Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
Kaspersky TAM and Application Control?
Message
<blockquote data-quote="509322" data-source="post: 583660"><p>Application Control has changed from 2016 version.</p><p></p><p>Trusted Application Mode is not absolute default-deny. Programs can still be executed on the system based upon a local-cloud algorithm. Most of what can\cannot be executed is based upon the KSN lookup function. In short, TAM is restricted default-allow. The default restrictions are sufficient\insufficient based upon your point of view.</p><p></p><p>You can modify the default Low Restricted policies to much more strict.</p><p></p><p>Implicit in the way Kaspersky products work, if you don't want programs to be installed or run on the system, then don't download them and install\execute them. That's essentially implicit in any default-allow protection model. Default-allow is not going to protect a user 100 % - who is willing to gamble their system security by executing unknown\untrusted files on their system.</p><p></p><p>In KIS 2016, the user could define to which File Group an unknown\untrusted file would be assigned. For example, Untrusted. It was almost default-deny, except for digitally signed files.</p><p></p><p>In KIS 2017, the file is auto-assigned to a File Group based upon a local-cloud (KSN) algorithm.</p><p></p><p>The handling of scripts has changed as well. For example, powershell scripts (*.ps1) used to be blocked based upon configuration, but now they are not.</p><p></p><p>To stop KIS from auto-assigning files to groups - if I recall correctly, you can disable KSN cloud lookup - and assign files manually to file groups. You can ask [USER=36043]@harlan4096[/USER] to confirm, but disabling "Trust digitally signed files" and disabling KSN lookup can result in some unpleasant, unexpected behaviors.</p><p></p><p>Any known safe files that are assigned to Low or High Restricted file group should be moved to the Trusted group - otherwise, if the user disables "Make decisions automatically" (= interactive mode) - it will create a flurry of HIPS alerts for any Low Restricted group program upon execution.</p><p></p><p>Obviously, any know safe files that are assigned to the Untrusted group will be blocked - and the user will need to assign to a group with execution rights. If you know it is safe, then add it to Trusted.</p></blockquote><p></p>
[QUOTE="509322, post: 583660"] Application Control has changed from 2016 version. Trusted Application Mode is not absolute default-deny. Programs can still be executed on the system based upon a local-cloud algorithm. Most of what can\cannot be executed is based upon the KSN lookup function. In short, TAM is restricted default-allow. The default restrictions are sufficient\insufficient based upon your point of view. You can modify the default Low Restricted policies to much more strict. Implicit in the way Kaspersky products work, if you don't want programs to be installed or run on the system, then don't download them and install\execute them. That's essentially implicit in any default-allow protection model. Default-allow is not going to protect a user 100 % - who is willing to gamble their system security by executing unknown\untrusted files on their system. In KIS 2016, the user could define to which File Group an unknown\untrusted file would be assigned. For example, Untrusted. It was almost default-deny, except for digitally signed files. In KIS 2017, the file is auto-assigned to a File Group based upon a local-cloud (KSN) algorithm. The handling of scripts has changed as well. For example, powershell scripts (*.ps1) used to be blocked based upon configuration, but now they are not. To stop KIS from auto-assigning files to groups - if I recall correctly, you can disable KSN cloud lookup - and assign files manually to file groups. You can ask [USER=36043]@harlan4096[/USER] to confirm, but disabling "Trust digitally signed files" and disabling KSN lookup can result in some unpleasant, unexpected behaviors. Any known safe files that are assigned to Low or High Restricted file group should be moved to the Trusted group - otherwise, if the user disables "Make decisions automatically" (= interactive mode) - it will create a flurry of HIPS alerts for any Low Restricted group program upon execution. Obviously, any know safe files that are assigned to the Untrusted group will be blocked - and the user will need to assign to a group with execution rights. If you know it is safe, then add it to Trusted. [/QUOTE]
Insert quotes…
Verification
Post reply
Top