HIPS/a-v/other and their associated settings, while Kaspersky appears to me to focus singularly on the magic that happens below the settings. So the result looks to be a singularly developed all encompassing security application in one part. Maybe this is not the case, but if it is so, then Kaspersky will surely continue to lead the way for the foreseeable future with technology and protection techniques, given where this program now appears to be.

On the other hand, Comodo's "singular" determination to keep the Comodo Firewall available and a powerful tool could be driving force in new ways of thinking that spring from that particular element of protection. While we might, for example, have "smart HIPS" from Kaspersky that noone even knows of to speak of, Comodo would be likelier I think to consolidate HIPS rules into something that might be termed "smart". Kaspersky seems to me to be moving faster for now and also seems to be delivering on tech breakthroughs in the present. There are others, of course, but I haven't seen much action from avast (on two systems here), and I haven't used any others other than 360 TS (avast and 360 are only standard a-vs with BB).

How does Kaspersky combine all these modules into an efficient program? It is so impressive. Thanks for the screen capture looks at the settings and the work in compiling them for us. I have been hoping to get a look.

Kaspersky 2016/2017 has its own anti-exploit technology integrated in System Watcher...

One can only imagine what is in this module. Super impressive I am sure.

 

[SKG2016]

Great post man.

 

[PCGamer]

Thanks!
Really Good Guide.

 

[LASER_oneXM]

thanks for this guide !
Few days ago i bought licences (KIS 2017) for all my machines.... ....so this guide should help me a 'lil bit to understand this AV...

 

[PCGamer]

thanks for this guide !
Few days ago i bought licences (KIS 2017) for all my machines.... ....so this guide should help me a 'lil bit to understand this AV...

Enjoy Your Purchase!

 

[mamamia]

@Jack , You should update that guide to v.2018.

 

[harlan4096]

That guide still valid for K2017 & K2018, main protection features didn't change only a few new features...

 

[harlan4096]

For those Kaspersky users who are or can understand/speak Spanish, I usually create a guide (for Kaspersky forum users) a very featured guide, my last one was this one for K2016, since K2017 had not MR1 build and not many new features, didn't create a new one for K2017... but currently I'm waiting for K2018 final build in Spanish/English to create a new guide, and probably this time I will create it in English, since Spanish build can be changed of language with SHIFT + F12:

Guía Configuración Seguridad Kaspersky 2016 - v2.0.rar

 

[minegroasprilla]

... currently I'm waiting for K2018 final build in Spanish/English to create a new guide

uu, quedo pendiente de esa guía para lograr una óptima configuración.

 

[harlan4096]

I guess it does not exist an unique optimal set-up for everybody but You can take from the guide the best for Your own system

 

[shmu26]

Kaspersky 2016/2017 has its own anti-exploit technology integrated in System Watcher...

Could you maybe give us some insight into this anti-exploit technology?

 

[harlan4096]

There is not so much information about the integrated AE in System Watcher: How to configure Automatic Exploit Prevention in Kaspersky Anti-Virus 2017

In some dynamic tests of KTS at MWHub you You can find some times, for instance, some exploit detections when opening .doc documents or in on demand detections...

 

[shmu26]

There is not so much information about the integrated AE in System Watcher: How to configure Automatic Exploit Prevention in Kaspersky Anti-Virus 2017

In some dynamic tests of KTS at MWHub you You can find some times, for instance, some exploit detections when opening .doc documents or in on demand detections...

Yesterday, I ran a couple of malware packs against KIS 2018. I enabled TAM, and disabled File Antivirus and cloud lookup, in order to test BB and anti-exploit features. Needless to say, everything was blocked. No infections or running malware processes.
I saw several times that KIS blocked cmd.exe from running, if I understood it right.
What module of KIS was doing that?

 

[harlan4096]

How were those cmd.exe instances blocked? specific detection, execution blocking?

Probably was TAM + Application Control, if You disabled KSN/Cloud, then requests to KSN whitelisting are blocked...

TAM is near to be an anti-exe + whitelisting if KSN on...

 

[shmu26]

How were those cmd.exe instances blocked? specific detection, execution blocking?

It was execution blocking. Application Control was set to load rules from KSN, but I disabled Cloud Protection, for the sake of the test.

 

[harlan4096]

Then were TAM + Application Control...

 

[Daniel Keller]

Great Guide. Thank you very much.

 

[RiderExpert]

Really great guide!
Some thoughts and questions..

1. My concern for TPM being enabled or unknown programs being categorised as "Untrusted" instead of being automatically categorised, is about the reliability problems that can occur with new or not widely used files and scripts. What if I use such files e.x to update a devices firmware and KIS blocks some executable from doing it's work?
I have tweaked Application Control in order to block network access to any categorised as "low restricted" program, and create new entries in Personal Data section in order to block any "low restricted" program from having any read,write,create or delete rights. I think these are the most safe moves in order not to reduce reliability. Any comment on these is well accepted

2. I have some questions too.
In default settings (take actions automatically is ticked in General settings, no settings changed in general), I understand that "prompt for action" pre-set policies mean that any low restricted program will automatically gain all these rights, and no question box will appear. Is this fully true?
If so, providing the user has not added any custom rule, is the above equivalent of moving a "low restricted" application to the "trusted" group? Or, KIS will monitor better apps for bad behaviour if they belong to the "low restricted group" and not to the "trusted" group?

Thank you

About your question:

If you go to Manage Resources and look inside the System Files category, you will see another Category called Critrical Settings. Click on it and you wil see that Low Restricted programs are denied from Writing, Creating or Deleting. That's the only default deny I saw for LW group. So, If perform recommended actions is marked, question mark = allow.

That's the only difference I found from LR to Trusted.

I also recommend for LR blocking modification to startup settings as well and maybe on performing code injection.