Advice Request Kaspersky 2017 - Trusted Application Mode

[AMD1]

Hi,

I am just trying to determine if "Trusted Application Mode" is better enabled or disabled. I have a couple of work programs on my PC which unfortunately are unsigned and i dont want to have a situation of blocked access.

I am running Total Security 2017.

Any help from fellow users would be appreciated.

Thanks

Andy

 

[Wave]

You can't manually allow the unsigned apps? I thought you could

 

[AMD1]

You can't manually allow the unsigned apps? I thought you could

I havent enabled it yet but i wanted to check before i did. I does look like you can manually change/add programs to trusted mode from the description they give on the website. Whilst writing this, I have now enabled it and its sifting through my PC to see if its suitable for trusted application mode !

 

[509322]

I havent enabled it yet but i wanted to check before i did. I does look like you can manually change/add programs to trusted mode from the description they give on the website. Whilst writing this, I have now enabled it and its sifting through my PC to see if its suitable for trusted application mode !

You are only going to learn by doing it yourself...

 

[AMD1]

That's what i figured. Something can only go wrong !!

 

[509322]

That's what i figured. Something can only go wrong !!

You're dealing with security softs. Stuff happens - bugs, unexpected behaviors, malfunctions. If you're worried that TAM is going to completely smash your system - it isn't.

 

[AMD1]

That's very reassuring Lockdown. Thank you.

 

[harlan4096]

TAM may slowdown a bit Your system depending on Your hardware specs...

 

[shmu26]

if TAM moves your favorite unsigned software to low restricted, then:
1 you might find that it works perfectly well in low restricted, so there's no problem
2 if it doesn't work right, you can move it back to trusted in a couple clicks.

 

[AMD1]

Well the report came up with 81 unknown file types and recommended i did NOT continue. If i were to continue, does it simply provide a list of blocked files to unblock ?

 

[Wingman]

Well the report came up with 81 unknown file types and recommended i did NOT continue. If i were to continue, does it simply provide a list of blocked files to unblock ?

Once the scan has been completed ,click "Manage applications" and adjust restrictions for the 81 applications.

 

[AMD1]

Once the scan has been completed ,click "Manage applications" and adjust restrictions for the 81 applications.

And.............

 

[Wingman]

and...specify the trust level on each application if you are not happy with the clarification kasperksy used

How to modify application rights and protected resources list in Kaspersky Internet Security 2016

FYI- TAM seems to cause few problems for users as reported in Kasperky forum. FYI- LMGTFY

 

[AMD1]

Thanks Wingman,

That's put me off enabling TAM now !

 

[AMD1]

Well something just happened which i wasn't expecting. When i first ran the enable TAM mode it recommended i did not continue so i quit. I ran it again to explore the blocked files but when i checked the enable progress, it had reached 100% and decided itself to enable so i did not get a choice !

At least i know where the disable button is is case its a bit wobbly

 

[509322]

Well something just happened which i wasn't expecting. When i first ran the enable TAM mode it recommended i did not continue so i quit. I ran it again to explore the blocked files but when i checked the enable progress, it had reached 100% and decided itself to enable so i did not get a choice !

At least i know where the disable button is is case its a bit wobbly

I think that unexpected behavior is a known quirk. There's a few TAM quirks. Some GUI bugs.

Ask @harlan4096 - he would remember better than I. With his help I submitted a bunch of reports to K.

 

[XhenEd]

Well something just happened which i wasn't expecting. When i first ran the enable TAM mode it recommended i did not continue so i quit. I ran it again to explore the blocked files but when i checked the enable progress, it had reached 100% and decided itself to enable so i did not get a choice !

At least i know where the disable button is is case its a bit wobbly

Did you click "Enable", instead of "Turn on and scan all installed applications"? Maybe that's expected, if you clicked "Enable", instead of the other.


Also, given that you're usually using unsigned, assuming not-so-popular too, applications, then it's really recommended that you let TAM be disabled. TAM will just annoy you, for you have to go to a few screens just to get your applications run.

Spoiler: Additional info:

Nevertheless, I've read somewhere that TAM would automatically turn on after a few days/weeks, if it has determined that all of your programs are whitelisted in KSN and that you are not installing "unknown" applications during its monitoring.

 

[shmu26]

If you trust what you have on your system, you can bulk-allow those 81 processes. Give them a look over before you do, but if you have a safe and secure system and you trust your software, you won't be in for any surprises.

Anyways, those 81 processes probably fell into the low restricted category, which gives enough permissions for a standard program to run. It just prevents them from messing with core Windows components.

 

[harlan4096]

If you trust what you have on your system, you can bulk-allow those 81 processes. Give them a look over before you do, but if you have a safe and secure system and you trust your software, you won't be in for any surprises.

Totally agree...

Nevertheless, I've read somewhere that TAM would automatically turn on after a few days/weeks, if it has determined that all of your programs are whitelisted in KSN and that you are not installing "unknown" applications during its monitoring.

I never heard about it and never got such behaviour from TAM in any of my systems!!!!

IHMO I always choose "Turn on and scan all installed applications", it will take sooo long for sure (be quite patient ), disable all external drives because I guess it will even scan them...

In this link, although related to 2015 version, still valid and shows better the process: How to enable or disable the Trusted Applications mode in Kaspersky Internet Security 2015

It will always find some untrusted (maybe because not digitally signed or not in KSN, many of them sometimes even belonging to Microsoft system), but as said in previous posts, if You know are or trust them You can tick them as trusted, and finally once You ticked as trusted of kept some of them as blocked all the remaining files, You should click on Enabled TAM by default.

From time to time, You will get some applications or plugins (and some new files) used by trusted applications also blocked and You'll have to let them Start via Application Control -> Start column or going to TAM -> Manage Blockings...

In general I recommend TAM enabled for advanced users and/or high risk environments...

 

[XhenEd]

@harlan4096
I found the source: About Trusted Applications mode
The help file says, "Trusted Applications mode is enabled automatically if Kaspersky Internet Security analysis of the operating system and installed applications reveals that mostly trusted applications are used on the computer."

So, my previous statement wasn't accurate after all because the help file says "most" applications, instead of "all" applications, and that there's no mention of "if there are no 'unknown' during monitoring". Nevertheless, I'm glad I'm correct that TAM would automatically turn on. I thought I was imagining things.