KAV\KIS\KTS [MR0] 16.0.0.614 - Patch E beta

[harlan4096]

More info: Patch E is available for testing - Kaspersky Lab Forum

 

[hjlbx]

More info: Patch E is available for testing - Kaspersky Lab Forum

Heh... they are accepting bugs only if Default Deny mode is disabled.

That's where all the bugs reside.

"Flood will be deleted"

Moses didn't know about that one.

I'm just poking fun...

 

[hjlbx]

If they can get the Application Control to work with TAM enabled and "Don't Trust Digitally Signed Files" enabled configuration, then I think Kaspersky would be difficult to improve upon.

 

[harlan4096]

Heh... they are accepting bugs only if Default Deny mode is disabled.

This is a comment They started adding sometime ago in every beta testing of new patches... and still I don't know its meaning

Where is the "Default Deny Mode" in Kaspersky Settings? i can't find it

Yes, You may deny many actions in some protections modules and Application Control, but a "Default Deny Mode" DOES NOT EXIST!!!.

 

[hjlbx]

This is a comment They started adding sometime ago in every beta testing of new patches... and still I don't know its meaning

Where is the "Default Deny Mode" in Kaspersky Settings? i can't find it

Yes, You may deny many actions in some protections modules and Application Control, but a "Default Deny Mode" DOES NOT EXIST!!!.

I think they mean if you disable "Trust Digitally Signed Applications" with TAM enabled.

Maybe they just mean when TAM is enabled.

I know, there is no "Default Deny Mode"; I think K considers it either TAM or a combo of settings tweaks.

Who knows... it could mean something completely different.

 

[hjlbx]

I think to K, Default Deny = TAM enabled.

If you find their White-Paper on Trusted Application Mode, it is all about Default Deny. They even call TAM "Default Deny" in that paper.

It's the disable "Trust Digitally Signed Applications" part that causes me all kinds of grief...

 

[hjlbx]

@harlan4096

I could never understand TAM - since even with it enabled, I could still download and install digitally signed PUAs\PUPs... LOL.

Why don't they make TAM such that:

1. Run TAM scan
2. White-list all unrecognized files
3. Enable TAM
4. Lock-Down system (Do NOT permit installation of any applications by using a single setting - or some variation thereof)

That would be true system Lock-Down.

Only Faronics has this sort of solution in their Anti-Executable, but Faronics only white-lists certain portable executables, whereas TAM scans and white-lists even scripts and other file types.

K is missing the final, most important step !!!!!!!!!!!!!!!

 

[jamescv7]

They still stick to make more accurate through the use of heuristic analyzer even though they have the 'Default -Deny' concept, but sometimes revising result on little complication but effectiveness may provide reliable.

So far Application Control of Kaspersky is the most matured in the terms of bundled on security software but overall they need to revise little main point of concept to make it better.

 

[Venustus]

White-list all unrecognized files

Do you mean "Blacklist" instead?

 

[hjlbx]

Do you mean "Blacklist" instead?

No. When use TAM, user must white-list all Unrecognized files, scripts, etc - preferably after clean install.

KSN does not contain all OEM files.

If you do not white-list them, then KIS will block, and could wreck system\cause issues\malfunctions.

Downside is that user can white-list undetected malware - so it is best practice to enable TAM immediately after clean OS install and before connecting to internet.