Advice Request Kaspersky's Application Control: what is it, how it works

[harlan4096]

Can You provide the detection? the problem is that in any compilation the hash will change... maybe can try to add an exclusion using a name mask

 

[Guilhermesene]

Can You provide the detection? the problem is that in any compilation the hash will change... maybe can try to add an exclusion using a name mask

Oops, I'll install Kaspersky again and get back to you with the necessary information, I had removed it from my computer and put Bitdefender on (one of the reasons was that, the inconvenience with files created in C++ or python).
It is worth mentioning that it is not a malicious file, they are simple programming files, basically they are programming exercises that I use at my university.

 

[Guilhermesene]

@harlan4096 Well, I did some tests here and as you can see it is a simple program that after compiled, generates an .exe file whose name takes the name of the "project" created in the case file.exe

Spoiler

How do I get it not to block my self-developed programs from running?
I understand that it blocks because it is an .exe file and that it is not listed in my trust group, however every code modification it generates a new hash, consequently Kaspersky understands it to be a new file and blocks it too.

 

[harlan4096]

Ah yes, then it's blocked not because it is detected as malware but because the hard tweaks in AC... the blocking it's because Your exe is not digitally signed, also it is an unknown app to KSN, so rules are applied

 

[Guilhermesene]

Ah yes, then it's blocked not because it is detected as malware but because the hard tweaks in AC... the blocking it's because Your exe is not digitally signed, also it is an unknown app to KSN, so rules are applied

Oh yes, I understand, thanks for solving this doubt of mine and I apologize for abusing your help, but is there anything I can do to not block the execution of these files of mine?

 

[cruelsister]

Is it possible for you to set up a VM and run the test code within it? That's really the preferred method for coders.

 

[Guilhermesene]

Is it possible for you to set up a VM and run the test code within it? That's really the preferred method for coders.

Hmm... interesting.

Good idea! I have not thought about it. I will do this, thanks for the tip.

 

[harlan4096]

Those tweaks in AC are emulating "default deny"... that blocking is the price to pay

 

[ExecutiveOrder]

For the current version of Kaspersky, I don't think it's necessary to set "Trust group for application started before startup of Kaspersky Total Security (or anything that has Application Control)" from "Trust group selected automatically" which is set by default to manually set "High Restricted", especially to get a good balance of protection and usability.

Select trust group automatically
If this option is selected, the Application Control component adds applications started before startup of Kaspersky Total Security to a trust group based on the rules created by Kaspersky experts.

 

[Guilhermesene]

@harlan4096 I did some tests here and solved the problem of Application Control for those who want to program. I simply put the Development project folder (in this case Python) in the exceptions in Kaspersky's Threats and Exclusions.

I have allowed only the protection with regard to Application Control to be released, the other protection components are active.

This way I am using Application Control in default deny mode and can program normally since the development “projects” are created in the folder in which I put the exception.

So, is there any risk in using Threat and Exclusion?

From my point of view I believe not for a few reasons:
1.º I do not create or develop any 'malware'
2.º I have released the exception only for Application Control as shown in the picture, so the other protections remain activated.

Spoiler

 

[ItsReallyMe]

What is KLDriver in rights tab

 

[harlan4096]

I guess are the specific rights for K. product drivers...