Advice Request Kaspersky Interactive Mode

[shmu26]

when you put Kaspersky into interactive mode, does it produce alerts also for actions that would have been automatically blocked, or only for actions that would have been automatically allowed?
If the former, is there a way for the user to know which actions it is recommended to block?

 

[Berny]

Kaspersky is always sending an alert on any detection,
but you will however not get prompted for actions that have been automatically allowed.
When enabling the option "Non Critical Events" the detailed report Log
will contain all Kaspersky's actions regardless allowed or not.

Personally i think that your best option is to let always Kaspersky decide how to handle a threat.
Another (not recommended) procedure is to disable the Interactive Protection,
then at your own risk allow the detected suspicious object that you consider as "safe"
and move it to the Trusted Zone, then re-enable the Interactive Protection.
Also consider that a FP is always possible, but these cases can only fixed by K-Lab.

 

[shmu26]

To reiterate the question: does interactive mode ask you about certain actions that automatic mode would block?

 

[509322]

To reiterate the question: does interactive mode ask you about certain actions that automatic mode would block?

Interactive Mode only generates alerts for Low and High Restricted programs in Application Control.

The number of alerts can be huge - especially registry alerts. And the alerts are not always the easiest for users to understand.

 

[shmu26]

Interactive Mode only generates alerts for Low and High Restricted programs in Application Control.

The number of alerts can be huge - especially registry alerts. And the alerts are not always the easiest for users to understand.

once you have it set up, you usually only get alerts when a program is updating. You have to "trust" the installer to stop the flood of alerts.

 

[509322]

once you have it set up, you usually only get alerts when a program is updating. You have to "trust" the installer to stop the flood of alerts.

I don't know how it works now, but in the past interactive mode would generate HIPS alerts upon the execution of any Low or High Restricted programs. Anyway, K HIPS was a hassle for even me - and I had to keep testing a few things over-and-over to figure out how the user response in the alert is made permanent in the Application Control rules.

 

[shmu26]

I don't know how it works now, but in the past interactive mode would generate HIPS alerts upon the execution of any Low or High Restricted programs. Anyway, K HIPS was a hassle for even me - and I had to keep testing a few things over-and-over to figure out how the user response in the alert is made permanent in the Application Control rules.

You probably disabled trust of KSN, and you had a lot of programs in the Low and High Restricted category.
I enable KSN, and I try to keep my programs to the Trusted category.

 

[509322]

You probably disabled trust of KSN, and you had a lot of programs in the Low and High Restricted category.
I enable KSN, and I try to keep my programs to the Trusted category.

No, I didn't disable KSN... I just tested with files unknown to KSN. On the fringes, KSN isn't that great - and can result in an infection. That's the problem with all reputation-based queries - except, Emsisoft AntiMalware Network has proven, at least to me, the most reliable.

 

[shmu26]

No, I didn't disable KSN... I just tested with files unknown to KSN. On the fringes, KSN isn't that great - and can result in an infection. That's the problem with all reputation-based queries - except, Emsisoft AntiMalware Network has proven, at least to me, the most reliable.

So I disabled KSN, with TAM enabled, in interactive mode, and I expected a nuclear meltdown when I rebooted.
But no, Kaspersky continued to trust Microsoft files.
A few of my apps slipped down into Low Restricted.

 

[harlan4096]

K2017d or K2018?

 

[shmu26]

K2017d or K2018?

K2017d