Kaspersky IS settings?

[Chippel]

Hey,

do you tweak your settings after installation? I wonder if the default settings are "strong" enough against threads and 0 day detection. Is the performance impact huge?

 

[jamescv7]

Based on my observation and numerous guides for tweaking, default settings are already good at primetime and one of the major feature is so called Application Control Privilege which you can control by blocking all unknown programs as Untrusted instead of by checking on heuristics analyzer.

Others from web filter by enabling geolocation feature for adding such information to its blocking effectiveness then the rest by changing the sensitivity level of protection.

 

[Chippel]

So, how big is the performance impact between default and max settings? Moreover: Is there any difference between max settings and the default settings when I set unknown applications to "untrusted"?

 

[illumination]

So, how big is the performance impact between default and max settings? Moreover: Is there any difference between max settings and the default settings when I set unknown applications to "untrusted"?

Any time you change a suite from default to max settings there will be system response performance impact, whether it is slight or tremendous really depends on the system.

Setting unknown applications to untrusted can produce problems possibly with programs installed or programs later you wish to install, you will have to manually allow these programs each time. KIS is a strong suite, one that out of the box does a pretty good job. I would not recommend changing the settings if you are not that familiar with Kaspersky..

 

[jamescv7]

@Chippel : When you set applications to be untrusted it will immediately apply preventive measures for executing even other configurations are set on max or default settings.

Default settings of Application privilege is based on heuristic analyzer and majority of malicious software when bypass realtime protection, it will determine either low or high restriction + likely it depends if totally flagged as untrusted.

 

[Chippel]

I just feel the "auto" feature of the application control is not safe enough duo RAT software which is encrypted. I'm just playing with the settings and I can't decide which settings to use.

 

[jamescv7]

http://support.kaspersky.com/learning/courses/kl_102.98/chapter3.1/section2

Highly suggest to consult this section which is all about Application Control, its really design for advance/experience users due to its configuration.

 

[Tony Cole]

Set application control to untrusted, the geolocation features is no longer available with KIS 2015 MR1/MR2, change the settings in system watcher:

Exploit protection - block
Application activity control - select action automatically
Rollback of malware actions - rollback

By changing these settings, nothing will be able to bypass Kaspersky.

 

[Chippel]

Well if I set it to untrusted a lot of legal applications will be blocked

 

[Exterminator]

KIS offers very good protection by default. If you are unsure or not an experienced user changing these might cause you difficulties both on system performance as well as running programs.Personally I think you would be fine using the default settings.

 

[Tony Cole]

No, I have only had a few legal programs blocked. Kaspersky has an extensive white list and only brand new legal programs stand the chance of being blocked, but I would rather have that than come across a piece of ransomware or worm etc.,