It is necessary to activate KSN

Status
Not open for further replies.
bribon77

bribon77

Level 35
Thread author
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Good my question is if it is necessary to activate KSN

When I have activated the application control that acts as an antiexe and block unrecognized programs ??

Thank you.
 
  • Like
Reactions: MWNu72
jetman

jetman

Level 10
Verified
Well-known
Jun 6, 2017
476
It seems to me that the main purpose of KSN is to give Kaspersky live data to help them improve their malware signatures and product. This benefits Kaspersky users as a whole, but doesn't provide benefits to the individual.

Therefore I am not convinced that turning on KSN provides any security advantages. If you switch it off, you are protected just the same.

Does anyone agree/disagree with this ?
 
  • Like
Reactions: MWNu72
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
crezz said:
It seems to me that the main purpose of KSN is to give Kaspersky live data to help them improve their malware signatures and product. This benefits Kaspersky users as a whole, but doesn't provide benefits to the individual.

Therefore I am not convinced that turning on KSN provides any security advantages. If you switch it off, you are protected just the same.

Does anyone agree/disagree with this ?
Click to expand...
KSN helps to detect more efficiently and quickly threats and false positives. It, indeed, gives you more security. If you have it disabled, other Kaspersky users may be less secure. If others have it disabled, you are less secure than you could be. Everybody using KSN implicates higher response and detection rates.
 
  • Like
Reactions: MWNu72, brambedkar59, shukla44 and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Kaspersky updates your offline malware signatures about twice a day. That is kind of slow. If you are connected to KSN, then you have a better fighting chance against zero-day malware, because you are more up to date.

The original poster wrote: "I have activated the application control that acts as an antiexe"
That statement is not so accurate. Application Control is not an antiexe. If you also enable Trusted Applications Mode, and you tweak settings a bit, then you have an antiexe setup. But Application Control on its own is not antiexe.
 
  • Like
Reactions: mlnevese, Parsh, MWNu72 and 1 other person
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
crezz said:
It seems to me that the main purpose of KSN is to give Kaspersky live data to help them improve their malware signatures and product. This benefits Kaspersky users as a whole, but doesn't provide benefits to the individual.

Therefore I am not convinced that turning on KSN provides any security advantages. If you switch it off, you are protected just the same.

Does anyone agree/disagree with this ?
Click to expand...
it benefits the individual cause it can detect things that don't have a signature for you yet but the cloud data is available. it's beneficial for everyone.
 
  • Like
Reactions: RiderExpert, mlnevese, shmu26 and 3 others
5

509322

shmu26 said:
Kaspersky updates your offline malware signatures about twice a day. That is kind of slow. If you are connected to KSN, then you have a better fighting chance against zero-day malware, because you are more up to date.

The original poster wrote: "I have activated the application control that acts as an antiexe"
That statement is not so accurate. Application Control is not an antiexe. If you also enable Trusted Applications Mode, and you tweak settings a bit, then you have an antiexe setup. But Application Control on its own is not antiexe.
Click to expand...

You can set up Application Control to be almost an anti-exec for any files newly introduced to the system:

1. Set Application Control to move any untrusted files to Untrusted group; and
2. Disable "Use KSN rules for applications."

You have to do that after training Application Control for a few days at least.

You cannot disable "Trust digitally signed files because all your Trusted files will eventually get moved to Untrusted group.

I know a lot of people are enamored with TAM, but TAM is for n00bs. When you enable it there is a big message that states so. Configuring Application Control and using it properly is more effective than TAM. With TAM enabled one can install programs and execute files unless the other settings are adjusted. TAM just does a file lookup and notifies the user of unknown files and asks them what they want to do - allow or block. It is nothing special.
 
  • Like
Reactions: Local Host and shmu26
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Lockdown said:
You can set up Application Control to be almost an anti-exec for any files newly introduced to the system:

1. Set Application Control to move any untrusted files to Untrusted group; and
2. Disable "Use KSN rules for applications."

You have to do that after training Application Control for a few days at least.

You cannot disable "Trust digitally signed files because all your Trusted files will eventually get moved to Untrusted group.

I know a lot of people are enamored with TAM, but TAM is for n00bs. When you enable it there is a big message that states so. Configuring Application Control and using it properly is more effective than TAM. With TAM enabled one can install programs and execute files unless the other settings are adjusted. TAM just does a file lookup and notifies the user of unknown files and asks them what they want to do - allow or block. It is nothing special.
Click to expand...
TAM loves to mess with Windows update too, had it happen once. Application control properly configured > TAM.
 
  • Like
Reactions: shmu26
5

509322

mekelek said:
TAM loves to mess with Windows update too, had it happen once. Application control properly configured > TAM.
Click to expand...

Yes. Using TAM is of no significant security advantage over just using Application Control. How the user configures settings is far more significant to security than TAM.
 
  • Like
Reactions: shmu26 and mekelek
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Lockdown said:
I know a lot of people are enamored with TAM, but TAM is for n00bs. When you enable it there is a big message that states so. Configuring Application Control and using it properly is more effective than TAM. With TAM enabled one can install programs and execute files unless the other settings are adjusted. TAM just does a file lookup and notifies the user of unknown files and asks them what they want to do - allow or block. It is nothing special.
Click to expand...
On my system (KIS 2018), TAM automatically blocks files that are not on KSN whitelist. Even if Kaspersky is in interactive mode, TAM still blocks.
 
  • Like
Reactions: harlan4096
Status
Not open for further replies.

Similar threads

JB007
    • Like
Question How to upgrade "Kaspersky Plus" to "Kaspersky Premium" ?
Replies
4
Views
310
Kaspersky
JB007
JB007
A
Kaspersky, questions vpn and firewall
Replies
2
Views
228
Kaspersky
Aktiffiso
A
A
    • Like
Some cuestions about configuring Kaspersky plus
Replies
3
Views
377
Kaspersky
Brahman
Brahman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top