Hot Take KIS/KTS/KSCloud/KStandard/KPlus/KPremium - Implementing Protected Folders via Manage Resources (+ Default Deny Mode)

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,732
I would like to add a modification of this configuration:

1603182619778.png
This is the right mask to protected a full drive and all the files and subfolders inside: <drive letter>:\**\* -> C:\**\*

For additional mask info: Creating a scan exclusion (although for corporate product, also valid for home products)

I also modified (enforced) some rights of some allowed/denied operations...
 

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,732
Disable:

1603817151222.png

If You want also prompts from truted applications, then You should modify Trusted group rules, but probably You will get BUNCH OF PROMPTS. and will get crazy :D

1603817306117.png

Or You can modify manually every trusted application NetWork rule expanding Trusted Group...
 
Last edited:

starsfighter

Level 1
Verified
Jun 16, 2016
22
to ask for new application
thanks for reply , just need it for new apps i used it before with eset and no "BUNCH OF PROMPTS"it's great to control the access . and for now i don't find away .

mangeded to solve it by marking trust group to ask and for "microsoft group" to allow reduce "BUNCH OF PROMPTS" except some cmd ,powershell. .....another adventage for eset firewall for me is ip to hostname reslover .
 
Last edited:

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
Is it okay to add VeraCrypt container to that UNDER protected folder?
KIS/KTS/KSC Cloud

Implementing Protected Folders via Manage Resources

1.- Go to Settings -> Protection -> Application Control -> Manage Resources

2.- Expand Personal Data folder and then select User Files folder

3.- Click on Add and then on Category and type a name, for example: PROTECTED FOLDERS

4.- Then select the new PROTECTED FOLDER category/folder just created, and click on Add again, but this time select File or Folder

5.- In Name give a name for the resource We want to protect, for example: Hard Disk C:

6.- In Patch We can type manually the path to the resources (full drive or folder) or use [Select] to directly select, for example: C:\*

As You can see if We add a * to the end of path folder, all the content inside will be included, also We can specify concrete file types to protect:

7.- Finally click over [Add]

8.- Then expand PROTECTED FOLDERS category and select the new resource Hard Disk C:

9.- On the right We’ll get the rights (in the different trusted groups) assigned by default to the new resource

10.- Click on Trusted to collapse all the groups, and then We are ready to change rights. The default rights assigned are:

We have to remember here that Prompt For Action rights are working only if Interactive Mode is enabled, otherwise They will be ignored and the actions allowed…

So now my suggested tweaks are:


After making the changes -> click on [Save] button below.

Now We have to complement these tweaks making some additional changes:

1. Having Protection in Defaults (Auto Mode):

2. Then go to Application Control and change the settings:


For Advanced and/or more Paranoid users, We may even change:

  • Protection to Interactive Mode -> unticking Performs recommended actions automatically
  • Unticking Trust digitally signed applications
  • Or even going beyond -> Change trust group for unknown applications to UnTrusted

WARNING:

With these tweaks You probably will get some blocks while installing new applications (unknown in KSN) and/or if there is no connection to KSN/access to InterNet.

If in Interactive Mode, You will get also some/many Kaspersky prompts warnings, I usually select (in the prompt warning) Additional Actions -> Trust this Application and ticking 1stly Remember my choice for this application, if You trust the application being installed, but We may always go to Application Control -> Manage Applications and move the blocked files to Trusted Group manually.
 
  • Like
Reactions: Nevi

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,732
Yes, why not? But I use also Veracrypt, and may secure container does not have extension (I also have it located in an uncommon folder)... usually crypto attacks search for common user folders and known types of files such pic, docs, exe, etc. to encrypt... so it is interesting to leave container without extension, for security, maybe be less affected in a ransomware attack :)
 

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
Yes, why not? But I use also Veracrypt, and may secure container does not have extension (I also have it located in an uncommon folder)... usually crypto attacks search for common user folders and known types of files such pic, docs, exe, etc. to encrypt... so it is interesting to leave container without extension, for security, maybe be less affected in a ransomware attack :)
okii thanks! I added download folder to protected folder, when i try to save a image from internet to that download location from MS edge ,it doesn't save!
 

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,732
when i try to save a image from internet to that download location from MS edge ,it doesn't save!
It depends on how did You set up the rights :)

If Edge in Trusted group and Write/Create rights for Trusted apps are in Allow, there should not be any issues...

1615285002818.png
 
Last edited:

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
Great guide @harlan4096 !
Previously i had to do this for every common file type i could think of that will be affected by ransomwares. It was a lot of work. Now this guide, saved me a lot of work & time.

Question: i use kaspersky encryption vault. In lock, ransomware won't be able to affect the files inside it, right?
 

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,732
Question: i use kaspersky encryption vault. In lock, ransomware won't be able to affect the files inside it, right?

Files inside the vault will not be affected BUT main file vault/container can be affected also by some rsw... so I would also add it to protected resources :)
 

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
is it possible to prevent someone from opening a folder using this Manage resources in KIS, using permissions?
 
  • Like
Reactions: Nevi

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
I went a little further with protected folders. I don't need to protect my c: drive as any unknown application will go to High Restricted category & Start rights of High Restricted category is set to Prompt. So whenever an unknown application tries to start, i get a prompt to allow it or not.

Screenshot00043.jpg


Screenshot00042.jpg


IMO this is far better than adding c: in protected folders. I don't have any documents or files in c drive, all my personal files & documents are in e drive so as to avoid conflict/damage when formatting or reinstalling. So i added e drive to protected folders, which in turn protects ALL my files which are non-replaceable.
In addition, i modified the trusted group write & delete rights so i get notified even if a trusted app tries to access any of my files.

Screenshot00041.jpg


So now, i think no ransomware or malware will be able to affect my files even if it is trusted.
Am i being really paranoid? If i am doing anything wrong, please let me.

Regards.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top