Advice Request Initial KTS Impressions

[MacDefender]

I'm almost ashamed to admit, I haven't actually used Kaspersky for extended periods of time since 10 years ago... I have spun up trials in VMs to test certain things, but never actually used the suite. Now that I am using it, there's a lot of things I'm really impressed about:

• The signature scanner is pretty impressive. Sure almost everyone has a fairly decent executable scanner, but Kaspersky can statically scan batch files that use CertUtil.exe or .js files that contain snippets found in ransomware, and give generic detections for those. It also identifies one of my homebrew BB test cases (the one that copies itself to Roaming and registers that copy as a startup item) as a generic trojan at scan time.
• KSW is really nice too as a behavior blocker. I like that it's configurable -- reminds me of screenshots of the older Emsisoft versions. The ability to assign applications into a trust level that imposes different restrictions is great. I expect this might be a safer way to run some less-than-trusted processes as an extra layer of security. I've already previously mentioned that KSW did well in my homebrew malware testing
• I like all of their built-in tools -- the network monitor and the process monitor are both really neat tools.
• Their signatures are really accurate against the piracy tools I've tested it against. It did exceptionally well at identifying "randomly generated" fake cracks/keygens (many sites these days randomly generate an EXE for you to evade static detection)
• I love their UI. I like that the majority of alerts conform to the standard Windows 10 notification system, except for the ones like for KSW and Advanced Disinfection which require user input. Their UI looks great on a HiDPI 4K laptop too, unlike ESET and Norton who both struggle to draw correctly proportioned alerts on HiDPI screens.

A few downsides I've noticed:

• SSL inspection is by default. People either love or hate this -- I'm personally in the latter camp. I like being able to have my browser be the agent I trust the most to verify SSL/TLS certificates and I like that sensitive websites terminate at the browser, not at a background system process and then get re-encrypted in flight. Luckily it's relatively easy to disable. Like I said for ESET I wish this option is presented at install time rather than opt-in by default.
• CPU usage is slightly high, around 1-2% constantly. I've noticed this cuts about an hour off of my laptop's 6 hour battery life. I think if you have a desktop this is not going to impact performance, but on a laptop, every bit of CPU usage costs precious battery life.
• Ugh, what's up with everyone loving to bundle borderline ad-ware? KTS comes with "Kaspersky Safe Connection" which is just slightly short of a front for advertising their VPN service.

Overall I'm conflicted. I like the lightness of F-Secure SAFE but from what I've seen, Kaspersky's protection seems undoubtedly better and more comprehensive. I think if I did as much high risk stuff as I did back 10 years ago, I would choose Kaspersky in a heartbeat. But for me, my laptop is the machine I use the most, and I am having trouble deciding if it's worth losing an hour of battery life.

 

[fabiobr]

Great!

Something I noticed about Kaspersky (one of the few downsides) is that slow down a little bit my Steam games downloads when I buy a new game, something I don't have with ESET. It keeps scanning and does that, I see by the system tray icon blinking.

 

[MacDefender]

Great!

Something I noticed about Kaspersky (one of the few downsides) is that slow down a little bit my Steam games downloads when I buy a new game, something I don't have with ESET. It keeps scanning and does that, I see by the system tray icon blinking.

Yeah on modern Intel portables it’s brutal. I’ve got a Ice Lake 13” ultrabook and it gets its performance from Turbo Boosting to 3GHz but on battery power it stays at 1GHz usually. That also means that you are going to see a lot more of the computational overhead of the product while on battery power.

 

[fabiobr]

Btw, you tried to turn on performance optimization settings? To increase battery life.

Disable rootkit scan, etc.

 

[Rollers127]

Btw, you tried to turn on performance optimization settings? To increase battery life.

Disable rootkit scan, etc.

I turned off the rootkit scan as I noticed the same icon flashing that something was going on in the background. Since turning that off I have to say that on my own PC I find Kaspersky IS lighter than Eset, something I found surprising. Not saying it will do that on every PC, but for mine it does.

 

[SeriousHoax]

I see by the system tray icon blinking.

I really like this blinking thing. It gives you an idea that Kaspersky is working on something and if something is wrong with the system then you can have a look what's going on. But if it's annoying for someone then there's also option to turn it off. Even little things like this highly appreciated.

 

[The Ordynary]

try emsisoft, the real time scan is just to open files (at least the default) which may consume less battery.

