Question Kaspersky Plus: What do you guys think I have to configure?

[RoboMan]

Your redundancy in this case should be
1.OS image backup and data backup at three different locations.
2. Properly configured system wide doh with filtering capabilities like a nextdns or similar
3. A browser based ad blocker
4. A good router with a strong firewall and decent update schedule like asus, mikrotik or unify.

Isn't 3 locations for your data a bit much for home users? I just have an OS image and I backup my files in OneDrive. Never had any issue. OneDrive even has a rollback for your files if you got ransomware'd.

 

[Brahman]

Hi @Brahman I have 1,2,3,4. I use Quad9 doh, but not nextdns. Is that better ? My router is by MikroTik.

I also use mikrotik. Quad 9 is not bad; in fact, it's pretty good. With nextdns you get logs and configurable block lists. You can configure nextdns doh in mikrotik router itself. Instructions are there on the settings page of nextdns. The image is just an example, The last line will change according to your account configuration.




After configuration it might look like this

 

[cartaphilus]

Hi @Brahman I have 1,2,3,4. I use Quad9 doh, but not nextdns. Is that better ? My router is by MikroTik.

EDIT I lied about point 1 without thinking. I have 2 locations only.

.....and only one of those locations have been updated at frequency period of 1 month.

 

[ForgottenSeer 123960]

Isn't 3 locations for your data a bit much for home users? I just have an OS image and I backup my files in OneDrive. Never had any issue. OneDrive even has a rollback for your files if you got ransomware'd.

The most critical flaw in the your logic is ignoring identity-level compromise. If Microsoft's automated algorithms flag your account for suspicious activity, or if your credentials are stolen, access to all cloud backups is instantly severed. You cannot roll back a OneDrive account you cannot log into.

Live-sync cloud storage is a two-way street. If your local machine is hit by a modern ransomware strain, the sync engine will immediately push those newly encrypted, corrupted files up to the cloud. While OneDrive does have a rollback feature, advanced threat actors know this; they routinely target your Microsoft 365 identity first, using stolen credentials or session tokens to purge your cloud version history before they ever drop the encryption payload on your local machine.

This is exactly why cybersecurity frameworks and government agencies like CISA now strongly recommend the 3-2-1-1-0 backup rule rather than the outdated baseline models. This modern standard mandates keeping three copies of your data across two different media types, with one offsite, and crucially, one that is either immutable or completely 'air-gapped.' An air-gapped backup is an external hard drive that is physically unplugged and sitting in a drawer. It has an attack surface of absolute zero. A hacker on the other side of the globe cannot encrypt a piece of hardware that has no physical connection to a network or a power source. Relying exclusively on the cloud is a gamble on normalcy; true data resilience requires physical isolation.

 

[Brahman]

The most critical flaw in the your logic is ignoring identity-level compromise. If Microsoft's automated algorithms flag your account for suspicious activity, or if your credentials are stolen, access to all cloud backups is instantly severed. You cannot roll back a OneDrive account you cannot log into.

Live-sync cloud storage is a two-way street. If your local machine is hit by a modern ransomware strain, the sync engine will immediately push those newly encrypted, corrupted files up to the cloud. While OneDrive does have a rollback feature, advanced threat actors know this; they routinely target your Microsoft 365 identity first, using stolen credentials or session tokens to purge your cloud version history before they ever drop the encryption payload on your local machine.

This is exactly why cybersecurity frameworks and government agencies like CISA now strongly recommend the 3-2-1-1-0 backup rule rather than the outdated baseline models. This modern standard mandates keeping three copies of your data across two different media types, with one offsite, and crucially, one that is either immutable or completely 'air-gapped.' An air-gapped backup is an external hard drive that is physically unplugged and sitting in a drawer. It has an attack surface of absolute zero. A hacker on the other side of the globe cannot encrypt a piece of hardware that has no physical connection to a network or a power source. Relying exclusively on the cloud is a gamble on normalcy; true data resilience requires physical isolation.

Explained extremely well. This two different media types saved me once, as my backup on veem refused to reimage from nas, i don't know why but it happened. I re-imaged my system using 2nd image residing on my hdd created by windows own backup function.

 

[Zero Knowledge]

Honestly if you have AppGuard you don't need Kaspersky Plus with all its bells and whistles. A simple AV/AM like NOD32 or lowest tier Kaspersky or even AVG/Avast free.

Even WD together with AppGuard would be great. Don't over complicate matters, sometimes it defeats the purpose of protection.

