Kaspersky Application Control - KIS 2017 bug?

  • Thread starter Deleted member 2913
  • Start date
Status
Not open for further replies.
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,657
In fact I never had it because I don't have a license, so I use the trial/freeware part of HMPro.

Also, don't like so many resident protection running in my system at the same time, tweaking with strong settings KTS/KIS is enough for me, and many others well known not resident second opinion scanners :)
 
  • Like
Reactions: Daniel Hidalgo, ZeroDay, aragornnnn and 6 others
Tony Cole

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Yes but Application Control does NOT work on zero-day malware, cruelsister proved this, even of max settings as they do not have boot-time protection, so it's basically useless against these attacks.
 
  • Like
Reactions: Deleted member 2913
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Tony Cole said:
Yes but Application Control does NOT work on zero-day malware, cruelsister proved this, even of max settings as they do not have boot-time protection, so it's basically useless against these attacks.
Click to expand...
Okay, so if you want to use Kaspersky as your sole protection, then disable trust of digital sigs, and enable TAM, and set unknown applications to high restricted, as per Harlan's recommended settings. Then let's talk.
 
  • Like
Reactions: Deleted member 2913 and harlan4096
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Tony Cole said:
Cruelsister had everything set at untrusted, zero-day malware that instantly reboots the computer loads upon reboot which Kaspersky does not provide protection.
Click to expand...
Any AV suite can be defeated, if you try hard enough. None of them are bullet-proof. However, Kaspersky consistently does very well in MT malware testing, as compared to the other AV suites, so I would not dismiss it so quickly.
You can combo it with voodooshield, if you like, for tighter protection.
 
  • Like
Reactions: aragornnnn and Deleted member 2913
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Tony Cole said:
AppGuard stops it straight away, ESET and even Bitdefender free has boot-time protection, so the best in the world is unable to provide this service?
Click to expand...
I would love to see boot-time protection too. Please suggest it to KL.
But I would not rely on any security soft starting up before the malware, in order to provide effective boot-time protection. That is playing a game of russian roulette. If you need boot-time protection, you are already in a losing position. You gotta stop the dropper, not just the payload.
BTW, AppGuard is tops. I don't use it personally, but I hear great things about it.
 
  • Like
Reactions: aragornnnn, Deleted member 2913 and Venustus
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,657
CS only set to untrusted unknown applications in Application Control, but for example others settings as: Trust in digitally signed application or "Release resources to the operating system when the computer starts" were both on...

Also, We don't know much about the malware She used ¿digitally signed? We don't know...

Anyway it seems in KL have taken into account it, and in the new beta K2018:
Sin título.png
Only time will say how well will perform that new feature, still early betas...
 
  • Like
Reactions: aragornnnn, Deleted member 2913, shmu26 and 3 others
D

Deleted member 2913

Thread author
Just a little test...Please test yourself & check...I am just mentioning what I tried & results I got.
Win 10 64 Pro
KIS 2017 Default Settings with PUP Enabled
Chrome 64 Bits Installed (Kaspersky Protection)
Vivaldi 64 Bits Portable (No Kaspersky Protection)
Spyshelter Test Tools - Tested Keylogging Only
Kaspersky Virtual Keyboard was not used i.e Laptop Keyboard was used.

Spyshelter Test Tools was detected as "User activity monitoring software detected" with the options...Delete, Skip & Exclude.
Selected "Delete" And Advanced Disinfection alert appeared And I selected "Delete without restart" And was deleted successfully.

Tried again And this time selected "Skip". Alert appeared 3 times And every time selected "Skip".
Started Keylogging Test And entered fake Username & Password on one bank website.
Vivaldi 64 Bits Portable (No Kaspersky Protection) - Keylogging test window showed Username & Password entered on the bank website.
Chrome 64 Bits Installed (Kaspersky Protection) - Keylogging test window showed nothing i.e blank.

Moved Spyshelter Test Tools entry from Low Restricted to Trusted
Vivaldi 64 Bits Portable (No Kaspersky Protection) - Keylogging test window showed Username & Password entered on the bank website.
Chrome 64 Bits Installed (Kaspersky Protection) - Keylogging test window showed nothing i.e blank.

Removed Spyshelter Test Tools entry from Application Control And ran Test Tools again And got the alert And selected "Exclude".
Vivaldi 64 Bits Portable (No Kaspersky Protection) - Keylogging test window showed Username & Password entered on the bank website.
Chrome 64 Bits Installed (Kaspersky Protection) - Keylogging test window showed nothing i.e blank.
 
  • Like
Reactions: aragornnnn, Venustus, ZeroDay and 2 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Yash Khan said:
Just a little test...Please test yourself & check...I am just mentioning what I tried & results I got.
Win 10 64 Pro
KIS 2017 Default Settings with PUP Enabled
Chrome 64 Bits Installed (Kaspersky Protection)
Vivaldi 64 Bits Portable (No Kaspersky Protection)
Spyshelter Test Tools - Tested Keylogging Only
Kaspersky Virtual Keyboard was not used i.e Laptop Keyboard was used.

Spyshelter Test Tools was detected as "User activity monitoring software detected" with the options...Delete, Skip & Exclude.
Selected "Delete" And Advanced Disinfection alert appeared And I selected "Delete without restart" And was deleted successfully.

Tried again And this time selected "Skip". Alert appeared 3 times And every time selected "Skip".
Started Keylogging Test And entered fake Username & Password on one bank website.
Vivaldi 64 Bits Portable (No Kaspersky Protection) - Keylogging test window showed Username & Password entered on the bank website.
Chrome 64 Bits Installed (Kaspersky Protection) - Keylogging test window showed nothing i.e blank.

Moved Spyshelter Test Tools entry from Low Restricted to Trusted
Vivaldi 64 Bits Portable (No Kaspersky Protection) - Keylogging test window showed Username & Password entered on the bank website.
Chrome 64 Bits Installed (Kaspersky Protection) - Keylogging test window showed nothing i.e blank.

Removed Spyshelter Test Tools entry from Application Control And ran Test Tools again And got the alert And selected "Exclude".
Vivaldi 64 Bits Portable (No Kaspersky Protection) - Keylogging test window showed Username & Password entered on the bank website.
Chrome 64 Bits Installed (Kaspersky Protection) - Keylogging test window showed nothing i.e blank.
Click to expand...
so sounds like Kaspersky keystroke encryption is working.
Good job.
 
  • Like
Reactions: motox781, aragornnnn, Venustus and 2 others
H

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,026
  • Like
Reactions: Deleted member 2913 and aragornnnn
Terry Ganzi

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Kaspersky Total Security Boot Time Protection
cruelsister1
  • 9 months ago
  • 2,356 views
That is the reason I said what i said, because anything that happened in that video which was 9 months ago is not valid for Kaspersky 2017,look how much time has pass since then. If i upload a video on this forum showing Eset,Avast or emsisoft failure to protect from 9 months ago you will not hear the end of it,so how can it be valid for Kaspersky 2017?:confused:
 
  • Like
Reactions: motox781, Deleted member 2913, Logethica and 2 others
Status
Not open for further replies.

Similar threads

Mystic
    • Like
Advice Request Kaspersky Application Control weird behaviour.
Replies
11
Views
1,158
Kaspersky
Mystic
Mystic
Guilhermesene
    • Like
    • Applause
Hot Take [Tutorial] Update Kaspersky when starting the system automatically
Replies
9
Views
725
Kaspersky
Jonny Quest
Jonny Quest
upnorth
    • Like
    • Wow
    • +Reputation
Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover
Replies
1
Views
1,174
News Archive
R3j3ct
R3j3ct

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top