App Review Kaspersky Total Security Boot Time Protection

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
D

Deleted member 2913

Are they any Kaspersky Endpoint Security 10 for Windows limitations on Win 10 64 or fully functional?

I have installed on Win 10 64 Home Edition, officially Win 10 Pro & others are supported but Win 10 Home is not mentioned.

The installer didn't gave any error/warning on install on Win 10 64 Home & KES is working fine.

Any other comments from experts?
 
  • Like
Reactions: Der.Reisende
H

hjlbx

So, Fabian basically says these tests are worthless and cruelsister would not respond to his requests, is he correct (I'm confused) I think I side with cruelsister and has done an excellent job showing why boot-time security is required. At present we do not know what malware is around the corner, what happens if it does become a major problem?

Fabian's point is that boot time protection can be "trivially" bypassed by judicious registering of a malware service.

I'm not sure about the other stuff in the post.

Boot time protection - like all security softs - is not perfect protection.
 

Moose

Level 22
Jun 14, 2011
2,271
Salutations/Greetings!!!

All comments are helping us to learn, how better better protect our PC's.
In which, I deeply appreicate, so everyone keep them coming. I am looking
forward to reading the different posts very soon.

Kind regards,
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
As always; no matter how matured is the product, when flaws that suppose to be improve didn't take professionally. Kaspersky's protection may superb but its complications sometimes cause drawbacks besides that detection may result to little downfall.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Are they any Kaspersky Endpoint Security 10 for Windows limitations on Win 10 64 or fully functional?

I have installed on Win 10 64 Home Edition, officially Win 10 Pro & others are supported but Win 10 Home is not mentioned.

The installer didn't gave any error/warning on install on Win 10 64 Home & KES is working fine.

Any other comments from experts?
I think there would not be any problem with that... but since KES10 is a corporate oriented product and W10 Home is for home products, just this...
 
H

hjlbx

So no protection limitation on Win 10 64?

There are some limitations to Kaspersky HIPS on 64 bit systems due to Microsoft Patch Guard.

However, they have circumvented a few in the 2016 Home version products; not sure about KES 2016.

You can read about it in the KIS or KES 2016 User's Manual.

It's nothing really to fret over. Other vendors have the same problem because of Patch Guard. Their solution is not to monitor things that cannot be hooked on 64 bit systems - like service installations.

So, bottom line is, Kaspersky is at same level, or better than, most any other security suite that includes HIPS.

Actually, Kaspersky HIPS monitors many more items than typical HIPS - like COMODO's or ESET's; it is more on par with Defense Wall and Malware Defender.

As you know, COMODO has Enhanced Protection Mode for 64 bit systems - but - technical infos are virtually non-existent. All we have is COMODO's assurances that it works as intended - which is not very reassuring.
 
D

Deleted member 2913

harlan & hjlbx,

I found the limitations of KES 10 for Windows on Kas website.
Most of the limitations are not relevant to me as they are related to Web Control, Encryption, etc... those I have not installed.

I need your help to know if the following are serious protection limitations as those are related to the modules I have installed -

Firewall -
Filtering packets / connections by local addresses, physical interface, and TTL is supported in the following cases:
  • by local address for outgoing packets / connections in applications rules (for TCP and UDP) and packet rules;
  • by local address for incoming packets / connections (except for UDP) in blocking rules of apps and packet rules;
  • by packet TTL in blocking packet rules for incoming / outgoing packets;
  • by network interface for incoming and outgoing packets / connections in packet rules.
Other -
If during scanning of the drive a threat has been detected inside the container which cannot be disinfected by the product, the container will appear in the list of unprocessed files. The object is not moved to the software backup storage from its initial location in the file system. It will be detected at the next scan. The object must be removed manually. At the next scan, the object will be moved from the list of unprocessed files to the list of disinfected objects. The list of the types of containers which can be disinfected by the product, is available in documentation.
 
