Hot Take KIS/KTS/KSCloud/KStandard/KPlus/KPremium - Implementing Protected Folders via Manage Resources (+ Default Deny Mode)

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
Of course, it's very restrictive hehe have You tried it?
yea I am using it for more than 2 months without any problem, I used it in interactive mode with "Ask User" rather than Deny, I couldn't find any software other than macrium reflect and kerish doctor,iobit asking to access it.
 
  • Like
Reactions: harlan4096

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
Is it a must that we have to add protected folders under Personal data> User Files? Can we just add the protected folders just under Personal Data rather than Personal data> User Files?
 
  • Like
Reactions: harlan4096

zkSnark

Level 5
Verified
Well-known
Jan 13, 2019
220
@harlan4096 I configured KTS using the instructions in your first post, update post and Shukla44's post. But when starting my laptop, I am getting this popup error.

error.png


Though I am logged in as Administrator, I am denied permission to access "WindowsApps" folder. Tried in Safe Mode, I can access "WindowsApps" folder but cannot delete the folder "AppUP.Intel....".
I reverted to KTS default config and the popup error did not show. Is something wrong in my config?
 
Last edited:
  • Like
Reactions: harlan4096

harlan4096

Super Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,948
Did You check if that app was moved to UnTrusted group in Application Control / Intrusion Prevention? If so, You can move to Trusted group, and it should fix the warning.

Maybe that file is not digitally signed or not very well-known in KSN yet…
 

zkSnark

Level 5
Verified
Well-known
Jan 13, 2019
220
Did You check if that app was moved to UnTrusted group in Application Control / Intrusion Prevention? If so, You can move to Trusted group, and it should fix the warning.

Maybe that file is not digitally signed or not very well-known in KSN yet…
This was the KTS log for that file
Today, 12/25/2022 6:40:05 AM Application Control was triggered IGCC IGCC.exe C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4232.0_x64__8j3eq9eme6ctt 12560 RM-PC\RM Active user evtModify Allowed Allowed IGCCApp.db C:\Users\RM\AppData\Local\Packages\AppUp.IntelGraphicsExperience_8j3eq9eme6ctt\LocalState Personal data
 

zkSnark

Level 5
Verified
Well-known
Jan 13, 2019
220
Move IGCCTray.exe to Trusted group (Error Verifying Signature).

Also, one of the IGCC files appears as not digitally signed (Missing) 🤔
Moved to Trusted, restarted PC and the popup error did not display. Thanks for the help.
Since Intel files are installed automatically, I don't know why 3 files are missing digital signature and only "IGCC" is digitally signed. Any suggestion how to get the digital signature for those files?
 
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top