Kaspersky TAM and Application Control?

Divine_Barakah

Level 27
Verified
May 10, 2019
1,621
If TAM is enabled, what is the additional benefit from Trust in digitally signed files disabled?

I am using Koofr.eu cloud service. Their setup file is digitally signed but unknown to KSN. When "Trust Digitally Signed files" is checked, the setup executes normally. But, on the other hand, when "Trust Digitally Signed files" is unchecked, the setup is moved to "Untrusted" Group. Please note that I have applied the settings suggested by @Robbie.
I guess if a files is digitally signed but unknown to KSN it will be allowed to run "as it has a valid signature, so it will be trusted buy Kaspersyky" if "Trust Digitally Signed files" is checked. I see it as a good decision to unckeck that option.
 

Andy Ful

Level 70
Verified
Trusted
Content Creator
Dec 23, 2014
5,911
I guess if a files is digitally signed but unknown to KSN it will be allowed to run "as it has a valid signature, so it will be trusted buy Kaspersyky" if "Trust Digitally Signed files" is checked. I see it as a good decision to unckeck that option.
It is slightly safer, but also will increase the false positives rate. There is always a trade-off between security and usability. But it is a logical move when using TAM.
 

Divine_Barakah

Level 27
Verified
May 10, 2019
1,621
It is slightly safer, but also will increase the false positives rate. There is always a trade-off between security and usability. But it is a logical move when using TAM.

TAM is only enabled on my work PC as I don't usually install new stuff. But overall, I like TAM combined by Roboman's settings which I believe get the most out of Kaspersky.
 

shmu26

Level 85
Verified
Trusted
Content Creator
Jul 3, 2015
8,045
Thanks to @Andy Ful for the extensive research and explaining!

As regards Voodooshield + Kaspersky, IMO it depends a lot whether TAM is enabled.
If KIS is run at default settings, without TAM, then Voodooshield is adding protection, because Kaspersky Application Control at default settings is not as aggressive.
But if TAM is enabled , then Voodooshield becomes relatively superfluous.
The more Kaspersky is tweaked, the less Voodooshield has to offer.
 

Andy Ful

Level 70
Verified
Trusted
Content Creator
Dec 23, 2014
5,911
Thanks to @Andy Ful for the extensive research and explaining!

As regards Voodooshield + Kaspersky, IMO it depends a lot whether TAM is enabled.
If KIS is run at default settings, without TAM, then Voodooshield is adding protection, because Kaspersky Application Control at default settings is not as aggressive.
But if TAM is enabled , then Voodooshield becomes relatively superfluous.
The more Kaspersky is tweaked, the less Voodooshield has to offer.
My concern was not about security, but rather about system/software stability. The more 3rd party kernel drivers, the greater the chance that something unpleasant can happen.:(
 
Top