Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
Kaspersky TAM and Application Control?
Message
<blockquote data-quote="XhenEd" data-source="post: 584255" data-attributes="member: 19498"><p>I would still say it is pure default-deny. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite115" alt=":p" title="Stick out tongue :p" loading="lazy" data-shortname=":p" /> It's just a matter of being restrictive or not too restrictive. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p><p></p><p> I think the term for TAM is "<em>not-too-restrictive</em> default-deny". It blocks <em>by default</em> (which by the way is what makes me believe it is default-deny), but it has a whitelist to allow programs. As what the Kaspersky TAM Whitepaper states, defualt-deny is blocking what is not explicitly allowed.</p><p></p><p>COMODO, for example, markets their products as default-deny solutions. But don't they have whitelist? Yes, they have. Even AppGuard in Lockdown mode, I believe, would be "default-allow" if I follow what Jeff believes (default-deny is to block all programs in User Space) because AppGuard in that mode still <em>allows, by default,</em> MS-signed applications to run. Even system space applications are <em>allowed by default</em> to run.</p><p></p><p>That's why I believe we only differ in our understanding of the term default-deny. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /> Some applications are default-deny, but are <em>not too restrictive</em>. Kaspersky's TAM falls into this. Some applications are default-deny, and are <em>very restrictive</em>. AppGuard's Lockdown mode falls into this.</p><p></p><p>Jeff believes that default-deny means always restrictive (no whitelist, if possible). But for me, default deny means blocking immediately any program, until it is allowed (by a whitelist or the user).</p></blockquote><p></p>
[QUOTE="XhenEd, post: 584255, member: 19498"] I would still say it is pure default-deny. :p It's just a matter of being restrictive or not too restrictive. :D I think the term for TAM is "[I]not-too-restrictive[/I] default-deny". It blocks [I]by default[/I] (which by the way is what makes me believe it is default-deny), but it has a whitelist to allow programs. As what the Kaspersky TAM Whitepaper states, defualt-deny is blocking what is not explicitly allowed. COMODO, for example, markets their products as default-deny solutions. But don't they have whitelist? Yes, they have. Even AppGuard in Lockdown mode, I believe, would be "default-allow" if I follow what Jeff believes (default-deny is to block all programs in User Space) because AppGuard in that mode still [I]allows, by default,[/I] MS-signed applications to run. Even system space applications are [I]allowed by default[/I] to run. That's why I believe we only differ in our understanding of the term default-deny. :D Some applications are default-deny, but are [I]not too restrictive[/I]. Kaspersky's TAM falls into this. Some applications are default-deny, and are [I]very restrictive[/I]. AppGuard's Lockdown mode falls into this. Jeff believes that default-deny means always restrictive (no whitelist, if possible). But for me, default deny means blocking immediately any program, until it is allowed (by a whitelist or the user). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
