Advice Request Kaspersky Application Control weird behaviour.

Please provide comments and solutions that are helpful to the author of this topic.

Mystic

Level 4
Thread author
Verified
Aug 25, 2022
141
I am using Kaspersky Internet Security and it has been servig me well. I noticed a weird behaviour in the Application Control module. I have set Kaspersky not to trust digitally signed application. Thus when I install Wondershare PDFelement, some excutable files get restricted by Kaspersky which is the intended behaviour.

The problem happens when I install the very same application but via Revo Uninstaller Portable (to monitor installation files). When I install PDFelement using Revo Uninstaller, no excutables get restricted. Maybe because Revo is trusted? I don't know.

I wish I could provide logs, but unfortunately I have just reinstalled Windows. Maybe someone who is using Kaspersky could reproduce this? Thank you.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
When I install PDFelement using Revo Uninstaller, no excutables get restricted. Maybe because Revo is trusted? I don't know.
Yes, this is the reason. From my experience with Kaspersky's Application Control aka Intrusion Prevention, when something is spawned from a trusted process, those subsequent processes are also trusted by Kaspersky. So your assumption is correct, I think.
 

Mystic

Level 4
Thread author
Verified
Aug 25, 2022
141
Yes, this is the reason. From my experience with Kaspersky's Application Control aka Intrusion Prevention, when something is spawned from a trusted process, those subsequent processes are also trusted by Kaspersky. So your assumption is correct, I think.
Hmm. If that's the case, does it affect the overall level of protection?
The problem is I don't want to install any applications without monitoring them with Revo so that when time comes and I want to change them, they get removed with all their leftovers.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
Hmm. If that's the case, does it affect the overall level of protection?
The problem is I don't want to install any applications without monitoring them with Revo so that when time comes and I want to change them, they get removed with all their leftovers.
Probably not if you're only installing applications that you trust. But still, overall maybe it kind of undermines the unique ability of Application Control's restriction feature since now probably all of those installed application will be placed in the Trusted category.
 

Mystic

Level 4
Thread author
Verified
Aug 25, 2022
141
Probably not if you're only installing applications that you trust. But still, overall maybe it kind of undermines the unique ability of Application Control's restriction feature since now probably all of those installed application will be placed in the Trusted category.
Yes I am very careful when installing new application.

This js exactly my point. You hit the nail. I did untick "Trust Digitally Unsigned Applications" for a reason. Now the aforementioned scenario does, defeat the purpose of what I changed in Kaspersky settings.
 

Mystic

Level 4
Thread author
Verified
Aug 25, 2022
141
Looking at Ashampoo website, their Uninstaller has an interesting way for monitoring installations of programmes. You create a system snapshot, run the installer, and then create another system snapshot. Ashampoo will compare the two snapshots and view any system changes.
I might give it a try to avoid the problem I described in my first post.

I will also contact Kaspersky support for further details and to see if sth can be done about it.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
You may control the behavior of an installer with this:

1661608309590.png


Adding the installer manually to Trusted group, then modifying in its rules those 2 settings, before execution...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top