App Review Kaspersky Premium vs McAfee Advanced

[RoboMan]

Kaspersky's Application Control can you give more advice to use it ?
Thanks !

~Tachikoma

Sure!

Advice Request Thread 'Kaspersky's Application Control: what is it, how it works'

Oct 3, 2019

I'm pretty sure you have heard about Kaspersky being recommended. Here, by friends, on the internet. But... why?

To start with, Kaspersky is a very complete and powerful suite, includes several modules that together can outsmart pretty much most malware if correctly configured. This thread is about a specific module: Application Control. What is it? How does it work? How to set it up?

Spoiler: FAQ

1. Why Kaspersky?
Kaspersky is definitely a market leader, with huge experience in the cybersecurity area and innovation, winning multiple awards and prizes for the great protection it can...

• RoboMan
• Replies: 31
• Forum: Kaspersky

• 
• 
• 

As for how to set it up, browse this thread and head to "Intrusion Prevention":

Hot Take Thread 'RoboMan's Kaspersky 2023 Light & Solid Settings'

Apr 17, 2023

Hello and welcome to RoboMan's ultimate and most life-changing guide: How to configure Kaspersky 2023 for a light & solid protection.

In this thread you'll find some tips and tweaks you can perform on your Kaspersky's suite in order to make sure you are well protected, yet your system runs smooth and light as you want it to be.

Let's go to some Q&A!

Spoiler: FAQ

Why Kaspersky, oh dear RoboGod?
Because Kaspersky is a market...

• RoboMan
• Replies: 56
• Forum: Kaspersky

• 
• 
• 

 

[Khushal]

In this video, we will compare two leaders in IT security: Kaspersky and McAfee.
Both antivirus programs use the same protocol: URL, malware pack with various types of malware (Trojans, infostealers, exploits via JS/VBS, viruses, worms, etc.).
No fake cracks, I don't have any more at the moment.
Let's see if our two challengers can clean up the machine!



URL test :

- Kaspersky : Kaspersky blocks all malicious URLs (9/9)
URL number 5 is a false positive—a cleaner belonging to Kingsoft. Ignored.
- McAfee : McAfee blocks all malicious URLs - 9/9
URL number 5 is a false positive—a cleaner belonging to Kingsoft. Ignored.

Malware Pack :

- Kaspersky : Kaspersky leaves 21 files out of 85, which is a good score.
Upon launch, Kaspersky lets 1 file through (it tries to slow down the machine, I have trouble launching a file at one point, but everything calms down after that).
Two others will launch but will not perform any action; one is a hack tool and the other is a PUP that the web protection will block.

- McAfee : McAfee leaves 7 out of 85 files; its engine is ahead of Kaspersky.
Upon launch, McAfee will miss the N-Able remote control tool, which will install all of its friends without any reaction (such as AlertaAgent).
A script will also attempt to pass, but McAfee will block the final payload.

SOS scan :

- Kaspersky : 0 / NPE : 6 (PUP)
- McAfee : 0 / NPE : 0 / KVRT : 0 (Defender Control - Ignored)

Conclusion: Both antivirus programs perform very well and have proven to be equally effective!
It's a tie: both antivirus programs have one piece of malware in memory (Kaspersky has one file, while McAfee has one active process created by N-Able).
Both are highly recommended, and it's a tie!

Thanks for the test.
Mcafee expected winner especially if a lot of exes are involved.
But it's protection suffers badly if u tests it against scripts worms batch files and fileless malware.
Considering Kaspersky is lazy to put signatures on even the most obvious malware this was bound to happen.

 

[Parkinsond]

Considering Kaspersky is lazy to put signatures on even the most obvious malware this was bound to happen.

The lazy Russian bear is relying more and more on behavioral protection, just as the Romanian dragon-wolf, with less consideration of signature protection.

 

[Khushal]

The lazy Russian bear is relying more and more on behavioral protection, just as the Romanian dragon-wolf, with less consideration of signature protection.

It is confident perhaps a bit too overconfident on its multi layered protection. It is near perfect but still not perfect.

 

[Khushal]

The lazy Russian bear is relying more and more on behavioral protection, just as the Romanian dragon-wolf, with less consideration of signature protection.

B does provide a lot of generickd generic generickd genericks etc. signatures but they don't act as heuristics just a blacklist. I prefer bear's approach over that.

 

[harlan4096]

Talking about K. hum... I disagree in part, K. have also many generic signatures, that can detect different variants of malware, etc... K. also have an acceptable Heur detection. It is impossible to create and add a signature for all the new malware that appears daily, in addition to being nothing practical and unsustainable over time.

About PUP/PUA/Adware K. detection, it's true that they follow a very strict rule to add detections, in many cases due to not infringe legal matters.

 

[Khushal]

Talking about K. hum... I disagree in part, K. have also many generic signatures, that can detect different variants of malware, etc... K. also have an acceptable Heur detection. It is impossible to create and add a signature for all the new malware that appears daily, in addition to being nothing practical and unsustainable over time.

About PUP/PUA/Adware K. detection, it's true that they follow a very strict rule to add detections, in many cases due to not infringe legal matters.

