"Kaspersky process"

[Venustus]

Had a look through "application control" settings interface,and noticed that the Kaspersky anti-virus process was automatically placed by kaspersky in the "low restricted" group.Is this normal?
I would have assumed that it should be in the "trusted group",being a kaspersky process!
Please advise.

 

[Exterminator]

I know that sometimes applications that are trusted are moved to low restricted.Since trusted programs can still become infected Kaspersky re-evaluates them instead of always considering them safe.I believe this is normal but have you tried changing it to trusted and then see if it is placed back into low restricted.

I used KIS for a long time and what happened to me was 3rd party programs I had trusted would end up in low restricted.Annoying as it might be it is normal

 

[Venustus]

I tried reseting the rule for the kav process and tried moving it to trusted,but kaspersky places it back to low restricted.
Thanks for the clarification, and I will assume then that this is normal.

Cheers!

 

[Exterminator]

By default these are the rules for low restricted

Interaction with programs

Low Restricted—everything is allowed except for building into operating system modules

Access to resources

Low Restricted—everything is allowed except for changing important system files (boot.ini, system.ini, autoexec.bat, executable files within the system directory, etc.)


I imagine you have nothing to worry about as this is normal

 

[Venustus]

Thank you!

 

[Nico@FMA]

By default these are the rules for low restricted

Interaction with programs

Low Restricted—everything is allowed except for building into operating system modules

Access to resources

Low Restricted—everything is allowed except for changing important system files (boot.ini, system.ini, autoexec.bat, executable files within the system directory, etc.)


I imagine you have nothing to worry about as this is normal

You are correct, KAV has a self defense module running along side the resident shield, to maintain the integrity of KAV itself.
Every process by KAY is constantly being checked and KAV has the ability to isolate problems and to repair them.
One should worry if these processes would be placed into the trusted zone, by KAV itself for the simple reason that it would mean that the Self Defense module is corrupted.
Because within the trusted zone ANY file can do whatever it chooses to do without interference of KAV.

 

[Venustus]

Makes sense,but i would have thought a kaspersky related process would automatically be "trusted".
Nevertheless I will accept the fact that this is normal, as you gentlemen have suggested

NB:Maybe it's that way by design, so that the process is not overly agressive thereby deleting critical system files??

 

[Nico@FMA]

Makes sense,but i would have thought a kaspersky related process would automatically be "trusted".
Nevertheless I will accept the fact that this is normal, as you gentlemen have suggested

NB:Maybe it's that way by design, so that the process is not overly aggressive thereby deleting critical system files??

Well the self defense module targets specifically KAV modules and internal files, to ensure 100% protection of the very KAV core itself.
And by doing so the resident shield can focus specific on "user" and system data.
So the aggressiveness of the SDF modules really does not affect resident protection modules.
Other then that i do not know how to explain.

 

[Venustus]

Well the self defense module targets specifically KAV modules and internal files, to ensure 100% protection of the very KAV core itself.
And by doing so the resident shield can focus specific on "user" and system data.
So the aggressiveness of the SDF modules really does not affect resident protection modules.
Other then that i do not know how to explain.

Thanks!