App Review Kaspersky Security Cloud Free vs Ransominator (default settings)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Xenofon said:
As far as I know Kaspersky 2021 won't have TAM anymore. :)
Click to expand...
yes, fortunately, we can still make Kaspersky perform like TAM by changing 2 options in Application Control. Harlan showed it here. I can confirm it. It works exactly the same. Even with faster speed.
malwaretips.com

App Review - Avast Free (Hardened Mode) vs Ransominator

And it can be mimicked with the existing Application Control by setting unknown applications to 'Untrusted' There is anyway to create a rule for that or do i need to set unknown applications as 'Untrusted' individually. I couldn't find any way to create a rule that could set all unknow apps as...
malwaretips.com malwaretips.com
 
  • Like
  • Thanks
Reactions: Mercenary, Fel Grossi, toto_10 and 8 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
FWIW I just tried my TrojanZipperPOC against KTS2020 this morning.

KTS dynamically detected it as "PDM:Trojan.Win32.Generic", offered to disinfect and reboot. Unfortunately, in that process, it did not trigger a System Watcher Rollback. This process left about a third of the files encrypted but it stopped the rest. Overall an okay result. I believe this is still the same behavior that was previously seen when this test was done.

1588096685413.png
 
  • Like
  • +Reputation
  • Thanks
Reactions: Mercenary, Parsh, SeriousHoax and 10 others
M

miguelang611

Level 2
Apr 13, 2020
99
fabiobr said:
Thanks to application control custom rules, document files were protected in my test.

Advanced disinfection starts, restart the system and all things rolled back.

Cloud Detection:

View attachment 238190
Click to expand...
Hi!
Thanks for the info. May I knowh what are you settings for app control custom rules?
Sorry, if they're somewhere else, I didn't see them.
Personally I have a custom rule as harlan4096 suggest: whole C:\* with maximum restriction, just read allowed, just charges the KSN rules, doesn't allow if not known on KSN but digitally signed. Do you go even further?
Thanks!
 
  • Like
Reactions: Mercenary, Protomartyr and Gandalf_The_Grey
fabiobr

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
561
miguelang611 said:
Hi!
Thanks for the info. May I knowh what are you settings for app control custom rules?
Sorry, if they're somewhere else, I didn't see them.
Personally I have a custom rule as harlan4096 suggest: whole C:\* with maximum restriction, just read allowed, just charges the KSN rules, doesn't allow if not known on KSN but digitally signed. Do you go even further?
Thanks!
Click to expand...
The same, but only protect my important folders, not all C:\
 
  • Like
Reactions: Protomartyr, harlan4096, miguelang611 and 1 other person
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
fabiobr said:
Thanks to application control custom rules, document files were protected in my test.

Advanced disinfection starts, restart the system and all things rolled back.

Cloud Detection:

View attachment 238190
Click to expand...

After getting several of my samples blocked by KSN across my test and development machines, I did a bit of searching and found this:
www.kaspersky.com

Protection From A Cloud — What Is Kaspersky Security Network

The Internet allows malware to spread with lightning speed. We made our software capable of protecting you with the same impressive speed. See how it works.
www.kaspersky.com www.kaspersky.com

UDS = Urgent Detection System -- roughly put, if the behavior blocker finds suspicious behavior in an unknown binary, that gets reported back up to the cloud and it immediately results in a cloud signature blocking this for other clients too.

This leads to interesting behavior like when I try to test a custom-built malware sample in a VM and it triggers Kaspersky, often times it also results in my host development machine's Kaspersky removing the .EXE from the Build directory as well.

SONAR claims to do the same thing but I've never seen it react as quickly as KSN -- this is like 5 minutes from triggering KSW to having the EXE be blocked by other machines running Kaspersky on my network. As Kaspersky says:
Less than a minute after first threat detection, all KSN-connected computers are protected from it.
Click to expand...
 
  • Like
  • +Reputation
Reactions: roger_m, Gandalf_The_Grey, fabiobr and 6 others

Similar threads

Xeno1234
    • Like
    • +Reputation
    • Thanks
App Review Kaspersky Premium
Replies
12
Views
3,435
Written Reviews - Security and Privacy
rooney49
rooney49
Guilhermesene
    • Like
    • Applause
Hot Take [Tutorial] Update Kaspersky when starting the system automatically
Replies
9
Views
720
Kaspersky
Jonny Quest
Jonny Quest
RoboMan
    • Like
    • +Reputation
    • Applause
  • Sticky
Hot Take RoboMan's Kaspersky 2023 Light & Solid Settings
Replies
54
Views
7,249
Kaspersky
RoboMan
RoboMan

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top