You can have 100 security apps, HIPS up the wazoo but then if you fall for a phishing email or your data is in a huge breach then all the security apps in the world wont matter.

 

[Victor M]

@Zero Knowledge I am not using AppGuard for this machine.

 

[Zero Knowledge]

@Zero Knowledge I am not using AppGuard for this machine.

Sorry misread your post, the AppGuard example/analogy got me, thought you were using it as well as K.

Second thoughts, Kaspersky is good and their detection/protection is awesome but sadly the geo-political situation makes it very hard to use it.

Personally I would go with ESET/AVAST/AVG, no political issues or problems and solid protection.

 

[Szellem]

My question is: how can I optimize Kaspersky Web Protection so that web pages load faster without compromising security?
This version 21.24 isn't Kaspersky's best work. With the "b" patch, web pages load noticeably slower.

 

[harlan4096]

My tips:

1.- Light Scan:



2.- Disable (if used), Anti-Banner and Private Browsing modules. Use extensions for that purpose in Your browsers.

3.- If You don't use Safe Money, disable Inject script:




4.- Disable completely Scan of Encrypted Connections (I PERSONALLY DO NOT RECOMMEND IT):

 

[Khushal]

My tips:

1.- Light Scan:

View attachment 296817

2.- Disable (if used), Anti-Banner and Private Browsing modules. Use extensions for that purpose in Your browsers.

3.- If You don't use Safe Money, disable Infect script:


View attachment 296818

4.- Disable completely Scan of Encrypted Connections (I PERSONALLY DO NOT RECOMMEND IT):


View attachment 296819

I hope harlan reports web performance issues to his Kaspersky's peers (if not superiors)

 

[SeriousHoax]

4.- Disable completely Scan of Encrypted Connections (I PERSONALLY DO NOT RECOMMEND IT):

For Kaspersky, another downside of disabling it is that Kaspersky has some signatures that are made only for the WebAV component. They are not detected by the FileAV component. So if a malicious script is loaded and it's even saved in the browser cache, Kaspersky won't detect it if scanning of encrypted web connections is disabled. The separation was done to improve performance but there's this one downside.

 

[harlan4096]

I have it by default (upon request), but also have SuperMITM feature enabled.

 

[Khushal]

My question is: how can I optimize Kaspersky Web Protection so that web pages load faster without compromising security?
This version 21.24 isn't Kaspersky's best work. With the "b" patch, web pages load noticeably slower.

What are your system specs?

 

[TuxTalk]

I’m reading all these kind of overkill systems for home users. People are too paranoia now a days . If one suite slightly lets a virus go through immediately change the security suite and then that one fails at one point and guess what ? Change again ! For me just install sit and forget you are not a target of you are not a company or a vip.

 

[SeriousHoax]

I have it by default (upon request), but also have SuperMITM feature enabled.

Is it available again now? I remember you telling me that it was in beta but wasn't released for the stable version.

 

[harlan4096]

No, still has to be done manually... but can be enabled in any recent stable version, even in KES.

I created a small tutorial:

337 KB file on MEGA

mega.nz

 

[Szellem]

What are your system specs?

Core i9 9900K, Maximus X Hero mainborad, 32GB Ram, 2x2TB SSD Samsung 990 Pro, 6TB HDD Westerndigital (only torrent), RTX 3080TI. And Windows 11 Pro last updated. That my system.

 

[Szellem]

I’m reading all these kind of overkill systems for home users. People are too paranoia now a days . If one suite slightly lets a virus go through immediately change the security suite and then that one fails at one point and guess what ? Change again ! For me just install sit and forget you are not a target of you are not a company or a vip.

I couldn't care less about that line of thinking. Not yours, but what you wrote—that if something lets something through, it needs to be replaced immediately. That's bullshit. Everything has its weaknesses. I'm more concerned with it not causing any system impact, or at least keeping it to a minimum. I hope what I wrote made sense. My English isn't perfect.

 

[Szellem]

My tips:

1.- Light Scan:

View attachment 296817

2.- Disable (if used), Anti-Banner and Private Browsing modules. Use extensions for that purpose in Your browsers.

3.- If You don't use Safe Money, disable Inject script:


View attachment 296818

4.- Disable completely Scan of Encrypted Connections (I PERSONALLY DO NOT RECOMMEND IT):


View attachment 296819

Thanks, bro! I'll get right on it. I'm not going to disable secure connections. That's not a good solution. I noticed that too, because then, unfortunately, things slip through from the web. But I'll take care of the rest and get back to you. I really appreciate your help.