User Feedback Kaspersky Total Security/Kaspersky Cloud Security Free

Software
Kaspersky Total Security 21.2
Installation
5.00 star(s)
Installation Feedback
Installs via Live installer with few clicks. Detects incompatible software and suggests to remove it, though it is not mandatory that you do so.
Interface (UI)
5.00 star(s)
Interface Feedback
See bellow
Usability
5.00 star(s)
Usability Feedback
See bellow
Performance and System Impact
5.00 star(s)
Performance and System Impact Feedback
See bellow
Protection
5.00 star(s)
Protection Feedback
See bellow
Real-time file system protection
5.00 star(s)
Internet Surf protection
5.00 star(s)
Network protection
5.00 star(s)
Pros
  1. Lots of great features
  2. Low impact on system resources
  3. Highly configurable
  4. Easy to use
  5. Simple and non-intrusive
  6. Ransomware protection
  7. Strong and reliable protection
  8. Blocks even brand new malware
  9. Consistently high test scores
  10. Accurate and reliable antivirus engine
  11. Effective malicious URL blocking
  12. Great value
  13. Effective malware removal
  14. Well designed, clear interface
  15. Multiple layers of protection
Cons
  1. Includes links to paid-for components
Software installed on computer
Less than 30 days
Computer specs
See configuration for details
Recommended for
  1. All types of users
Overall Rating
5.00 star(s)
Disclaimer
  1. Any views or opinions expressed are that of the member giving the information and may be subjective.
    This software may behave differently on your device.

    We encourage you to compare these opinions with others and take informed decisions on what security products to use.
    Before buying a product you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

McMcbrad

Level 23
Oct 16, 2020
1,252
1608741435135.png


Kaspersky protection is centred around the HuMachine concept. More on that can be learned here:
The results I saw on my Kaspersky tests can't be matched with any other vendor.
Kaspersky Total Security includes the powerful module Application Control.
Depending on the configuration, this module can provide:
  • Default-deny protection against executables, java apps, scripts and installers.
  • Ransomware protection
  • Credentials stealing/exfiltration protection.
The component can be set to place all previously unseen files in "untrusted" group, which by default has startup blocked.

This is the default configuration:
1608732860015.png


And that's how it should be to activate deny-by-default approach.
1608732906524.png


This approach perfect for average users and happy clickers and is guaranteed to block all threats affecting home users environment.

If this approach is not for you due to risk of false positives (though I didn't see many), additional folders can be added as protected resources.
Some suggestions of how it can be configured:
  • A group named "Sensitive Data" can be created under "Manage Resources". This can be set to block reading, writing, creating and deletion of files from apps placed in Low Restricted, High Restricted and Untrusted group. This will protect sensitive data from sensitive files exfiltration. The setup should look like bellow:
1608733350046.png

  • A group named "Browser Repositories" might be created. Browser repositories are located in %userprofile%\appdata\local\<BrowserName>. E.g C:\users\kikimora\AppData\Local\Microsoft Edge. This group can have the same settings, as access is only necessary through the browser executable, which is signed and will always be trusted. Low Restricted, High Restricted and Untrusted can be blocked from access completely. This will prevent browser history, cookies and credentials stealing.
  • A group named "Ransomware Protected" might be created. Here you can place folders that contain photos, documents and other files that are not that sensitive, but their integrity is crucial. I personally would keep the same setup as above as it's the most secure, but depending on the apps you work with, you might need to tweak that. For example, you might allow Low-Restricted processes to read data, without being able to write, delete or create. This still prevents ransomware from working properly.
There is no universal setup that would fit all users, due to the differences in apps used, so you might experiment and see what works best for you. The above setup provides extra high security without fully restricting unverified apps from running.

Threats can inject code in other processes space. This way, it will look like a very trusted app is trying to access crucial information.
Fortunately, Kaspersky is configured to issue a prompt when not-so-trusted application tries to perform this action. Advanced users can still send untrusted code to "Low Restricted" group and answer the prompts in an informed way.
If you are a user of Kaspersky Security Cloud Free, which doesn't include Application Control or the whole concept just doesn't fit your preferences for any reason, there are many other layers of protection, which have all proven to be very effective.

The methodology of the test is as with other reviews:

To conclude how good protection is, I test a product continuously for 14 days.
To perform the test I use samples and links collected from several sources, such as any.run, hybrid analyses, malwarebazaar and others. I have several emails that have been breached and registered in not-so-trustworthy websites, so these receive a vast amount of phishing emails. I analyse relations on VirusTotal and discover more and more malware, and links.

