Q&A Kaspersky Internet Security 2021 settings suggestion

rndmblk

Level 3
Nov 18, 2020
91
Took settings from Q&A - Soulbound's Kaspersky Internet Security 2020 settings (adaptable) and updated for KIS 2021. Mainly just some minor menu differences

Assumptions:
- Rootkit scan has run once, successfully
- Utilising a preferred Adblock solution such as uBlock

Installation options:
- Did not install Parental Control (separate download for KIS 2021)
- Uninstalled Kaspersky VPN

Thanks @Soulbound and @harlan4096 for your original work :)

Access Settings by clicking the Cog icon in the lower left of the main window.

Protection Settings:
Turned off:
Essential Threat Protection > Mail Anti-Virus (leave on if using mail client)
Security Controls > Software Updater
Security Controls > Anti-Banner
Security Controls > Anti-Spam
Data Protection > Private Browsing
Data Protection > Safe Money

Within Protection settings:
File Anti-Virus settings:
- Action on threat - Disinfect; block if disinfections fails
- Advanced settings - Scan methods - Heuristics - Light Scan

Web Anti-virus settings:
- Advanced settings - Scan Methods - Tick 'Check the URL against the database of URLs containing legitimate applications that can be used by criminals to damage your computer or personal data'

Sytem Watcher settings:
- Exploit Prevention - On threat detection Block Action
- Application Activity control - Delete the Application
- Rollback of applications actions - Rollback

Application Manager:
Tick:
- During installation of applications, automatically clear check boxes for installation of additional software. Warn about any attempts to install additional programs
- Do not display installation steps that may contain advertisements and offers to install additional programs

Untick:
- PC Cleaner

General Settings:
- Operating mode - Perform Recommended Actions Automatically - unticked

Network settings:
- Encrypted connection scanning - select Scan encrypted connections upon request from connection components

Interface settings:
Notifications > Untick Enable notification sounds
News Notifications > Untick Receive informational messages and advertisements from Kaspersky
Promotional materials > Untick Show information about special offers
Promotional materials > Untick Receive informational messages and advertisements after the current licence expires

Scan settings:
Back at main screen click on Scan. Scroll to the bottom to find Background Scan. Click the cog icon. Can turn off the background scan to disable automatic scan for rootkits. NB. Recommended to untick only after the first automatic Rootkit scan is complete - will happen within 24 hours of first install
 
Last edited:

rndmblk

Level 3
Nov 18, 2020
91
For extra lightness, I have configured File Antivirus -- Scan Mode -- On execution

Also, in Network Settings, I have disabled "Inject script into web traffic" to speed up browsing.

Thanks for the tips!
Thanks for your comments.

Do you also have URL advisor disabled? I see that 'Inject script into web traffic' is required for Safe Money, Private Browsing, URL advisor, Anti-Banner and Parental Control. I have the others disabled but had URL advisor enabled
 

RoboMan

Level 32
Verified
Content Creator
Jun 24, 2016
2,175
Thanks for your comments.

Do you also have URL advisor disabled? I see that 'Inject script into web traffic' is required for Safe Money, Private Browsing, URL advisor, Anti-Banner and Parental Control. I have the others disabled but had URL advisor enabled
I do not use Safe Pay, Parental Control, Anti Banner or URL advisor. Also I have not installed Kaspersky extension in the browser. My first line of defense relies on Application Control configured as "default-deny" moving to UNTRUSTED group (therefore denying execution) of all files that are either unsigned or signed by a vendor that's not included in the Trusted Vendors List.
 

rndmblk

Level 3
Nov 18, 2020
91
I do not use Safe Pay, Parental Control, Anti Banner or URL advisor. Also I have not installed Kaspersky extension in the browser. My first line of defense relies on Application Control configured as "default-deny" moving to UNTRUSTED group (therefore denying execution) of all files that are either unsigned or signed by a vendor that's not included in the Trusted Vendors List.
Thanks again for sharing. I'll have a look at setting up a similar configuration for myself
 

rndmblk

Level 3
Nov 18, 2020
91
My first line of defense relies on Application Control configured as "default-deny" moving to UNTRUSTED group (therefore denying execution) of all files that are either unsigned or signed by a vendor that's not included in the Trusted Vendors List.
I followed the steps you outlined previously (Kaspersky's Application Control: what is it, how it works)

I unticked the 'trust digitally signed applications' box but left 'load rules for applications from KSN' as ticked. I then started up the main applications that I use. In my case they all started up without issue and connected to the internet. When I click Manage Applications I see that they have been added as Trusted applications.

My understanding is that applications get added as Trusted if they match a KSN rule and if they don't match a KSN rule they won't run (as I set unknown apps to untrusted). Is it correct to say that this App Control wouldn't stop the app from running if it was modified? if an undetected piece of malware changed the contents of abc.exe because abc.exe as an application is trusted it would still launch? i.e. it's not matching against 'known good' copies of the files?
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,301
if an undetected piece of malware changed the contents of abc.exe because abc.exe as an application is trusted it would still launch? i.e. it's not matching against 'known good' copies of the files?