I agree however K does not detect unknown malware statically and relies heavily on dynamic analysis to prevent false positives.
No wonder it does so well in my independent labs and is No.1 in my independent testing against all kinds of windows malware but it still needs to improve signature detection.

 

[Berny]

in many cases due to not infringe legal matters.

100% correct !

 

[Divine_Barakah]

100% correct !

I might be wrong, but it seems that PUPs are not as widespread as they once were.

 

[Berny]

I might be wrong, but it seems that PUPs are not as widespread as they once were.

Also correct but from to time we are still requesting an AdwCleaner Log → Showing results for 'adwcleaner'. - Kaspersky Support Forum

 

[Miraculix]

Hello, I use McAfee. Yesterday, I was browsing various websites in Windows Sandbox. Suddenly, McAfee issued a virus alert. McAfee prompted me to run a scan immediately. I didn't do this; instead, I closed the Sandbox and shut down my PC. Then I rebooted using Macrium Reflect and restored an older system image. I then ran a quick scan with McAfee, which found no viruses.

Now I'm wondering, how could McAfee find viruses in Windows Sandbox? The Sandbox is a self-contained system in which McAfee wasn't installed.

 

[Brahman]

Hello, I use McAfee. Yesterday, I was browsing various websites in Windows Sandbox. Suddenly, McAfee issued a virus alert. McAfee prompted me to run a scan immediately. I didn't do this; instead, I closed the Sandbox and shut down my PC. Then I rebooted using Macrium Reflect and restored an older system image. I then ran a quick scan with McAfee, which found no viruses.

Now I'm wondering, how could McAfee find viruses in Windows Sandbox? The Sandbox is a self-contained system in which McAfee wasn't installed.

Since you have restored a previous image, without even looking for what was in the quarantine folder, there is no point in thinking about it. No one can tell if it was a real threat or a false positive, you have destroyed all the evidence.

 

[Sorrento]

Unless you do the same thing again & see, from my point of view I can understand why restoring a known good image can be a good idea, but looking in quarantine would be helpful, again IMO I would 'never' attempt a cleanup after a virus I would restore a clean image, as a once infected system maybe? can't be trusted, but I have many images?

 

[Trident]

Talking about K. hum... I disagree in part, K. have also many generic signatures, that can detect different variants of malware, etc... K. also have an acceptable Heur detection. It is impossible to create and add a signature for all the new malware that appears daily, in addition to being nothing practical and unsustainable over time.

About PUP/PUA/Adware K. detection, it's true that they follow a very strict rule to add detections, in many cases due to not infringe legal matters.

Neither Kaspersky nor McAfee use signatures for every piece of malware. For that, Bitdefender, Avast and Avira are recommended. Kaspersky and McAfee are mostly based on heuristics, generic detections, static analysis/AI and so on.

 

[Miraculix]

Since you have restored a previous image, without even looking for what was in the quarantine folder, there is no point in thinking about it. No one can tell if it was a real threat or a false positive, you have destroyed all the evidence.

I wasn't concerned about what infection might have been present. I asked ChatGPT and Perflexity whether an AV program can look into the Windows Sandbox and detect viruses there. Both answered that this is not possible. To do this, the AV program would have to be installed in the sandbox. Nevertheless, in my case, McAfee responded to viruses in the Windows Sandbox. Can someone explain this contradiction?

 

[Divine_Barakah]

Since you have restored a previous image, without even looking for what was in the quarantine folder, there is no point in thinking about it. No one can tell if it was a real threat or a false positive, you have destroyed all the evidence.

It would be great if McAfee develops a central like BD's. That way you could view logs about the detections in your account.

 

[Brahman]

I wasn't concerned about what infection might have been present. I asked ChatGPT and Perflexity whether an AV program can look into the Windows Sandbox and detect viruses there. Both answered that this is not possible. To do this, the AV program would have to be installed in the sandbox. Nevertheless, in my case, McAfee responded to viruses in the Windows Sandbox. Can someone explain this contradiction?

How could you know for sure that the detection was from sandbox? You haven't looked what was quarantined. It can be a different file stored in your hard disc or some update component that some applications had downloaded in the process of auto updating.

 

[Miraculix]

How could you know for sure that the detection was from sandbox? You haven't looked what was quarantined. It can be a different file stored in your hard disc or some update component that some applications had downloaded in the process of auto updating.

Because that happened the moment I clicked on that damn porn site in the sandbox.

 

[Brahman]

Because that happened the moment I clicked on that damn porn site in the sandbox.

I don't use McAfee, so I am not sure that whether it filters out HTTPS traffic or not, if it could, it may be some ip address of a C&C server of a bad actor or some packet intercepted by the filtering component.

 

[RoboMan]

Hello, I use McAfee. Yesterday, I was browsing various websites in Windows Sandbox. Suddenly, McAfee issued a virus alert. McAfee prompted me to run a scan immediately. I didn't do this; instead, I closed the Sandbox and shut down my PC. Then I rebooted using Macrium Reflect and restored an older system image. I then ran a quick scan with McAfee, which found no viruses.

Now I'm wondering, how could McAfee find viruses in Windows Sandbox? The Sandbox is a self-contained system in which McAfee wasn't installed.

The host's AV can block an infected website being accessed inside the Windows Sandbox because this last shares the host's network stack and kernel-level network interception points.