Advice Request Initial KTS Impressions

Please provide comments and solutions that are helpful to the author of this topic.

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
I'm almost ashamed to admit, I haven't actually used Kaspersky for extended periods of time since 10 years ago... I have spun up trials in VMs to test certain things, but never actually used the suite. Now that I am using it, there's a lot of things I'm really impressed about:

  • The signature scanner is pretty impressive. Sure almost everyone has a fairly decent executable scanner, but Kaspersky can statically scan batch files that use CertUtil.exe or .js files that contain snippets found in ransomware, and give generic detections for those. It also identifies one of my homebrew BB test cases (the one that copies itself to Roaming and registers that copy as a startup item) as a generic trojan at scan time.
  • KSW is really nice too as a behavior blocker. I like that it's configurable -- reminds me of screenshots of the older Emsisoft versions. The ability to assign applications into a trust level that imposes different restrictions is great. I expect this might be a safer way to run some less-than-trusted processes as an extra layer of security. I've already previously mentioned that KSW did well in my homebrew malware testing
  • I like all of their built-in tools -- the network monitor and the process monitor are both really neat tools.
  • Their signatures are really accurate against the piracy tools I've tested it against. It did exceptionally well at identifying "randomly generated" fake cracks/keygens (many sites these days randomly generate an EXE for you to evade static detection)
  • I love their UI. I like that the majority of alerts conform to the standard Windows 10 notification system, except for the ones like for KSW and Advanced Disinfection which require user input. Their UI looks great on a HiDPI 4K laptop too, unlike ESET and Norton who both struggle to draw correctly proportioned alerts on HiDPI screens.

A few downsides I've noticed:
  • SSL inspection is by default. People either love or hate this -- I'm personally in the latter camp. I like being able to have my browser be the agent I trust the most to verify SSL/TLS certificates and I like that sensitive websites terminate at the browser, not at a background system process and then get re-encrypted in flight. Luckily it's relatively easy to disable. Like I said for ESET I wish this option is presented at install time rather than opt-in by default.
  • CPU usage is slightly high, around 1-2% constantly. I've noticed this cuts about an hour off of my laptop's 6 hour battery life. I think if you have a desktop this is not going to impact performance, but on a laptop, every bit of CPU usage costs precious battery life.
  • Ugh, what's up with everyone loving to bundle borderline ad-ware? KTS comes with "Kaspersky Safe Connection" which is just slightly short of a front for advertising their VPN service.

Overall I'm conflicted. I like the lightness of F-Secure SAFE but from what I've seen, Kaspersky's protection seems undoubtedly better and more comprehensive. I think if I did as much high risk stuff as I did back 10 years ago, I would choose Kaspersky in a heartbeat. But for me, my laptop is the machine I use the most, and I am having trouble deciding if it's worth losing an hour of battery life.
 

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
561
Great!

Something I noticed about Kaspersky (one of the few downsides) is that slow down a little bit my Steam games downloads when I buy a new game, something I don't have with ESET. It keeps scanning and does that, I see by the system tray icon blinking.
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
Great!

Something I noticed about Kaspersky (one of the few downsides) is that slow down a little bit my Steam games downloads when I buy a new game, something I don't have with ESET. It keeps scanning and does that, I see by the system tray icon blinking.
Yeah on modern Intel portables it’s brutal. I’ve got a Ice Lake 13” ultrabook and it gets its performance from Turbo Boosting to 3GHz but on battery power it stays at 1GHz usually. That also means that you are going to see a lot more of the computational overhead of the product while on battery power.
 

Rollers127

Level 1
Jan 4, 2020
35
Btw, you tried to turn on performance optimization settings? To increase battery life.

Disable rootkit scan, etc.
I turned off the rootkit scan as I noticed the same icon flashing that something was going on in the background. Since turning that off I have to say that on my own PC I find Kaspersky IS lighter than Eset, something I found surprising. Not saying it will do that on every PC, but for mine it does.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
I see by the system tray icon blinking.
I really like this blinking thing. It gives you an idea that Kaspersky is working on something and if something is wrong with the system then you can have a look what's going on. But if it's annoying for someone then there's also option to turn it off. Even little things like this highly appreciated.
 

