Q&A Kaspersky 'App Control' alternative?

Tiamati

Level 10
Verified
Nov 8, 2016
476
As you know, KSC FREE doesn't have support to Kaspersky App Control. I'm looking for alternatives that have the same objective/functions or could replace at least.

Conditions:
1) Replace Kaspersky APP control that KSC lacks. E.g.g.: the app could allow trusted apps and question/disallow untrusted sources.
2) Free
3) User friendly, even for non-experienced users

I considered VoodoohShield. I'm looking for another options and opinions.

I've already used Hard_Configuradot, but i believe H_C is more a windows hardened mode than a app control.

---
 
Last edited:

Tiamati

Level 10
Verified
Nov 8, 2016
476
Comodo Firewall, disable auto sandbox, disable the firewall if you don't need it, use the HIPS in 'Safe mode' and enable 'Auto allow trusted / safe applications', set verbose/alert mode to lowest setting for simple allow/block prompts.
Interesting... i didn't remember that Comodo could do it. And it could add a firewall layer that KSC lacks.

However, last year, there were some posts here saying that Comodo Firewall had a lot of bugs and was not good as it once was. Do you know how their firewall is performing now?
 

SomeRandomCat

Level 3
Dec 23, 2020
140
I have been using it for a really long time, off and on. It is really solid for the average user. If you like to set the firewall / HIPS to 'high alert' / 'verbose' mode, then it will create a ton of rules and there is a known bug that when there is a huge amount of rules that there is sometimes an error during shutdown that 'forgets' some of them. As long as you use it in 'Safe mode' (auto allow trusted pre-whitelisted applications) and don't use 'high alert' mode (more detailed pop-ups / rules creation), then you won't run into this issue.

The Sandbox can be a bit buggy (some programs take longer to start in the sandbox), so I just don't use it.

I really believe it is the best one out there, but hopefully the next update they release will fix some of the bugs, and allow for more fine-tuned rule creation via the prompts. As far as I know, none of the bugs cause security issues and none of them will affect you if you use 'Safe mode', which is recommended anyways.

The HIPS and firewall are really rock solid TBH.
 

Tiamati

Level 10
Verified
Nov 8, 2016
476
I have been using it for a really long time, off and on. It is really solid for the average user. If you like to set the firewall / HIPS to 'high alert' / 'verbose' mode, then it will create a ton of rules and there is a known bug that when there is a huge amount of rules that there is sometimes an error during shutdown that 'forgets' some of them. As long as you use it in 'Safe mode' (auto allow trusted pre-whitelisted applications) and don't use 'high alert' mode (more detailed pop-ups / rules creation), then you won't run into this issue.

The Sandbox can be a bit buggy (some programs take longer to start in the sandbox), so I just don't use it.

I really believe it is the best one out there, but hopefully the next update they release will fix some of the bugs, and allow for more fine-tuned rule creation via the prompts. As far as I know, none of the bugs cause security issues and none of them will affect you if you use 'Safe mode', which is recommended anyways.

The HIPS and firewall are really rock solid TBH.
Ty! You convinced me, i'll try it for some time.

@Tiamati: I guess You mean KSC Free, because Application Control is in paid version...
Yes! I forgot to mention the free version. ;)
 

Tiamati

Level 10
Verified
Nov 8, 2016
476
@SomeRandomCat How comodo is doing in terms of performance? Heavy?


edit: one more question: i guess comodo internet security essentials (protection agaist man in the middle attack) is not needed as kaspersky already covers it right?
 
Last edited:
  • Like
Reactions: Nevi and Dave Russo

Tiamati

Level 10
Verified
Nov 8, 2016
476
disable auto sandbox

How do i do this? Should i disable the auto-contaiment?

1610474610217.png


Should i disable viruscope and Website filtering?

use the HIPS in 'Safe mode' and enable 'Auto allow trusted / safe applications',

"Auto allow trusted" would be this option?


