The Cog in the Machine

Level 21
Verified
If TAM is enabled, what is the additional benefit from Trust in digitally signed files disabled?
I am using Koofr.eu cloud service. Their setup file is digitally signed but unknown to KSN. When "Trust Digitally Signed files" is checked, the setup executes normally. But, on the other hand, when "Trust Digitally Signed files" is unchecked, the setup is moved to "Untrusted" Group. Please note that I have applied the settings suggested by @Robbie.
I guess if a files is digitally signed but unknown to KSN it will be allowed to run "as it has a valid signature, so it will be trusted buy Kaspersyky" if "Trust Digitally Signed files" is checked. I see it as a good decision to unckeck that option.
 

Andy Ful

Level 59
Verified
Trusted
Content Creator
I guess if a files is digitally signed but unknown to KSN it will be allowed to run "as it has a valid signature, so it will be trusted buy Kaspersyky" if "Trust Digitally Signed files" is checked. I see it as a good decision to unckeck that option.
It is slightly safer, but also will increase the false positives rate. There is always a trade-off between security and usability. But it is a logical move when using TAM.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Thanks to @Andy Ful for the extensive research and explaining!

As regards Voodooshield + Kaspersky, IMO it depends a lot whether TAM is enabled.
If KIS is run at default settings, without TAM, then Voodooshield is adding protection, because Kaspersky Application Control at default settings is not as aggressive.
But if TAM is enabled , then Voodooshield becomes relatively superfluous.
The more Kaspersky is tweaked, the less Voodooshield has to offer.
 

Andy Ful

Level 59
Verified
Trusted
Content Creator
Thanks to @Andy Ful for the extensive research and explaining!

As regards Voodooshield + Kaspersky, IMO it depends a lot whether TAM is enabled.
If KIS is run at default settings, without TAM, then Voodooshield is adding protection, because Kaspersky Application Control at default settings is not as aggressive.
But if TAM is enabled , then Voodooshield becomes relatively superfluous.
The more Kaspersky is tweaked, the less Voodooshield has to offer.
My concern was not about security, but rather about system/software stability. The more 3rd party kernel drivers, the greater the chance that something unpleasant can happen.:(
 
Top