Or maybe Eset, Bitdefender. I don't know for sure I don't usually use Laptop

 

[Nightwalker]

• KSW is really nice too as a behavior blocker. I like that it's configurable -- reminds me of screenshots of the older Emsisoft versions. The ability to assign applications into a trust level that imposes different restrictions is great. I expect this might be a safer way to run some less-than-trusted processes as an extra layer of security. I've already previously mentioned that KSW did well in my homebrew malware testing

Thanks for your impressions, it is always a pleasure to read your posts and I am looking forward to your tests with Kaspersky.

Just a small correction, Kaspersky behavior blocker is a module know as System Watcher and it isnt that configurable (just its actions like auto delete, auto close cryptolockers) , what you described is Application Control and this module is restriction policy-based.

 

[MacDefender]

Thanks for your impressions, it is always a pleasure to read your posts and I am looking forward to your tests with Kaspersky.

Just a small correction, Kaspersky behavior blocker is a module know as System Watcher and it isnt that configurable (just its actions like auto delete, auto close cryptolockers) , what you described is Application Control and this module is restriction policy-based.

Thank you -- I didn't realize that Application Control and System Watcher are separate modules.

I do think the rough kind of sandboxing that Application Control provides even out of the box is a great security improvement over not having it.

 

[MacDefender]

Btw, you tried to turn on performance optimization settings? To increase battery life.

Disable rootkit scan, etc.

I turned off the rootkit scan as I noticed the same icon flashing that something was going on in the background. Since turning that off I have to say that on my own PC I find Kaspersky IS lighter than Eset, something I found surprising. Not saying it will do that on every PC, but for mine it does.

I just tried turning off the Rootkit Scan. How often is that Rootkit Scan supposed to happen? I have caught it in the past running when I didn't expect, thanks to the blinking icon. FWIW, rootkit scanning should be a relic of the past. On an x64 UEFI Secure Boot platform, the only "rootkits" that could run would have to be signed and those tend to be very very short lived.


EDIT: Found the answer:

Note: The rootkit scan automatically starts 30 minutes after the start of Kaspersky produkt in case of last rootkit scan start is at least 24 hours in the past. Otherwise the scan automatically will be started in the running session immediately as soon as the 24-hours distance time is full filled.



If the rootkit scan provides a loss of system performance you might disable the rootkit scan in general. There will be no loss of protection level because the realtime protection and also the manually full scan will examine rootkit objects too.

*facepalm* a little paranoid IMO

 

[harlan4096]

Rootkits scan usually only run once a day

 

[MacDefender]

Rootkits scan usually only run once a day

UPDATE: Turning off the Rootkit scan seemed to have helped noticeably. It seems like when Kaspersky has a paused scan (due to being on battery), it still continues to use around 0.5% CPU, probably polling and waiting to see if it can resume.

Back to seeing an average of 7-8hrs battery remaining as the estimate, before was seeing 4-5 hrs. Will see by the end of the day if it makes a significant difference.

 

[Divine_Barakah]

I would choose Kaspersky in a heartbeat. But for me, my laptop is the machine I use the most, and I am having trouble deciding if it's worth losing an hour of battery life.

That's weird. On my laptop, Kaspersky is one of the lightest and it does not impact battery life (in comparison to other products). Is KPM installed?

UPDATE: Turning off the Rootkit scan seemed to have helped noticeably. It seems like when Kaspersky has a paused scan (due to being on battery), it still continues to use around 0.5% CPU, probably polling and waiting to see if it can resume.

Back to seeing an average of 7-8hrs battery remaining as the estimate, before was seeing 4-5 hrs. Will see by the end of the day if it makes a significant difference.

Have you run a full system scan? It should be run after Kaspersky installation.

 

[MacDefender]

That's weird. On my laptop, Kaspersky is one of the lightest and it does not impact battery life (in comparison to other products). Is KPM installed?

Have you run a full system scan? It should be run after Kaspersky installation.

no KPM for me. I did let it do a full system scan — it really seemed like the big issue was a paused Rootkit Scan causes the UI process to consume 0.5-1% CPU which is plenty to affect C state residency on newer Intel chips.

in terms of performance, Kaspersky has been excellent — very little in terms of slowdowns!

 

[Divine_Barakah]

no KPM for me. I did let it do a full system scan — it really seemed like the big issue was a paused Rootkit Scan causes the UI process to consume 0.5-1% CPU which is plenty to affect C state residency on newer Intel chips.

in terms of performance, Kaspersky has been excellent — very little in terms of slowdowns!

I have just checked my email address and I received a renewal offer on KTS (only valid for the UK and I do not know why). It is for 12 GBP/year.
Kaspersky is one of the best if not the best.