Theoretically speaking, if different types of malware files where to penetrate past Kapsersky's protection and get placed into "Low Restricted", how much damage is possible under default settings?
I use Sandboxie with Kaspersky too, no problem no slow downHere is a Kaspersky Enterprise KB regarding Application Control (which is the same for Kaspersky consumer products): Application Privilege Control
Even in Low Restricted malware can still mess with your system; the denied permissions are not strict enough.
If you know how to use Kaspersky, then you know to place any untrusted application into High Restricted with Interactive Mode enabled. However, you also need to be able to understand the HIPS alerts - because Kaspersky's HIPS doesn't tell you what to do - you have to decide for yourself what to do at each alert.
Unless one knows their OS quite well, one will be apt to make mistakes in responding to Kaspersky HIPS alerts. When in doubt - block - as you can always create allow rules after a file has been verified as safe.
In the evaluation of potentially malicious files, it is recommended to use a virtual machine, Sandboxie or Shadow Defender as opposed to using only Kaspersky's HIPS.
Sandboxie doesn't get along too well with Kaspersky and Kaspersky support officially states that Shadow Defender is incompatible with Kaspersky products (but I have used both together without any problems).
Thanks for the replies. I guess I should have clarified a bit more. I plan to install about 20 copies on different client PCs. Setting to Untrusted may work, but not Interactive due to these clients being normal users.
I was really just wondering about Low Restricted. It makes me wonder (if the protection is not that strong), why would Kaspersky implement it under default if it does very little proactively and acts almost as Trusted.
I use Sandboxie with Kaspersky too, no problem no slow down
YouTube tests I see, I rarely see Kas putting samples in HR or Untrusted, mostly programs are put in LR & I rarely see System Watcher detecting something too.
use default settings. On my Win 10 64 system all the programs are in Trusted except 1 i.e HDSentinel...I know the program is safe but cannot transfer it to trusted. Its in Low Restricted & works fine. I transfer it to Trusted but on next start of HDSentinel, Kas again puts it in LR. Not a prob as programs work fine in LR.
Youtube tests I mean the dynamic testing part. Nowadays I do check Malware Hub threads, I see LR but dont see SW. And LR too, like apps was placed in LR, sometimes sample process running & sometime sample process not running...But these same things I notice for others too, like Norton, etc..., sometimes sample process running & sometime not. So dont know if the sample process got killed by security protection or by itself after sometime?
- Trusted—no limitations
- Low Restricted—everything is allowed except for building into operating system modules
- High Restricted—interaction with operating system modules and other programs are prohibited. A program is allowed to work only with its own segment of system memory
- Untrusted—a program is prohibited even from starting
- Trusted. Applications with a digital signature by trusted vendors, or applications which are recorded in the base of trusted applications. These applications have no restrictions applied on actions performed in the system. Those applications' activity is monitored by Proactive Defense and File Anti-Virus.
- Low Restricted. Applications that do not have a digital signature from a trusted vendor, and which are not listed in the base of trusted applications. However, these applications have received low value of the threat rating. They are allowed to perform some operations, such as access to other processes, system control, hidden network access. The user's permission is required for most operations.
- High Restricted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have a high value of the threat rating. The applications of this group require the user's permission for most actions which affect the system: some actions are not allowed for such applications.
- Untrusted. Applications without a digital signature and which are not listed in the base of trusted applications. These applications have received a very high value of the threat rating. Application Control blocks any actions performed by such applications
...sometimes sample process running & sometime not. So dont know if the sample process got killed by security protection or by itself after sometime?
Sandboxie 5.x with my W8.1 & W10 Pro x64 systems does not work almost at all!. Browsers sanboxed don't work, only some specific applications work sandboxed, in general SB 5.x is not supported and does not work with Kaspersky 2016...
About Kaspersky protection in Low Restricted group, You can check the daily dynamic testing of malware samples in section:
and see Kaspersky performance in default settings (with some minor tweaks)