Advice Request Kaspersky 2017 - Trusted Application Mode

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Also, found this about implementation of TAM: Securelist | Computing Securely: The Trusted Environment Concept - Securelist

I believe that is where I got the notion of "TAM monitoring for days/weeks before it automatically turns on". It says about stage 1 (analyzing applications that are launched):

"In the first stage, which takes several weeks, programs launched by the user are analyzed. Each application or script being launched is analyzed according to the following scenario:

  • Does the application have a digital signature and is the signature trusted?
  • If the application is not signed, the Kaspersky Lab knowledge base, available through the Kaspersky Security Network (KSN), is searched for information on whether it has the trusted status.
This does not involve blocking any unknown applications: the security solution simply saves information on whether the applications in question are trusted or not and hence whether they will be launched if the Trusted Applications Mode is activated on the computer."
 

AMD1

Level 5
Thread author
Verified
Aug 21, 2012
208
@harlan4096
I found the source: About Trusted Applications mode
The help file says, "Trusted Applications mode is enabled automatically if Kaspersky Internet Security analysis of the operating system and installed applications reveals that mostly trusted applications are used on the computer."

So, my previous statement wasn't accurate after all because the help file says "most" applications, instead of "all" applications, and that there's no mention of "if there are no 'unknown' during monitoring". Nevertheless, I'm glad I'm correct that TAM would automatically turn on. I thought I was imagining things. :D

That was very helpful thanks.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I've run KIS on a test system with 0 unknown programs for months - and TAM never auto-activated; it had to be manually enabled every time.
Maybe because it takes "several weeks" for the first stage of TAM preparation to complete. "Several weeks" might mean "months". And maybe your time of testing isn't enough, despite that you have Kaspersky already for months. :D

But we can't be certain if automatic activation of TAM is still there because, like I said, it might have been scrapped without any announcement. :D
 
  • Like
Reactions: harlan4096
5

509322

Maybe because it takes "several weeks" for the first stage of TAM preparation to complete. "Several weeks" might mean "months". And maybe your time of testing isn't enough. :D

But we can't be certain if automatic activation of TAM is still there because, like I said, it might have been scrapped without any announcement. :D

I would bet it was removed. Enough people have problems with TAM that I would bet it was made opt-in only.

"Several weeks" = two weeks in English.

KIS was on a test system for 6 months...
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I would bet it was removed. Enough people have problems with TAM that I would bet it was made opt-in only.

"Several weeks" = two weeks in English.

KIS was on a test system for 6 months...
Yeah, maybe it was removed. I agree that TAM has some problems.

If it's made to be available to "all" through automatic activation, then users might not like that they can't install their favorite games or applications, or having their favorite programs blocked to perform specific things.

Also, thanks for pointing out about the term "several weeks"! :D
 
  • Like
Reactions: harlan4096
5

509322

Yeah, maybe it was removed. I agree that TAM has some problems.

If it's made to be available to "all" through automatic activation, then users might not like that they can't install their favorite games or applications, or having their favorite programs blocked to perform specific things.

Also, thanks for pointing out about the term "several weeks"! :D

TAM used to be more restrictive. At one time the user had the option of placing newly introduced files into the Untrusted group - even if the file was whitelisted in KSN - but for whatever reason(s) K removed that option.

Automatic enablement of TAM might still be there, but just not working as intended due to some unknown bug. That's the other possibility. Afterall, KIS is a rather complex security soft. Just about every security software that any of us use has bugs.

However, given the recent changes in KIS Application Control, TAM and other settings - I suspect that K removed the auto-enable TAM.

The issues with Application Control and TAM are annoyances as opposed to anything that seriously affects security. They are mostly GUI bugs and affect usability. TAM will cause the launch of some programs to be slow - and even then it is sporadic.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
I agree that probably the "automatic TAM enable after some time" was removed later or not implemented in the end, that info is from 1st version of TAM in K2014...
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I agree that probably the "automatic TAM enable after some time" was removed later or not implemented in the end, that info is from 1st version of TAM in K2014...
But the help file of KIS 2017, the one I referenced to earlier, still has the information of "automatic activation". :D

Kaspersky's information about their products really is confusing. Just like ZETA Shield not announced as gone, but was really gone. They should have included in the changelog what they removed, especially if what they removed is a major component.
 
  • Like
Reactions: harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
But the help file of KIS2017, the one I referenced to earlier, still has the information of "automatic activation". :D
Yes, You are right :rolleyes: but I guess the ideal circumstances to get "automatic TAM enabled" are impossible to replicate :p:D
 
5

509322

@Lockdown @XhenEd Is two really the common number for several weeks? Several generally is uncertain though easily countable.

The strict English definition of several = more than two but not many.

However, in common usage most people use it to mean just a very small amount over two.

So, if someone at works says to me "Let's wait several weeks" they generally mean let two weeks pass. So on the 15th day = 2-1/7 weeks have passed = "several" weeks.

At the same time, "several weeks" could mean 3, 4, 5 weeks. It all depends upon what a person considers "but not many." In common usage, it is just over two.

It's one of those terms in English that the understanding is mostly derived by common usage - and not the strict dictionary definition.

The exact meaning is either derived by the context of usage or the speaker further qualifies what they mean by "several."
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Someone should ask K support about what is in the help file and get a definitive answer.
I remember when I asked about ZETA Shield, Support didn't even know what it was. And when I referred to him a description of ZETA Shield and how it generally works, he replied with no understanding with what I was talking about (i.e. "data streams" for him meant video streaming). That's when I asked for a knowledgeable person to answer me whether ZETA Shield was still in use or not. Support was kind enough to escalate my question. After a few days, Support (expert now) told me that ZETA Shield was removed as part of KIS, but was transferred to the cloud. For this simple question of whether ZETA Shield was still present, all this went for a few weeks, instead of a few days. :D


Anyway, someone might want to ask Support about auto-activation of TAM, but not me. I'm done with them. :D
 
Last edited:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top