Advice Request Kaspersky 2021 - Why was trusted application module removed from Total Security?

Please provide comments and solutions that are helpful to the author of this topic.

The Ordynary

Level 3
Thread author
Apr 26, 2020
105
in default settings, Kaspersky free is almost identical to the paid versions, no joke.
the paid ones are only better if users can utilize the paid features by changing some settings.
these paid features actually do nothing if we don't know how to use them. The firewall might be an exception but it's super rare that Firewall actually does anything
That's my experience




I agree
 

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
468
They removed Trusted Application Module? Jesus... so basically there is no point buying Kaspersky products anymore because without that feature KTS is just KSC Free.
 

WhiteMouse

Level 5
Verified
Well-known
Apr 19, 2017
234
@Spider: You can use Application Control to make KIS or KTS works as default-deny.

AC.png
 

SpiderWeb

Level 10
Verified
Well-known
Aug 21, 2020
468
@Spider: You can use Application Control to make KIS or KTS works as default-deny.

View attachment 245938
Ooooh nvm then. I thought they removed the ENTIRE Application Control UI. My bad. Big misunderstanding. My heart dropped. Yeah you can tweak it to essentially have it set like Trusted Application Mode. So basically they just cleaned up a little.

Edit: btw I'm @SpiderWeb not to be confused with @Spider :D
 

ACoggins

New Member
Sep 6, 2020
1
Yes, my heart skipped a beat as well. I had just gotten to use Application Control well enough to catch some sneaky tricks by legitimate programs, and then I read the headline (Trusted App Module to be Removed), and of course, as seems to be common now-a-days, I overreacted. The reason I found this forum topic at all is because I'm trying to find better definitions of what the KTS designers mean by "Change Trust Group..." checkboxes (2 posts up), and also what (exactly) does Low Restricted and High Restricted mean. All the Kaspersky site says is "LowR will ask your permission on MOST actions" and "HighR" will ask it on MOST actions and will prevent execution on others". I'm just looking for more details than MOST users will want to know. I wouldn't mind collaborating with someone, but I'm afraid I'm too much of a novice at my current level of App Cntl expertise.

Application Control is an extremely powerful module in KTS. It has the kind of fidelity usually found only on the server side. To get this much control over your Windows environment at effectively pennies a day (10-user/3yr) is amazing - bugs and all. I've spent a couple of years toying around with Sysinternals Procmon and Process Explorer and Nirsoft utilities trying to decipher program communication. It was very frustrating until this feature of KTS (which is partly why my heart dropped when I thought they might remove it).

My hat is off to the Kaspersky Labs team, and I hope they never decide to get rid of Application Control.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
The reason I found this forum topic at all is because I'm trying to find better definitions of what the KTS designers mean by "Change Trust Group..." checkboxes (2 posts up), and also what (exactly) does Low Restricted and High Restricted mean. All the Kaspersky site says is "LowR will ask your permission on MOST actions" and "HighR" will ask it on MOST actions and will prevent execution on others".
This is true always if product is in Interactive Mode, in Auto Mode (by default) Prompts in Low restricted are allowed...

I would not spend much time to continue learning this behavior of Application Control for now, the reason is that in the upcoming K2021MR2, the Interactive Mode (as We always knew until present) will change/disappear... Application Control of Kaspersky home products seems is adopting KES (Kaspersky EndPoint Security) model... what does this imply? => Interactive Mode will disappear and also Prompts rights... I already commented this in a thread of this Kaspersky section related to the 1st K2021MR2 beta announce last week...
 
Last edited:

RiderExpert

Level 2
Verified
Jul 21, 2016
53
Thanks for the reply!

Good to know that.

But does that also blocks dells started for trusted applications? Example: I play GTA V offline with some mods. For those mods to work, they need some unknown dlls. With TAM enable, the dlls were blocked after I start the game. Now the dlls are accessed with no Kasperksy interference. Is there a way to make Kaspersky automatic add unknown dlls to the Untrusted group?
 

N31R

Level 1
Verified
Jul 25, 2016
30
From what I understand, without TAM, KIS can only block .dll files if they're executed by rundll.exe
Same goes for other modules, like .jar, .bat etc. If they're executed by their "host interpreter" application (which in this case, GTA5 isn't), they'll be blocked.
Kaspersky had a similar feature to TAM, called Application Integrity Control back in version 7. They removed it for compatibility and performance reasons. It's likely they've removed TAM for the same reason.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top