1610474893762.png


set verbose/alert mode to lowest setting for simple allow/block prompts.

How can i do that?

EDIT: i left firewall activated and in 5 minutes it blocked 2 Microsoft authentic exes(dashost.exe and SettingSyncHost.exe) and 1 AOMEI (abservice.exe), all considered trusted by Comodo. Is this normal? Firewall shouldn't block authentic and trusted files
 
Last edited:
  • Like
Reactions: Nevi

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,706
...
I've already used Hard_Configuradot, but i believe H_C is more a windows hardened mode than a app control.
KSC Free + H_C Recommended Settings work similarly to KIS with Application Control (default-deny based on file reputation).(y)
Kaspersky uses KSN reputation and H_C uses SmartScreen Application Reputation for EXE and MSI installers.
 

Tiamati

Level 10
Verified
Nov 8, 2016
476
Kaspersky uses KSN reputation and H_C uses SmartScreen Application Reputation for EXE and MSI installers.
I intend to use the combo of KSC free + app control with people that wouldn't be able to run H_C smartscreen even i teach them. Last time i tested H_C (before v5), it was blocking too much installs, and i had to allow *.exe, *.tmp and *.msi. That makes it much more friendly but less useful as app control.

@Andy Ful , there is any way to add other trusted sources to H_C? Maybe complementing Microsoft trusted sources with any similar to KSN would make it much easier to handle. Idk if its possible

BTW, from what i tested till now:

VoodooShield is quite easy to use, as it whitelist and snapshot eh system. However it filters some command lines that are not easy to get where it came from.

Comodo is OK, but the firewall blocks too many trusted sources. Even common ones, like Spotify or Microsoft exes. I simply don't understand why they do this. Comodo HIPs is invasive too for non-experienced users. At least i couldn't reduce the number of alerts to the minimum.
 
Last edited:
  • Like
Reactions: Nevi

Nagisa

Level 7
Verified
Jul 19, 2018
316
Comodo's HIPS caused lag on my systems, without relation to how powerful the computer is. However the lag is not noticeable to the eye unless you do some specific actions, like, opening dropdown menus on Virtualbox. It becomes laggy when HIPS is on.

Anyway, I find HIPS very unpractical, clicking 20 different pop-ups without knowing what they mean gives a false sense of security . Maybe better writing few preventive rules.

1610488323471.png


1610488332579.png


1610488345401.png


1610488428308.png
 
  • Like
Reactions: Nevi

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,706
...Last time i tested H_C (before v5), it was blocking too much installs, and i had to allow *.exe, *.tmp and *.msi. ...
There are some solutions for new installations:
  1. If SmartScreen in H_C settings blocks the installer, then wait a day or two. After this short time period, KSC will catch the malware. You can also double-check the installer after this time by using HitmanPro.
  2. Replace KSC Free with WD and use ConfigureDefender HIGH + H_C Avast profile (EXE and TMP files allowed). In ConfigureDefender apply additional ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria".
Case 2 is very similar to KIS with Trusted Application Mode (or similar setup made via Application Control), the false positives rate will be much lower as compared to SmartScreen and comparable with KSN reputation.
 
Last edited:

Tiamati

Level 10
Verified
Nov 8, 2016
476
Replace KSC Free with WD and use ConfigureDefender HIGH + H_C Avast profile (EXE and TMP files allowed). Apply additional ASR rule "Block executable files from running unless they meet a prevalence, age, or trusted list criteria"
Interesting option. I'll take a look to find more information. Do you have a user guide explaining the differences on H_C Avast profile?
 
  • Like
Reactions: Andy Ful

Tiamati

Level 10
Verified
Nov 8, 2016
476
Comodo's HIPS caused lag on my systems, without relation to how powerful the computer is. However the lag is not noticeable to the eye unless you do some specific actions, like, opening dropdown menus on Virtualbox. It becomes laggy when HIPS is on.