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
  • KSW is really nice too as a behavior blocker. I like that it's configurable -- reminds me of screenshots of the older Emsisoft versions. The ability to assign applications into a trust level that imposes different restrictions is great. I expect this might be a safer way to run some less-than-trusted processes as an extra layer of security. I've already previously mentioned that KSW did well in my homebrew malware testing

Thanks for your impressions, it is always a pleasure to read your posts and I am looking forward to your tests with Kaspersky.

Just a small correction, Kaspersky behavior blocker is a module know as System Watcher and it isnt that configurable (just its actions like auto delete, auto close cryptolockers) , what you described is Application Control and this module is restriction policy-based.
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
Thanks for your impressions, it is always a pleasure to read your posts and I am looking forward to your tests with Kaspersky.

Just a small correction, Kaspersky behavior blocker is a module know as System Watcher and it isnt that configurable (just its actions like auto delete, auto close cryptolockers) , what you described is Application Control and this module is restriction policy-based.
Thank you -- I didn't realize that Application Control and System Watcher are separate modules.

I do think the rough kind of sandboxing that Application Control provides even out of the box is a great security improvement over not having it.
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
Btw, you tried to turn on performance optimization settings? To increase battery life.

Disable rootkit scan, etc.
I turned off the rootkit scan as I noticed the same icon flashing that something was going on in the background. Since turning that off I have to say that on my own PC I find Kaspersky IS lighter than Eset, something I found surprising. Not saying it will do that on every PC, but for mine it does.

I just tried turning off the Rootkit Scan. How often is that Rootkit Scan supposed to happen? I have caught it in the past running when I didn't expect, thanks to the blinking icon. FWIW, rootkit scanning should be a relic of the past. On an x64 UEFI Secure Boot platform, the only "rootkits" that could run would have to be signed and those tend to be very very short lived.


EDIT: Found the answer:
Note: The rootkit scan automatically starts 30 minutes after the start of Kaspersky produkt in case of last rootkit scan start is at least 24 hours in the past. Otherwise the scan automatically will be started in the running session immediately as soon as the 24-hours distance time is full filled.



If the rootkit scan provides a loss of system performance you might disable the rootkit scan in general. There will be no loss of protection level because the realtime protection and also the manually full scan will examine rootkit objects too.

*facepalm* a little paranoid IMO
 

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
Rootkits scan usually only run once a day :)

UPDATE: Turning off the Rootkit scan seemed to have helped noticeably. It seems like when Kaspersky has a paused scan (due to being on battery), it still continues to use around 0.5% CPU, probably polling and waiting to see if it can resume.

Back to seeing an average of 7-8hrs battery remaining as the estimate, before was seeing 4-5 hrs. Will see by the end of the day if it makes a significant difference.
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
I would choose Kaspersky in a heartbeat. But for me, my laptop is the machine I use the most, and I am having trouble deciding if it's worth losing an hour of battery life.
That's weird. On my laptop, Kaspersky is one of the lightest and it does not impact battery life (in comparison to other products). Is KPM installed?

UPDATE: Turning off the Rootkit scan seemed to have helped noticeably. It seems like when Kaspersky has a paused scan (due to being on battery), it still continues to use around 0.5% CPU, probably polling and waiting to see if it can resume.

Back to seeing an average of 7-8hrs battery remaining as the estimate, before was seeing 4-5 hrs. Will see by the end of the day if it makes a significant difference.

Have you run a full system scan? It should be run after Kaspersky installation.
 
  • Like
Reactions: harlan4096

MacDefender

Level 16
Thread author
Verified
Top Poster
Oct 13, 2019
779
That's weird. On my laptop, Kaspersky is one of the lightest and it does not impact battery life (in comparison to other products). Is KPM installed?
Have you run a full system scan? It should be run after Kaspersky installation.

no KPM for me. I did let it do a full system scan — it really seemed like the big issue was a paused Rootkit Scan causes the UI process to consume 0.5-1% CPU which is plenty to affect C state residency on newer Intel chips.

in terms of performance, Kaspersky has been excellent — very little in terms of slowdowns!
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
no KPM for me. I did let it do a full system scan — it really seemed like the big issue was a paused Rootkit Scan causes the UI process to consume 0.5-1% CPU which is plenty to affect C state residency on newer Intel chips.

in terms of performance, Kaspersky has been excellent — very little in terms of slowdowns!
I have just checked my email address and I received a renewal offer on KTS (only valid for the UK and I do not know why). It is for 12 GBP/year.
Kaspersky is one of the best if not the best.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top