Kaspersky extreme settings vs default/optimal settings.

[gfgtkitkat34]

Let's assume I downloaded and executed a pirated software with a sophisticated malware in it capable of evading the default Kaspersky configuration/system watcher. Will Kaspersky extreme configuration stand a chance against something like that?

Kaspersky itself says in its software interface (I'm using Kaspersky Premium) that if you deal with risky sites and downloads, turn these settings into extreme. (File anti-virus, web protection, email protection, and a few other) What I'm wondering is: does it actually give the average consumer like myself any noticeable extra protection?

btw I have a fairly decent pc with tons of ram so I'm not worrying about that slows down your computer part much.

Thank you very much for your help.

 

[Bot]

Kaspersky's extreme settings do offer additional layers of protection and are more aggressive in identifying potential threats. However, no antivirus is 100% foolproof, especially against sophisticated malware. It's always recommended to avoid risky downloads and websites. The extreme settings might slow down your PC, but as you mentioned, you have a decent PC with plenty of RAM, so it should handle it well.

 

[BSONE]

Don't download and execute malware on a work or home computer. Full Stop.

 

[harlan4096]

Setting up Maximum Security in all modules may lead to system slowdown...

 

[Brahman]

If you have a powerful system, dual boot with a Linux distro, install windows on virtual drive and do whatever you wish.In that way even if a malware evades virtual drive, it can't do anything on a Linux system.

 

[gfgtkitkat34]

Don't download and execute malware on a work or home computer. Full Stop.

I said, Let's assume I downloaded a pirated version of a software that may be bundled with tricky, well-written malware (in this case, the user doesn't know about that; he has common sense, like using fairly trusted sources, reading comments before downloading anything, never turning off antivirus for any reason, etc., but he doesn't have coding knowledge, and his preferred choice of antivirus is Kaspersky).

 

[gfgtkitkat34]

If you have a powerful system, dual boot with a Linux distro, install windows on virtual drive and do whatever you wish.In that way even if a malware evades virtual drive, it can't do anything on a Linux system.

Never thought about that. That is a decent idea, actually, but I guess having a separate potato PC/laptop with a separate internet connection is the safest way to do online transactions and such if you deal with risky sites and downloads.

 

[gfgtkitkat34]

Setting up Maximum Security in all modules may lead to system slowdown...

But will it provide somewhat extra protection? (Better behavioral detection for example.)

 

[RoboMan]

The answer lies in Application Control. Set both configuration options to Untrusted and disable "Trust on signed files". Any unknown payload this pirated software downloads will be automatically blocked from executing. The only way it can infect you is if you manually head to the Application Control's options and unblock the malware file. If you do this, then there's nothing security can do for you.

PS: I think in the newer versions Application Control is now called Intrusion Prevention.

 

[gfgtkitkat34]

The answer lies in Application Control. Set both configuration options to Untrusted and disable "Trust on signed files". Any unknown payload this pirated software downloads will be automatically blocked from executing. The only way it can infect you is if you manually head to the Application Control's options and unblock the malware file. If you do this, then there's nothing security can do for you.

Hi Robo man, Will setting both configuration options to high restricted and disable "Trust on signed files") result in a disaster? After everything, we're talking about a hypothetical software from a sketchy site where Kaspersky didn't detect anything before or after execution.

 

[harlan4096]

I have both even in UnTrusted

 

[jamey910111]

in my amateur amateur, even on default settings kaspersky will protect u 100%. the difference is that extreme settings would prevent u from doing that in the first place, but if u do get it executed kaspersky will then still block/manage it for you. i think extreme settings arem more preventative, that's all - they won't allow things like that to even be attempted, but even if it was somehow attempted kaspersky should still protect u from it....

 

[mlnevese]

I remember seeing a test years ago where maximum sensitivity really didn't detect anything normal didn't. But you should never automatically trust signed files.

 

[gfgtkitkat34]

I remember seeing a test years ago where maximum sensitivity really didn't detect anything normal didn't. But you should never automatically trust signed files.

Always unchecked "trust digitally signed applications." Amen for that.

 

[jamey910111]

I remember seeing a test years ago where maximum sensitivity really didn't detect anything normal didn't. But you should never automatically trust signed files.

If I were to uncheck that option - is it possible to get a notification if something is blocked? Cause i think once this casued an issue with an application update and it took me like 2 hours to realize that it was being blocked by kaspersky because I had that option unchecked. Now I do have the options set for intrusino prevention so that any application that cannot be added to existing groups gets added to the High Restriction group - but i am just confused as to how i can tell if a notification about intrusino prevension will relate to the "trust digitally signed application" or the "restricted group"

 

[harlan4096]

In Notifications settings -> Intrusion Prevention, You can enable a warning in screen when an app is moved to Restricted group, but it does not specify the group, better than nothing...

 

[RoboMan]

Hi Robo man, Will setting both configuration options to high restricted and disable "Trust on signed files") result in a disaster? After everything, we're talking about a hypothetical software from a sketchy site where Kaspersky didn't detect anything before or after execution.

It shouldn't. But don't restrict them, set both on Untrusted.

 

[lokamoka820]

I will try to divide my answer for points to make it clearer to understand some elements here:

Security product is not completely about just protection, there is performance and usability and another factors to consider, so if you ask your self why security company used the default setting (which by the way you called it optimal), because it will give you the best results on all factors as a user, you don't need with maximum protection a slow experience or too many false positives.

And if you checked the security products test site like AV-Comparatives and AV-TEST (which by the way use the product's default settings) you will find that they will protect you from 99.99% from all kind of malware in situations that you will never face as a normal user, so you will be protected.

Finally, don't rely on YouTube video test recommendations, when they tell you that a product is not secure depending on their tests, no one download 1000 sample of new malware and run them in one-shot to show how security product will do, this will not happen in real word, and you will mostly never experience this with your PC.

 

[jamey910111]

It shouldn't. But don't restrict them, set both on Untrusted.

I will change mine from high restricted to untrusted as you and @harlan4096 recommend then since i had set the two groups to high restricted as shown in attachment - i guess high restricted is itself a kind of vulnerability while untrusted is foolproof