If this occurs, being abc.exe a Trusted application, then will have probably a different hash and rules for unknown applications will be applied :)
 

rndmblk

Level 3
Nov 18, 2020
91
@rndmblk

You can set KIS to further harden it. Check out some threads in Kaspersky section
Thanks @HarborFront - my intent in the first post was to be a minor update to Soulbound's "light" settings, but Roboman's Application Control settings seem like a good hardening option without noticeable slowdown (in my testing so far)
 
Last edited:

RoboMan

Level 32
Verified
Content Creator
Jun 24, 2016
2,175
Aforementioned by @harlan4096, hash will probably differ from the original. Furthermore, given the case a malicious application tried to modify a legit file, Application Control would block at first sight such app, since probably it won't match the basic execution standards (it would need to be signed by a Trusted Vendor, and the chances of a Trusted Vendor releasing a malicious application to modify other files are close to 0%).
 
F

ForgottenSeer 89360

Not probably, definitely MD5 and SHA256 will be totally different, even if you change one byte in the file.
There are other hashing techniques that might remain similar throughout various modifications (SSDEEP for example), but they are not utilised here.
 

rndmblk

Level 3
Nov 18, 2020
91
Have reinstalled KIS. Using settings @Soulbound (Q&A - Soulbound's Kaspersky Internet Security 2020 settings (adaptable)) + @RoboMan (Kaspersky's Application Control: what is it, how it works) and some suggestions for 'lightness'

1) Configure Application Control as "default-deny" moving all files that are either unsigned or signed by a vendor that's not included in the Trusted Vendors List to UNTRUSTED group (therefore denying execution) - Per Kaspersky's Application Control: what is it, how it works

2) Disable ununsed components
Access Settings by clicking the Cog icon in the lower left of the main window.

Settings>Protection:
Turned off:
Essential Threat Protection > Mail Anti-Virus (leave on if using local mail client)
Security Controls > Software Updater
Security Controls > Anti-Banner
Security Controls > Anti-Spam
Data Protection > Private Browsing
Data Protection > Webcam protection
Data Protection > Safe Money

Settings>Additional
Turned off:
On Screen Keyboard
Secure Keyboard Input

Settings>Interface:
Turned off:
Notifications > Enable notification sounds
News Notifications > Receive informational messages and advertisements from Kaspersky
Promotional materials > Show information about special offers
Promotional materials > Receive informational messages and advertisements after the current licence expires


3) Optimise enabled components
Access Settings by clicking the Cog icon in the lower left of the main window.

Protection settings>File Anti-Virus:
- Action on threat - Disinfect; block if disinfections fails
- Advanced settings - Scan methods - Heuristics - Light Scan
- Advanced settings - Scan Mode - On execution

Protection settings>Web Anti-virus:
- Advanced settings - Scan Methods - Tick 'Check the URL against the database of URLs containing legitimate applications that can be used by criminals to damage your computer or personal data'
- Disable “URL advisor”

Protection settings>System Watcher:
- Exploit Prevention - On threat detection Block Action
- Application Activity control - Delete the Application
- Rollback of applications actions - Rollback

Protection settings>Application Manager
Tick:
- During installation of applications, automatically clear check boxes for installation of additional software. Warn about any attempts to install additional programs
- Do not display installation steps that may contain advertisements and offers to install additional programs

Untick:
- PC Cleaner

Settings>General:
- Operating mode - Perform Recommended Actions Automatically - unticked

Settings>Network:
- Disable "Inject script into web traffic"
- Encrypted connection scanning - select Scan encrypted connections upon request from connection components
 

rndmblk

Level 3
Nov 18, 2020
91
After re-reviewing @Soulbound's settings I have made a couple of changes.

1) Under Application Control set ‘Trust group for applications started before startup of Kaspersky’ to High Restricted (was Low Restricted)
2) Under Settings > Network set Do not scan encrypted connections (was Scan encrypted connections upon request from connection components)

Rootkit scans
One setting that appears to have been in KIS 2020 and KTS (might still be there for KTS?) is under the Performance section and was called "Search for software that is intended to conceal traces of a malicious program in the system (rootkits)"

KIS 2021 doesn't have a setting group sepcifically called Performance. Instead, Performance is part of General. It now consists of only three settings:
- Disable scheduled tasks while running on battery power
- Use gaming mode
- Postpone computer tasks when the CPU and disk systems are at high load

KIS 2021 background scan includes a rootkit search. However, this scan is an 'all or nothing'. If it is enabled you get a prompt 'When enabled the scan works in automatic mode and does not need to be configured'. So it seems the only way to disable ongoing background rootkit scans (after allowing at least one full rootkit scan to complete) is to disable background scans completely.

Protected Folders
I've implented protected folders via the Application Control function as outlined here - KIS/KTS/KSC Cloud - Implementing Protected Folders via Manage Resources
 
Last edited:

carl fish

Level 5
Verified
Mar 6, 2012
207
I have a question under Web Anti-virus settings: configure url advisor there is a drop down: checked url's: only url in search results or all url's, does anyone know what this setting does?
 
  • Like
Reactions: Correlate

carl fish

Level 5
Verified
Mar 6, 2012
207
Within Protection settings: File Anti-Virus settings: I currently have this on Disinfect; block if disinfections fails, what is the difference if its set on automatic also what happens if turn off perform recommended actions in the general settings, is it better to leave this turned on?
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
7,301
what is the difference if its set on automatic also what happens if turn off perform recommended actions in the general settings
This enables Interactive Mode...

File Anti-Virus settings: I currently have this on Disinfect; block if disinfections fails, what is the difference if its set on automatic


 
Top