Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
Kaspersky TAM and Application Control?
Message
<blockquote data-quote="Andy Ful" data-source="post: 820072" data-attributes="member: 32260"><p>We can call TAM as a smart Default Deny (similarly to H_C). To avoid false positives TAM uses:</p><ol> <li data-xf-list-type="ol">'Dynamic Whitelisting'.</li> <li data-xf-list-type="ol">'Trusted chain' of an application.</li> <li data-xf-list-type="ol">‘Security corridor’ system to control individual applications (kind of anti-exploit).</li> </ol><p>It looks like TAM is based on similar reputation techniques as Windows SmartScreen with addition of ASR and Windows Exploit Guard. Yet, the rules for the vulnerable applications are predefined by Kaspersky and TAM is real-time (SmartScreen is on demand and only support files downloaded from the Internet).</p><p></p><p><strong>Dynamic Whitelistin</strong>g is the main protection component based on the Default Deny method. Essentially, it is an extensive and constantly updated knowledge base of existing applications. The database contains information on about one billion unique files, covering the overwhelming majority of popular applications, such as office packages, browsers, image viewers etc.</p><p></p><p><strong>Trusted chain</strong> is a set of mechanisms that confirm or refute the legitimacy of an application based on certain characteristics, such as its compliance with application trust inheritance rules, the authenticity of the file’s digital signature and whether the file was downloaded from a trusted source.</p><p></p><p><span style="color: rgb(0, 168, 133)"><strong>For example:</strong></span></p><ul> <li data-xf-list-type="ul"><span style="color: rgb(0, 168, 133)"><strong> if an application was created and launched by a trusted program, it is regarded as trusted.</strong></span></li> <li data-xf-list-type="ul"><span style="color: rgb(0, 168, 133)"><strong>The new version of the trusted application is considered trusted if it is digitally signed with a reputable digital signature. The compromised signatures are immediately removed from the database, even if the OS still regards them as trusted. </strong></span></li> <li data-xf-list-type="ul"><span style="color: rgb(0, 168, 133)"><strong>If the domain of the website from the application was downloaded is on the list of trusted domains (in most cases, these are domains of well-known software vendors), the object being downloaded is also deemed legitimate. </strong></span></li> </ul><p><strong>Security corridor.</strong></p><p>It applies several protection mechanisms that monitor the operation of potentially vulnerable applications (document editors, web browsers, etc.) allowing only those operations which were implemented by the applications’ developers, making it virtually impossible to exploit vulnerabilities in these applications. In simpler words, Kaspersky Lab technologies are fully ‘aware’ of what a program should or shouldn’t do, making it operate in a kind of ‘secure corridor’, performing only a restricted range of functions.</p><p></p><p>[URL unfurl="true"]https://media.kaspersky.com/pdf/kaspersky_lab_whitepaper_trusted_applications_mode.pdf[/URL]</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 820072, member: 32260"] We can call TAM as a smart Default Deny (similarly to H_C). To avoid false positives TAM uses: [LIST=1] [*]'Dynamic Whitelisting'. [*]'Trusted chain' of an application. [*]‘Security corridor’ system to control individual applications (kind of anti-exploit). [/LIST] It looks like TAM is based on similar reputation techniques as Windows SmartScreen with addition of ASR and Windows Exploit Guard. Yet, the rules for the vulnerable applications are predefined by Kaspersky and TAM is real-time (SmartScreen is on demand and only support files downloaded from the Internet). [B]Dynamic Whitelistin[/B]g is the main protection component based on the Default Deny method. Essentially, it is an extensive and constantly updated knowledge base of existing applications. The database contains information on about one billion unique files, covering the overwhelming majority of popular applications, such as office packages, browsers, image viewers etc. [B]Trusted chain[/B] is a set of mechanisms that confirm or refute the legitimacy of an application based on certain characteristics, such as its compliance with application trust inheritance rules, the authenticity of the file’s digital signature and whether the file was downloaded from a trusted source. [COLOR=rgb(0, 168, 133)][B]For example:[/B][/COLOR] [LIST] [*][COLOR=rgb(0, 168, 133)][B] if an application was created and launched by a trusted program, it is regarded as trusted.[/B][/COLOR] [*][COLOR=rgb(0, 168, 133)][B]The new version of the trusted application is considered trusted if it is digitally signed with a reputable digital signature. The compromised signatures are immediately removed from the database, even if the OS still regards them as trusted. [/B][/COLOR] [*][COLOR=rgb(0, 168, 133)][B]If the domain of the website from the application was downloaded is on the list of trusted domains (in most cases, these are domains of well-known software vendors), the object being downloaded is also deemed legitimate. [/B][/COLOR] [/LIST] [B]Security corridor.[/B] It applies several protection mechanisms that monitor the operation of potentially vulnerable applications (document editors, web browsers, etc.) allowing only those operations which were implemented by the applications’ developers, making it virtually impossible to exploit vulnerabilities in these applications. In simpler words, Kaspersky Lab technologies are fully ‘aware’ of what a program should or shouldn’t do, making it operate in a kind of ‘secure corridor’, performing only a restricted range of functions. [URL unfurl="true"]https://media.kaspersky.com/pdf/kaspersky_lab_whitepaper_trusted_applications_mode.pdf[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
