yes I will test it for sure. I'm using avast and that will be implemented soon. I can't wait
But first I will test BD's ATC and norton's SONAR (online/offline)
Kaspersky Internet Security - System Watcher only, no KSN - ransomware test
- Thread starter Evjl's Rain
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
But first I will test BD's ATC and norton's SONAR (online/offline)
- Jan 4, 2016
- 1,022
If one wanted to test now Avast Cybercapture, there is no way of disabling the signatures and letting CyberCapture active, right?
yes, it's true
- Jul 3, 2015
- 8,153
will these tweaks stop scripts, or only exe files?
From what I understand, Application control only applies to exe files.
If you want to block scripts, you will also have to make block rules individually for each script interpreter.
It depends on the situation: is the executable running the script being restricted or not? If yes, then it'll apply to it too.
The script cannot just do things without using the Windows API, not possible. The script is interpreted and the contents of the script is used to determine the code for the execution of the actions, which then bonds down to using the Windows API -> NTAPI -> triggers any hooks from Kaspersky, kernel-mode callback notifications, and the such.
I believe Kaspersky work with MSR hooks with the hyper-visor on a system-wide level (virtualization but it allows them to bypass PatchGuard problems on x64 systems); they probably use user-mode hooking also with injection to the restricted programs, and device drivers for kernel-mode callbacks.
Enjoy the internals info, it should be right.
- Jul 3, 2015
- 8,153
very cool, I didn't know. thanks!
@Wave, thanks for in-depth explanation, although it is a bit much for an amateur like myself. I am learning, but slowly...
- Jul 3, 2015
- 8,153
there is a different approach, which solves the problem of your legit apps not working.
1 move all the apps you use to trusted
2 switch to interactive protection, in other words, untick "perform recommended actions automatically"
3 disable "trust digitally signed applications"
4 set trust level for unknown applications to "untrusted"
now you will get a prompt for every unknown that tries to run, like in a typical default/deny setup.
This method was mentioned by a user on this forum, I don't remember who it was, but it sounded very good to me
EDIT: but it has the disadvantage that recommended protections will not be applied, you will have to decide on your own when you see a prompt.
Last edited:
Great job! Better than Emsisoft even! Could you test G Data?
I heard it has better BB than Emsisoft too.
They both work completely differently, you can't just compare the two. Kaspersky System Watcher works differently.
For example, Kaspersky have trust levels with rule sets for each trust level (restriction levels), and the rule sets support a lot of things. Whereas, Emsisoft have a cloud network for allowing through trusted objects only, and then perform monitoring to identify specific threat behavior or prevent specific activity occurring, as opposed to taking the trust restriction route.
- Oct 15, 2014
- 164
- Oct 22, 2016
- 409
- Jul 22, 2014
- 2,525
Unless Emsisoft changed this in the latest versions, Emsi checks the cloud after BB detected something suspicions enough; unfortunately it's not the other way round (first cloud check for all files, than BB monitors the leftover files).
Behaviour blocker -Anti-malware Network
Behaviour blocker -Anti-malware Network
Similar threads