Every day the test includes:
  • 5 Phishing Links
  • 5 Malicious Links
  • 5 Malware Executables (*.exe files)
  • 5 Malicious Word/Excel Documents
  • 5 Scripts that abuse Windows processes
  • 5 Loaders that rely on PowerShell. I do not download these, but rather copy and paste the code into PowerShell.
  • Few Java malware files (*.jar)

I do not handpick links, but I specifically choose samples that are more difficult to detect (evasive, compressed, packed etc.). It's not necessary for these samples to be 0-days, but they should be prevalent.
Test has 2 outcomes - success (everything blocked) or failure (something has been missed)
A product must block everything to be successful.
It's not necessary for the malware sample to be deleted - for example blocking a loader from downloading any additional files is good enough.
At the end I use Hitman Pro, Norton Power Eraser and RogueKiller, as well as various utilities such as Process Explorer to establish whether everything has been blocked (when behavioural blocker has been involved.
In case of ransomware, products that support Secure Folders should keep the selected folders unencrypted.
I discard PUPs from the test, due to the fact that different vendors have different understanding of what's PUP. I consider misleading applications a form of malware.

As a last stage of the test I usually register a service, a scheduled task and auto-run pointing to a malware sample and containing malicious PowerShell code. I perform a scan and then check whether everything has been removed.

From time to time I can come up with other tests. These will be discussed in separate threads.

I increased Kaspersky's heuristic sensitivity to MAX level, as this is a cloud-reputation enhanced product with a large user base and can't produce too many false positives. In the same time, highest level of protection will detect packing, obfuscation and other methods used to evade detection.

Kaspersky Total Security is only product that blocked all malware I could find and download, including scripts, ransomware, fileless credential stealers. Phishing protection was impressive with only one link from my email inbox being missed. What's interesting here is that Kaspersky also employs a database of remote access software websites, such as helpme(.)net. These websites are not malicious, but scammers use them to trick victims into downloading remote control software, which is then used to convince the victim that problems exist and payment to fix them is needed.
Elderly people are especially vulnerable to this whole scheme and this protection is an absolute must. I am not aware of any other product besides Malwarebytes Browser Guard and McAfee Web Advisor that blocks/warns against these websites. Kaspersky's Web Antivirus features various heuristics that block scam-webpages boosted with hijacking and locking capabilities. I couldn't find a page with undetected script and this largely due to scammers using years-old Java Scripts.

1608735422565.png


In case you are not using Application Control and all methods of detection have failed (very unlikely), there is another layer of defence that rolls-back actions in a time-machine sort of way.
I tested Kaspersky System Watcher against 4 different C++ custom ransomware(s) that I have created. I turned Application Control off, as it automatically restricts them.
System Watcher was able to block all 4 of them and roll-back the encryption of my files. It was very difficult to test it against already available commercial ransomware, as it always triggers one sort of heuristic detection or another.
System Watcher is very aggressive towards programs and scripts that initiate connections to known C&C servers and starts removal/termination immediately. It starts removal immediately if a program downloads/drops a file that is detected by standard antivirus or behavioural blocking. This was proven when I tested the products with the fileless Tesla scripts.

That being said, Kaspersky's removal is also best I've seen. I disabled Kaspersky entirely and executed threats already pre-analysed in sandbox, whose files and registry entries were known. As soon as Kaspersky was enabled, removal of all registry entries, files, folders and scheduled tasks was initiated. To further test the removal, I set a custom ransomware to also create a folder AppData\BrowserServiceHost and then register this as a service and scheduled task and create a shortcut to this file on the desktop. All actions were undone.

Due to Kaspersky's heuristics, reputation detection, advanced malware removal and spotless behavioural blocker with rollback abilities, this product deserves the highest score in protection.
Nobody likes to wait and great protection that comes with an unneglectable performance hit is bound to be uninstalled/disabled.
Kaspersky however is light and all system activities feel speedy and smooth.

During Idle:
1608737166744.png


During Scan:
1608737203986.png

During browsing it goes up to 4%, which is tolerable.

Kaspersky settings can be further tweaked to increase performance, though this is not recommended.
One of the most notable features is Kaspersky's ability to block ads, trackers and other annoyances.
1608737587910.png


Webcam Protection is a spin-off of application control and blocks untrusted apps from engaging in spyware activities. Webcam Protection can never be fully implemented in any product and using NJRAT and Orcus server I was able to bypass it, once the RAT is running. However, these are very well blocked by every layer of defence and this feature borders with gimmicky.

Safe Money is Kaspersky's secure browser where online shopping and banking activities are to be carried out, away of suspicious extensions and process hooks.
1608737804069.png


Even for standard browser processes, Kaspersky Total Security provides effective keylogging protection.
1608737985474.png

More about this feature can be learned here:

Backup and restore module is included and supports various cloud-storage spaces, specially if the service has a user agent with drive mount capabilities.
1608738193463.png
1608738221028.png


Since the product can protect against ransomware but can't stop HDD/SSD failure, usage of this feature is highly recommended.

