Advice Request Kaspersky's Application Control: what is it, how it works

Please provide comments and solutions that are helpful to the author of this topic.

G

Guilhermesene

Can You provide the detection? the problem is that in any compilation the hash will change... maybe can try to add an exclusion using a name mask 🤔
Oops, I'll install Kaspersky again and get back to you with the necessary information, I had removed it from my computer and put Bitdefender on (one of the reasons was that, the inconvenience with files created in C++ or python).
It is worth mentioning that it is not a malicious file, they are simple programming files, basically they are programming exercises that I use at my university.
 
G

Guilhermesene

@harlan4096 Well, I did some tests here and as you can see it is a simple program that after compiled, generates an .exe file whose name takes the name of the "project" created in the case file.exe
01.png

02.png

03.png


04.png
How do I get it not to block my self-developed programs from running?
I understand that it blocks because it is an .exe file and that it is not listed in my trust group, however every code modification it generates a new hash, consequently Kaspersky understands it to be a new file and blocks it too.
 
Last edited by a moderator:

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,692
Ah yes, then it's blocked not because it is detected as malware but because the hard tweaks in AC... the blocking it's because Your exe is not digitally signed, also it is an unknown app to KSN, so rules are applied :)
 
G

Guilhermesene

Ah yes, then it's blocked not because it is detected as malware but because the hard tweaks in AC... the blocking it's because Your exe is not digitally signed, also it is an unknown app to KSN, so rules are applied :)
Oh yes, I understand, thanks for solving this doubt of mine and I apologize for abusing your help, but is there anything I can do to not block the execution of these files of mine?
 

ExecutiveOrder

Level 2
Sep 21, 2021
47
For the current version of Kaspersky, I don't think it's necessary to set "Trust group for application started before startup of Kaspersky Total Security (or anything that has Application Control)" from "Trust group selected automatically" which is set by default to manually set "High Restricted", especially to get a good balance of protection and usability.
Select trust group automatically
If this option is selected, the Application Control component adds applications started before startup of Kaspersky Total Security to a trust group based on the rules created by Kaspersky experts.
 
G

Guilhermesene

@harlan4096 🙋🏻‍♂️ I did some tests here and solved the problem of Application Control for those who want to program. I simply put the Development project folder (in this case Python) in the exceptions in Kaspersky's Threats and Exclusions.

I have allowed only the protection with regard to Application Control to be released, the other protection components are active.

This way I am using Application Control in default deny mode and can program normally since the development “projects” are created in the folder in which I put the exception.

So, is there any risk in using Threat and Exclusion?

From my point of view I believe not for a few reasons:
1.Âş I do not create or develop any 'malware'
2.Âş I have released the exception only for Application Control as shown in the picture, so the other protections remain activated.


Foto1.png

Foto2.png
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top