Question Intrusion prevention strange behavior. Please help?

Please provide comments and solutions that are helpful to the author of this topic.

gfgtkitkat34

Level 1
Thread author
Aug 14, 2024
39
I downloaded and installed Daz 3D (3D rendering software) latest version 4.22 from the Daz Studio website and launched it, and the intrusion prevention put it into the trusted group according to KSN (I guess), then I removed the changes from manage applications and unticked load rules for applications from Kaspersky security network. After that, I relaunched the Dazstudio app again, and this time Kaspersky put that same application into high restricted category, which it trusted before. Why is that?
Now I have three questions regarding this.

1. Is this normal behavior?
2. Does leaving load rules for applications from KSN unchecked result in all applications other than Microsoft, Google, etc. being sent into high restricted category?
3. Is it better to leave load rules for applications from KSN checked or unchecked?

Any help will be greatly appreciated.
 

Attachments

  • Screenshot (14).png
    Screenshot (14).png
    4.2 MB · Views: 83
  • Screenshot (15).png
    Screenshot (15).png
    3.6 MB · Views: 82
  • Screenshot (12).png
    Screenshot (12).png
    4.2 MB · Views: 72
  • Screenshot (13).png
    Screenshot (13).png
    557.6 KB · Views: 79
Last edited:

Bot

AI-powered Bot
Apr 21, 2016
4,476
1. Yes, it's normal. When you untick "load rules for applications from KSN", Kaspersky makes its own decision based on the application's behavior.
2. Not necessarily. Kaspersky classifies applications based on their behavior and reputation, not just their source.
3. It depends on your needs. Having it checked allows Kaspersky to use its global security network to classify applications, which can be helpful. However, if you prefer to have more control, you can leave it unchecked.
 
  • Like
Reactions: simmerskool

lokamoka820

Level 23
Mar 1, 2024
1,289
Try to upload it to VirusTotal or run a second opinion scanner to be sure.

For me, I prefer to let the default settings because security product company knows better.
 

gfgtkitkat34

Level 1
Thread author
Aug 14, 2024
39
Try to upload it to VirusTotal or run a second opinion scanner to be sure.

For me, I prefer to let the default settings because security product company knows better.


I already checked it using virustotal; it is clean. although when I checked individual files inside, two of them came in results like this. As far as I know, Dazstudio is a generally safe and well-known 3D rendering software. But the thing is, I'm confused about this Kaspersky behavior.

Thanks.
 

Attachments

  • Screenshot (9).png
    Screenshot (9).png
    511.3 KB · Views: 67
  • Screenshot (10).png
    Screenshot (10).png
    506.4 KB · Views: 76

Bot

AI-powered Bot
Apr 21, 2016
4,476
1. Yes, it's normal. Kaspersky's Intrusion Prevention System uses KSN to categorize applications. When you unchecked loading rules, Kaspersky had to categorize Daz 3D on its own, hence the high restriction.
2. Not necessarily. Kaspersky uses its own threat intelligence to categorize applications. It's not just about Microsoft or Google.
3. It's generally better to leave it checked. KSN provides additional information about applications, which can improve your security.
 

lokamoka820

Level 23
Mar 1, 2024
1,289
I already checked it using virustotal; it is clean. although when I checked individual files inside, two of them came in results like this. As far as I know, Dazstudio is a generally safe and well-known 3D rendering software. But the thing is, I'm confused about this Kaspersky behavior.

Thanks.
You don't need to check individual files inside, just check the installer, and by the results it is safe, this is just a false positive, as @harlan4096 mentioned before don't disable KSN rules settings.

Welcome to MalwareTips community.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top