Anyway, I find HIPS very unpractical, clicking 20 different pop-ups without knowing what they mean gives a false sense of security . Maybe better writing few preventive rules.


I'm experiencing the same problem, but it was soon to assume it was comodo. I'm still giving como a chance for now, but i was expecting more =O
 
  • Like
Reactions: Nevi

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,706
Interesting option. I'll take a look to find more information. Do you have a user guide explaining the differences on H_C Avast profile?
It is explained in the H_C manual. The main difference is allowing EXE and TMP files in H_C and checking them by the WD ASR rule (reputation check). The rest are protected as usual.
 

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,706
I am not sure why do you need such strong protection? It is hard to be infected with KSC Free + H_C settings with allowed EXE, TMP, and MSI files (the setup already tested by you). Just pay attention to these files. They are easily visible in Explorer in the Type column (EXE --> Application, MSI --> Windows Installer Package) even when the file extensions are hidden.

1610492311736.png
 
Last edited:
  • Like
Reactions: harlan4096

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,706
@Tiamati,
Please do not get me wrong. It is OK to apply very strong protection and suffer a little from some inconvenience. Some of my family members and friends like such protection.
Anyway, it is also OK to apply only strong protection + pay attention to some user actions.
The first (e.g. very strong protection) is similar to not crossing the street, but using only safe underground passages. The second is similar to using also zebra crossing and paying attention to street lights.
Using only standard AV as protection is also possible. It would be like crossing the street without zebra crossing while being cautious.:)
 

HarborFront

Level 57
Verified
Content Creator
Oct 9, 2016
4,661
Why didn't anyone mention SpyShelter? It seems to me that this is a very cool product with many levels of protection of the system and private data from leaks. Its HIPS, as I remember, partially has capabilities similar to Kaspersky APP Control (you can allow or deny each application to access the registry, services, sensitive objects of the system, spawn new processes and etc) and the interface is very clear in my opinion. I was only stopped to use it by the relatively high price of $ 28 to $ 35 (firewall version), if I remember correctly. And Comodo, in my opinion, has rather chaotic settings for beginners and is more suitable for a narrow circle of its fans. :)
TS wants something FREE.

The SS Free has HIPS. SS paid version has Application Execution Control built-in as well
 

Tiamati

Level 10
Verified
Nov 8, 2016
476
Why didn't anyone mention SpyShelter? It seems to me that this is a very cool product with many levels of protection of the system and private data from leaks. Its HIPS, as I remember, partially has capabilities similar to Kaspersky APP Control (you can allow or deny each application to access the registry, services, sensitive objects of the system, spawn new processes and etc) and the interface is very clear in my opinion. I was only stopped to use it by the relatively high price of $ 28 to $ 35 (firewall version), if I remember correctly. And Comodo, in my opinion, has rather chaotic settings for beginners and is more suitable for a narrow circle of its fans. :)

I never used SpyShellter... I'll take a look, even if it's paid. Ty!
BTW - about comodo: i agree. Despite comodo is not getting me any trouble now that i configured it a little, i can't be sure it won't have any incompatibilities with KSC
@Tiamati,
Please do not get me wrong. It is OK to apply very strong protection and suffer a little from some inconvenience. Some of my family members and friends like such protection.
Anyway, it is also OK to apply only strong protection + pay attention to some user actions.
The first (e.g. very strong protection) is similar to not crossing the street, but using only safe underground passages. The second is similar to using also zebra crossing and paying attention to street lights.
Using only standard AV as protection is also possible. It would be like crossing the street without zebra crossing while being cautious.:)
Don't worry. I agree. A left KSC free installed with H_C for a year without any problem. I decided to test some new features cause i was curious about VS, and new apps.


TS wants something FREE.

The SS Free has HIPS. SS paid version has Application Execution Control built-in as well
I didn't know it had a free version! Ty!
 
  • Like
Reactions: Nevi and Trismer
Top