Software Updater, Encryption Vaults, Vulnerability Scan and File Shredder are all included for users who need them.

Network monitor might be useful to for advanced users to track what's going on with their apps and system.
1608738382945.png

Network Attack Blocker is also included to block common vulnerabilities from being exploited, though I didn't manage to trigger this feature.

Very detailed reports on every activity are generated and stored and can be accessed by clicking on Tools -> Reports.
1608738511316.png


Password Manager and VPN are included as well, though VPN is very limited (200 MB/day) and serves more for marketing than anything else. It might be enough to carry out one quick banking or shopping session.
Kaspersky's alerts are unobtrusive and infrequent (if standard trial nags are not counted).
One thing I disliked it is that malware removal generates an individual alert for each deleted object. E.g Heur:Trojan.Agent has created 10 files and 10 registry entries - Kaspersky will in that case display 20 "Object Deleted" alerts + prompts whether or not it should reboot the system. This might case panic in individual users, but given the product's high prevention abilities, they may never see this sort of alert.

That behaviour aside, the product will hardly ever be noticed or in a need of a user interaction.
After all my tests an reviews of last year's products, I am ready to give some of them an improvised award.

The first category is Best Free Protection.

Awarded are:

1. Microsoft Defender + ASR rules
This configuration not only provides free protection with no alerts and nags, but also features very effective behavioural-based/ML detection, quick reaction to new threats and reduces the attack surface to a minimum (in a home environment). It can easily be coupled with tools such as Malwarebytes Browser Guard or Bitdefender TrafficLight to reduce exposure to phishing and other malicious URLs.
The ASR rules can be enabled via @Andy Ful Configure_Defender.

2. Kaspersky Security Cloud Free

Kaspersky Security Cloud Free provides excellent protection at no cost and is quiet, with no alerts and nags. Though attack surface reduction is not available, effective detection and web antivirus will be sufficient to most users. Quick reaction time to new threats, large user and cloud base and vast amount of innovation behind every layer of defence make this product an excellent choice.

3. AVG Antivirus Free

The free AVG antivirus includes effective Web-Blocker (Web Shield), ransomware protection shield, Cyber-Capture and hardened mode to protect against unknown executables. However, the product displays more alerts than usual and this makes Microsoft Defender, and Kaspersky Security Cloud Free a much better choice.

Second category is Best Paid Protection:

Awards go to:

1. Kaspersky Internet/Total Security or Kaspersky Security Cloud
Kaspersky offers an unmatched level of protection coupled with high performance and ease-of-use. No area has been overlooked/over-developed on the account of others and this makes Kaspersky the perfect all-rounder.
Overall Rating: 5/5

2. AVG Internet Security

Together with the high detection already included in the free version, Internet Security features Password Protection Shield, Remote Connection Shield, Webcam Shield and Fake Wesbites Shield.
Though some of these are gimmicky, others like Password Protection and Sensitive Data protection can reduce the risk of exfiltration in the event of malware evading other layers. Very effective behavioural blocking, quick reaction time and above-average scripting protection render this product sufficient to protect a home user.
Overall Rating: 4/5

3. Bitdefender Total Security

The product shines with great performance and protection and large array of features. However, slower reaction to new threats than the other two opponents + hit and miss performance of ransomware remediation, place this product last with the lowest rating.
Overall Rating: 3.5/5

Most Progressive & Loved for 2020:


1. F-Secure Safe
No bloatware, no hassle, huge improvements in performance area and privacy consciousness ensure this product the first place in this category.

2. ESET Smart Security

This is another product with no bloatware, great web-filtering , light on system resources. Effective signatures and machine learning keep ESET tough on threats and easy on users.

3. Trend Micro Maximum Security

Not too popular amongst users, but Trend Micro has greatly improved the performance of their products in the 2021 edition. The product is very easy to use, rarely shows any alerts and when it does, they don't require an action. There are not too many features that divert from the main purpose of protecting Confidentiality, Integrity and Availability of data and Web-Protection is highly-effective.
 
Last edited:

McMcbrad

Level 23
Oct 16, 2020
1,252
Very Nice! When Trend Micro?
The observation of improved performance is based on a comparison of version 16.xx against 17.xx.
It's clear that changes to the code are made, as new services are introduced (they've probably moved code to improve stability and performance) and the overall impact is a lot lower than what it was. The system feels fast and responsive, which is a very different experience from before.
 

Protomartyr

Level 7
Verified
Sep 23, 2019
325
Another great detailed and comprehensive review! Always a pleasure reading your content.

I'm curious to see how WiseVector would rank under your Best Free Protection category. It's not a comprehensive solution like KSCF or AVG and would need to be paired with some sort of network protection like you suggest with Defender. However, it has been doing a phenomenal job in malware tests that I've seen and has been well received by folks here at MalwareTips and also on Wilders.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Another great detailed and comprehensive review! Always a pleasure reading your content.

