in default settings, Kaspersky free is almost identical to the paid versions, no joke.
the paid ones are only better if users can utilize the paid features by changing some settings.
these paid features actually do nothing if we don't know how to use them. The firewall might be an exception but it's super rare that Firewall actually does anything
That's my experience




I agree
 

WhiteMouse

Level 2
Verified
@Spider: You can use Application Control to make KIS or KTS works as default-deny.

AC.png
 

SpiderWeb

Level 3
@Spider: You can use Application Control to make KIS or KTS works as default-deny.

View attachment 245938
Ooooh nvm then. I thought they removed the ENTIRE Application Control UI. My bad. Big misunderstanding. My heart dropped. Yeah you can tweak it to essentially have it set like Trusted Application Mode. So basically they just cleaned up a little.

Edit: btw I'm @SpiderWeb not to be confused with @Spider :D
 

ACoggins

New Member
Yes, my heart skipped a beat as well. I had just gotten to use Application Control well enough to catch some sneaky tricks by legitimate programs, and then I read the headline (Trusted App Module to be Removed), and of course, as seems to be common now-a-days, I overreacted. The reason I found this forum topic at all is because I'm trying to find better definitions of what the KTS designers mean by "Change Trust Group..." checkboxes (2 posts up), and also what (exactly) does Low Restricted and High Restricted mean. All the Kaspersky site says is "LowR will ask your permission on MOST actions" and "HighR" will ask it on MOST actions and will prevent execution on others". I'm just looking for more details than MOST users will want to know. I wouldn't mind collaborating with someone, but I'm afraid I'm too much of a novice at my current level of App Cntl expertise.

Application Control is an extremely powerful module in KTS. It has the kind of fidelity usually found only on the server side. To get this much control over your Windows environment at effectively pennies a day (10-user/3yr) is amazing - bugs and all. I've spent a couple of years toying around with Sysinternals Procmon and Process Explorer and Nirsoft utilities trying to decipher program communication. It was very frustrating until this feature of KTS (which is partly why my heart dropped when I thought they might remove it).

My hat is off to the Kaspersky Labs team, and I hope they never decide to get rid of Application Control.
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
The reason I found this forum topic at all is because I'm trying to find better definitions of what the KTS designers mean by "Change Trust Group..." checkboxes (2 posts up), and also what (exactly) does Low Restricted and High Restricted mean. All the Kaspersky site says is "LowR will ask your permission on MOST actions" and "HighR" will ask it on MOST actions and will prevent execution on others".
This is true always if product is in Interactive Mode, in Auto Mode (by default) Prompts in Low restricted are allowed...

I would not spend much time to continue learning this behavior of Application Control for now, the reason is that in the upcoming K2021MR2, the Interactive Mode (as We always knew until present) will change/disappear... Application Control of Kaspersky home products seems is adopting KES (Kaspersky EndPoint Security) model... what does this imply? => Interactive Mode will disappear and also Prompts rights... I already commented this in a thread of this Kaspersky section related to the 1st K2021MR2 beta announce last week...
 
Last edited:
Thanks for the reply!

Good to know that.

But does that also blocks dells started for trusted applications? Example: I play GTA V offline with some mods. For those mods to work, they need some unknown dlls. With TAM enable, the dlls were blocked after I start the game. Now the dlls are accessed with no Kasperksy interference. Is there a way to make Kaspersky automatic add unknown dlls to the Untrusted group?
 

N31R

Level 1
From what I understand, without TAM, KIS can only block .dll files if they're executed by rundll.exe
Same goes for other modules, like .jar, .bat etc. If they're executed by their "host interpreter" application (which in this case, GTA5 isn't), they'll be blocked.
Kaspersky had a similar feature to TAM, called Application Integrity Control back in version 7. They removed it for compatibility and performance reasons. It's likely they've removed TAM for the same reason.
 
Top