Kaspersky Anti-ransomware Tool auto updating?

[RejZoR]

Just wondering, is Kaspersky Anti-Ransomware Tool able to auto update itself? Has anyone seen it do that live? Asking because I can't see any "Check for updates" button. I know that most of the capability comes from System Watcher component and KSN cloud, but surely, at one point the program will have to get updated. Right?

 

[harlan4096]

For now We only have that beta build... and it seems has no auto-update feature, so if KL releases a new beta I guess We''ll have to uninstall and install the new one...

 

[RejZoR]

Beta? The tool seems very much a final version... I mean, why would Kaspersky offer beta software to businesses which are the most critical about productivity and can't afford to use "beta" software...

 

[harlan4096]

That's a good question

In fact, I think beta testing period in Kaspersky forum is still open: Kaspersky Lab Forum -> Anti-Ransomware tool

On the other hand, I agree that this build is quite stable and seems like a final version...

 

[Tony Cole]

Very true, very surprised they would even risk something 'so' stupid, even if it's stable, never would I install this on a home computer, let alone a corporate or business systems.

 

[harlan4096]

Anyway, this is a companion tool, not a 1st security defence in a system...

 

[RejZoR]

Well, I would and I have I've tried it before and it's as effective as System Watcher in Kaspersky AV. And you can see my test how effective it is there all by itself. Though, this one doesn't remove files, it only blocks access. Still, it protects the same and that's what's important.

 

[KGBagent47]

Well, I would and I have I've tried it before and it's as effective as System Watcher in Kaspersky AV. And you can see my test how effective it is there all by itself. Though, this one doesn't remove files, it only blocks access. Still, it protects the same and that's what's important.

Watching reviews of KAR was the tipping point that made me go ahead and purchase a KAV license. And your KAV videos made me very happy I did.

 

[RejZoR]

It's just funny that KAR detects EVERYTHING under same detection name. It doens't matter if they are trojans, viruses or ransomware, they are all detected with same name. Anyone else noticed that?

 

[N31R]

If you mean "Bazon.a" then that's the most prevalent name for cloud detection. There are a couple of others, but that's the most common one.
If you disconnect from the internet you'll only get the "offline" behavioral detection names like Trojan.Win32.Generic etc.

 

[jamescv7]

It's just funny that KAR detects EVERYTHING under same detection name. It doens't matter if they are trojans, viruses or ransomware, they are all detected with same name. Anyone else noticed that?

Yup, well majority of detection came from cloud, heuristics and generic detection. Likely Kaspersky wants to reduce the redundancy load where signatures is obsolete in specific strain of infection.

 

[Windows_Security]

@RejZoR

My guess is that the way KapLar-AR is build it does not need a lot of updates. Reading the scarce documentation the cloud AV uses the Kapersky Security Network and the behavioral blocker receives heuristic pattern updates. The heuristics patterns contain the behavioral rules to block a program, so in theory this could be a near zero update program.

 

[Evjl's Rain]

@RejZoR

My guess is that the way KapLar-AR is build it does not need a lot of updates. Reading the scarce documentation the cloud AV uses the Kapersky Security Network and the behavioral blocker receives heuristic pattern updates. The heuristics patterns contain the behavioral rules to block a program, so in theory this could be a near zero update program.

I think this product is over because the beta testing period is over (31/12/2016)
I tested it with KIS's system watcher only. KIS only missed 1 ransomware while this KARW missed a lot

 

[Wave]

I think this product is over because the beta testing period is over (31/12/2016)
I tested it with KIS's system watcher only. KIS only missed 1 ransomware while this KARW missed a lot

My guess is that it's either surrounded by static analysis methods (e.g. generic detection's) than behavioral aspects, or it has no real behavioral aspects. Since the System Watcher will be monitoring the program's execution flow (e.g. behavior based on what it does), whereas this might not intercept program's at all.

I might have a look and do some checking.

 

[Windows_Security]

@Wave

Use process explorer or process hacker to look at the two executables and simply list the DLL's in each product.

@Evjl's Rain
Were the results with cloud the same or close call?