App Review Kaspersky Security Cloud Test

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
dabluez98 said:
Would cylancece necessarily have significcantly better chance at detecting unseen?
Click to expand...
There does not exist a commercial AV, available for ordinary people, which could have significantly better detection of never seen malware, than Kaspersky with tweaked Application Control. Sadly, Kaspersky Security Cloud (free version) has disabled Application Control.
The available solutions are based on similar techniques, used in Kaspersky (AI, Machine Learning, Cloud Sandbox, Big Data Analytics, HIPS, Exploit Prevention, and many more).
Most AVs have also special teams of experts (like Kaspersky Lab's GReAT) for discovering and analyzing cyber threats.
The above techniques can help to detect the malware. But, AV has to be also usable. So, it cannot apply very aggressive techniques, because of false positives.
All of this is similar to the Human Immune System. It can kill most patogens, but should not be too aggressive because of allergy issues. Some never seen viruses (or virus mutations) can be still dangerous to people.

Post edited/corrected thanks to harlan4096.
 
Last edited:
  • Like
  • Applause
  • +Reputation
Reactions: Cortex, Parsh, fabiobr and 6 others
For me it reiterates the most important anti-malware system there is: C:\ images & backups of every file you wouldn’t want to lose in a location other than a PC or on your network - I use external hard drives & I have four, maybe paranoid but I have an awful lot to lose on my PC's - 1 is better than nothing, ransomware then becomes a inconvenience rather than a tragedy, also hard drive failure can give exactly the same consequences as ransom.
 
  • Like
Reactions: Parsh, bribon77 and harlan4096
Andy Ful said:
There does not exist a commercial AV, available for ordinary people, which could have significantly better detection of never seen malware, than Kaspersky with tweaked Application Control. Sadly, Kaspersky Security Cloud (free version) has disabled Application Control.
The available solutions are based on similar techniques, used in Kaspersky (AI, Machine Learning, Cloud Sandbox, Big Data Analytics, HIPS, Exploit Prevention, and many more).
Most AVs have also special teams of experts (like Kaspersky Lab's GReAT) for discovering and analyzing cyber threats.
The above techniques can help to detect the malware. But, AV has to be also usable. So, it cannot apply very aggressive techniques, because of false positives.
All of this is similar to the Human Immune System. It can kill most patogens, but should not be too aggressive because of allergy issues. Some never seen viruses (or virus mutations) can be still dangerous to people.

Post edited/corrected thanks to harlan4096.
Click to expand...

Thank you, I really appreciate your thorough discussion of this - and I agree about the problems of false positives taking resources and creating problems...
I know it has been discussed before, but I guess the best guides for the optimal config of Kaspersky are in the Kasersky section under Anti-Virus?
 
  • Like
Reactions: Cortex, Andy Ful and harlan4096
I would say a mid point of both because i think i do have a backup of the most essential files, though not the 'lesser' essentials --> So, my life would not be over in case of a bad event. But yes mid point being pretty good security and good performance. So I'll look in the Kaspersky section then? I have Kaspersky anti-virus sub by the way, not internet security or total version. i don't really see a need for those, at least thus far, and in the future even.
 
  • Like
Reactions: Cortex and harlan4096
Sunshine-boy said:
@RoxasDev
you little devil:) how? what's wrong with trusted app mode? a Vulnerability? or what?buggy by design?
Click to expand...

I would say a "flaw" in the Trusted Application module.

I have it bypassed by certificate injection in my LaunchMe dropper & on my ransomware Kyrox and Kaspersky authorizes the launch.

I will contact Kaspersky to show them and possibly help them fix this :)
 
  • Like
  • Applause
Reactions: Vitali Ortzi, Mercenary, Divine_Barakah and 9 others
Thank you.
RoxasDev said:
I have it bypassed by certificate injection
Click to expand...
noob question sorry. what does that mean? you added a cert to windows trusted root certificates?? is it true? the only tool that alerts for such modification is 360 ts hips.
you are very helpful. keep up the good work : ) I will never pay for any av.imo ppl should pirate these kinds of software cuz they can't protect well
 
Sunshine-boy said:
Thank you.

noob question sorry. what does that mean? you added a cert to windows trusted root certificates?? is it true? the only tool that alerts for such modification is 360 ts hips.
you are very helpful. keep up the good work : ) I will never pay for any av.imo ppl should pirate these kinds of software cuz they can't protect well
Click to expand...

No, the antivirus does not trust Windows store usually him, COMODO for example does not trust Windows certificate stores because too dangerous, anyone or any program can add its signature as a valid signature.

I recovered and injected a signature of confidence as for example the signature of Avira and I injected it on my dropper and my ransomwar and Kaspersky authorizes the launch. ^^
 
  • Like
  • Applause
Reactions: boutthatlife, Andy Ful, harlan4096 and 1 other person
Is there another av that would've caught this?

I guess if u added the folder to protected mode in maspersky that would have precented?
 
Again, as I said before with Scorpion 3.1 test, probably disabling: Trusting digitally signed application setting in Application Control, would stop the attack, also if We tweak Unknown Applications to UnTrusted, would be enough. We all know that Kaspersky default settings can be weak against some types of attacks.
 
  • Like
Reactions: Daniel Hidalgo, Divine_Barakah, Nestor and 4 others

You may also like...