I'm curious to see how WiseVector would rank under your Best Free Protection category. It's not a comprehensive solution like KSCF or AVG and would need to be paired with some sort of network protection like you suggest with Defender. However, it has been doing a phenomenal job in malware tests that I've seen and has been well received by folks here at MalwareTips and also on Wilders.
I've only tested it 2-3 times on request by @Nightwalker and it has performed well, but more tests will be needed. I saw that now they have included Ransomware Protection rollback... it might be interesting to test in the upcoming 2021. :)
 

tipo

Level 6
Jul 26, 2012
286
you are our AntiMalwarePedia! thanks for the hard work and the time spent into testing and reviewing the security products on the market today.
you should create a new thread with the "Bonus Content"- INTERNET SECURITY AWARDS of 2020.
 

MacDefender

Level 14
Verified
Oct 13, 2019
639
Great review and I agree this matches almost of the experiences I’ve had with Kaspersky. It really is hard to find a flaw with the protection it offers. Every module does its job as well as the next competing option and for a total security suite it is not missing any functionality.

FWIW if I were to pick a negative it would be privacy. I made a thread about this earlier but the privacy policy for opting into KSN submits a pretty eye opening amount of telemetry, not just executable files but also metadata around full path lengths of system activity, process list, etc etc etc. If you care about privacy I would recommend opting out of KSN. In our testing we found that even when opted out, you still are a read only KSN participant and still get UDS detections.

Most other anti viruses also have this kind of functionality but their privacy policies generally spell out a much smaller set of data that they collect.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Great review and I agree this matches almost of the experiences I’ve had with Kaspersky. It really is hard to find a flaw with the protection it offers. Every module does its job as well as the next competing option and for a total security suite it is not missing any functionality.

FWIW if I were to pick a negative it would be privacy. I made a thread about this earlier but the privacy policy for opting into KSN submits a pretty eye opening amount of telemetry, not just executable files but also metadata around full path lengths of system activity, process list, etc etc etc. If you care about privacy I would recommend opting out of KSN. In our testing we found that even when opted out, you still are a read only KSN participant and still get UDS detections.

Most other anti viruses also have this kind of functionality but their privacy policies generally spell out a much smaller set of data that they collect.
I normally don’t read these as I believe they all collect standard amount of telemetry, but it’s good you have mentioned that. Users can make an informed choice.
 

Minimalist

Level 4
Oct 2, 2020
197
Great review and I agree this matches almost of the experiences I’ve had with Kaspersky. It really is hard to find a flaw with the protection it offers. Every module does its job as well as the next competing option and for a total security suite it is not missing any functionality.

FWIW if I were to pick a negative it would be privacy. I made a thread about this earlier but the privacy policy for opting into KSN submits a pretty eye opening amount of telemetry, not just executable files but also metadata around full path lengths of system activity, process list, etc etc etc. If you care about privacy I would recommend opting out of KSN. In our testing we found that even when opted out, you still are a read only KSN participant and still get UDS detections.

Most other anti viruses also have this kind of functionality but their privacy policies generally spell out a much smaller set of data that they collect.
I've read their privacy policy and they indeed collect a lot of data. Still I'm not sure if other collect similar amount but just don't have their privacy policy explained so in detail as Kaspersky.
As you said - even if you disable Cloud it is still used for lookups and IMO you don't loose much protection.
 

McMcbrad

Level 23
Oct 16, 2020
1,252
This telemetry might be used eventually (not sure if they do) but it can be utilised to detect various system anomalies. However, given the product’s other capabilities, I don’t believe any anomaly will ever occur, so you might be better off without that. I personally would leave it on, so I would contribute to the protection of all users.
 
Last edited:

Minimalist

Level 4
Oct 2, 2020
197
This telemetry might be used eventually (not sure if they do) but it can be utilised to detect various system anomalies. However, given the product’s other capabilities, I don’t believe any anomaly will ever occur, so you might be better off turning that off. I personally would leave it on, so I would contribute to the protection of all users.
Yes, that's why I have it enabled at the moment. (y)
 

MacDefender

Level 14
Verified
Oct 13, 2019
639
For the record my tinfoil hat is usually off. I keep KSN enabled on almost all of my machines. There is one where I use to process trade secrets for contracting jobs and I turn off all cloud telemetry on that one for obvious reasons. But on my private leisure machines I am more than happy to contribute to their cloud because if everyone turns it off the product would not work!
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Kaspersky is a brilliant all in one suite..The only issue I have is with the firewall not being easily configurable to alert when programs call home.
You can edit the rights for all 3-4 groups of application control - each one of them includes a “Network” tab. You can choose to disable it completely, prompt or always allow. You can also manage it app by app.
 
Top