Hot Take KIS/KTS/KSCloud/KStandard/KPlus/KPremium - Implementing Protected Folders via Manage Resources (+ Default Deny Mode)

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
I went a little further with protected folders. I don't need to protect my c: drive as any unknown application will go to High Restricted category & Start rights of High Restricted category is set to Prompt. So whenever an unknown application tries to start, i get a prompt to allow it or not.

View attachment 255665

View attachment 255664

IMO this is far better than adding c: in protected folders. I don't have any documents or files in c drive, all my personal files & documents are in e drive so as to avoid conflict/damage when formatting or reinstalling. So i added e drive to protected folders, which in turn protects ALL my files which are non-replaceable.
In addition, i modified the trusted group write & delete rights so i get notified even if a trusted app tries to access any of my files.

View attachment 255663

So now, i think no ransomware or malware will be able to affect my files even if it is trusted.
Am i being really paranoid? If i am doing anything wrong, please let me.

Regards.
did you disable "perform recommended actions automatically" to get notification on ask user?
 

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
ok Thanks!
Check Step 6 of the 1st post (there You can add and/or modify specific entry for mp4 file extension), also check: How to protect your computer against file-encrypting malware in Kaspersky Internet Security 19
can I protect files using comma to separate each or do I need to make separately?

1645608267915.png
 
  • Like
Reactions: harlan4096
G

Guilhermesene

@harlan4096

Just a note:

I picked up a malicious file from Malware Bazaar just to test whether Kaspersky would detect it (I wouldn't run the program, just unzip it on the desktop).

Kaspersky did not detect the file (I thought this was strange, but proceeded).

I had the file scanned from the context menu and still Kaspersky didn't detect anything. The interesting point is that I use Kaspersky in default deny mode, so I tried to open the file and what happened? It was blocked as expected!

From what I saw, it showed up in KSN for the first time with me because the creation date and time in KSN showed up the exact time I opened the file.

Just think if it was another AV (just as an example ESET or Bitdefender - the most famous ones so to speak) this file would be executed if the AV did not detect it as malicious.

This is why I like to use Kaspersky in this default deny mode, as it gives me an "additional security layer" and gives me more security.

I recommend everyone who has a little knowledge, mainly in the "Application Control" module and wants something stricter to have more security, to use the product this way.

The tested file can be checked out here: v.gd - Shortened URL
Link of the file sent for Kaspersky analysis: v.gd - Shortened URL
 

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
Is there any problem of blocking read, write, create and delete rights to MS edge's Extension folder for all apps (trusted and low restricted and everything) except for Microsoft Edge;

MS Edge Extensions folder at C:\users\(username)\Appdata\local\Microsoft\Edge\User Data\Default\Extensions
 
  • Like
Reactions: harlan4096

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Hum... do You mean only trusts Edge to that folder and the rests apps -> Untrusted?
 
  • Like
Reactions: Berny

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
Hum... do You mean only trusts Edge to that folder and the rests apps -> Untrusted?
yea like this
to be in the safe side i let Microsoft apps to have full rights, but I am wondering if its safe to let only MS edge has access to that folder?
i am trying to protect crypto wallet
1659368239837.png
 
  • Like
Reactions: harlan4096

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Note that PROTECTED RESOURCES -> EDGE categories are created here:

1659369821468.png


Inside Personal data -> User files.

Also, for that resource (the folder added on the left), You have to tick ALL UNTRUSTED, and then find MS Edge inside Microsoft on the right, and then tick ALLOW.
 

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
I made lot of restrictions using intrusion prevention on Kaspersky Standard, I exported the configuration from Kaspersky Standard but its not compatible with KSOS, is there anyway to import that configuration to KSOS since I don't want to create those restriction from scratch again.
 
  • Like
Reactions: harlan4096

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Hum... try this: import that config in KIS/KTS, then export again and then try to import in KSOS...
 
  • Like
Reactions: Berny

ItsReallyMe

Level 10
Verified
Well-known
Dec 21, 2017
478
Is this configuration for Brace.exe gives extra protection for Brave browser like prevent other apps from accessing its cookies etc?
avpui_wfmlNi6wYb.png
 
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top