  • Like
Reactions: Der.Reisende
H

hjlbx

harlan & hjlbx,

I found the limitations of KES 10 for Windows on Kas website.
Most of the limitations are not relevant to me as they are related to Web Control, Encryption, etc... those I have not installed.

I need your help to know if the following are serious protection limitations as those are related to the modules I have installed -

Firewall -
Filtering packets / connections by local addresses, physical interface, and TTL is supported in the following cases:
  • by local address for outgoing packets / connections in applications rules (for TCP and UDP) and packet rules;
  • by local address for incoming packets / connections (except for UDP) in blocking rules of apps and packet rules;
  • by packet TTL in blocking packet rules for incoming / outgoing packets;
  • by network interface for incoming and outgoing packets / connections in packet rules.
Other -
If during scanning of the drive a threat has been detected inside the container which cannot be disinfected by the product, the container will appear in the list of unprocessed files. The object is not moved to the software backup storage from its initial location in the file system. It will be detected at the next scan. The object must be removed manually. At the next scan, the object will be moved from the list of unprocessed files to the list of disinfected objects. The list of the types of containers which can be disinfected by the product, is available in documentation.

Firewall looks OK.

Removal of malware in container is no problem; it can be done manually.
 
H

hjlbx

Whats the "container" here means?

In some Enterprise solutions, admin can create "containers" for servers and workstations.

I don't know much about creating container in KES - whether it is done manually or automatically.

Besides, since you will be using it on home system it might not be necessary to worry about it; research it further in KES 10 documentation.
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Fabian's point is that boot time protection can be "trivially" bypassed by judicious registering of a malware service.

It's actually a meaningless point as some AV's have no issue in stopping my malware, so obviously it is not a universal flaw for all AV products (if it was, the entire Boot Time series would be without value). And as to registering malware as a Service, Dr Web has a setting to alert to new services, so we'll see how that goes tomorrow.
 
H

hjlbx

It's actually a meaningless point as some AV's have no issue in stopping my malware, so obviously it is not a universal flaw for all AV products (if it was, the entire Boot Time series would be without value). And as to registering malware as a Service, Dr Web has a setting to alert to new services, so we'll see how that goes tomorrow.

I agree with you.

I think just because something can be "trivially" bypassed does not mean it is a completely worthless feature - obviously - since boot time protection does, indeed, detect malware.

Most suites now monitor for the installation of services and drivers. Whether or not they can effectively detect such things depends upon the solution the vendor has come up with - since Patch Guard prevents kernel modifications (hooking).

My comment was not meant as some kind of criticism of your work...
 
Last edited by a moderator:
  • Like
Reactions: Der.Reisende

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
I read a good post by one of the Kaspersky mods about his views on these limitations and regarding "patch guard":
Hello,

For now, There are two way that KIS can improve its hooks for system kenrel core.

One of that is Antimalware Scan Interface provided from microsoft. But this technology isn't suitable for hips or sw.
Two, CPU virtualization technology for Intel or AMD, it has some compatibility and imitation issues to VMWare, Virutalbox etc which also use this technology. You can not use them on the same time.
Third, copy nt.dll API to bypass Windows 10 security limits learn from Symentec. It is a bad way to hook, BSOD problem will happen when microsoft change some API Structure or some other way.
Forth, Just like malware use the operating system vulnerabilities to access the kernel. I think Kaspersky Lab doesn't do that although they may know how to do.

This limit for all AV manufacturers, is not just Kaspersky problem. Kaspersky Lab is just honest to tell you that their products have received some functional limitations on the operating system because of new security features .

I hope this information can help you understand.

Best regards
Windows 10 + KIS 2016, Limitations on Windows 10 - Kaspersky Lab Forum
 

Moose

Level 22
Jun 14, 2011
2,271
Salutations/Greetings!

Which Antivirus would you use below?

Winner's of the Boot Time Protection so far are as follow:


> AVG
> BitDefender Free Edition
> Comodo Firewall
> ESET
> Qihoo 360 Total

if, I am wrong, please! correct me? Also, Dr. Web was unsuccessful in achieving Boot Time Protection.:(
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top