AV Test MalwareTips - Kaspersky Report - March 2017

BoraMurdar

Super Moderator
Staff member
Joined
Aug 30, 2012
Messages
5,986
OS
Windows 10
Antivirus
Emsisoft
#1
All credits to AV Tester @harlan4096

All tests were conducted in protected virtual environment. Due to the small number of samples used in these tests, you should take results with a grain of salt. This test shows how the tested product behaves with certain malware samples, under unique circumstances, in a given period of time. Product’s malware detection rate is not an equivalent of protection. This should not be mixed up. MalwareTips encourage you to compare these results with others and take informed decisions on what security products to use.

MalwareTips AV Test – March 2017 – Kaspersky Total Security-1.jpg
MalwareTips AV Test – March 2017 – Kaspersky Total Security-2.jpg

PDF
 

harlan4096

Moderator
Staff member
AV-Tester
Joined
Apr 28, 2015
Messages
3,353
OS
Windows 10
Antivirus
Kaspersky
#3
No, tests in general are in"Deafault settings" + PUP/Adware setting enabled. You can see the settings I used in every test I ran -> check spoilers ;) but during some time I used High Restricted to unknown files...

But probably I could run in future some extra tests with TAM on :)
 
Last edited:

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,981
OS
Windows 10
#4
No, tests in general are in"Deafault settings" + PUP/Adware setting enabled. You can see the settings I used in every test I ran -> check spoilers ;) but during some time I used High Restricted to unknown files...

But probably I could run in future some extra tests with TAM on :)
If you run some tests with High Restricted for unknown files, isn't that almost like using Kaspersky in a default/deny mode?
 
Joined
Jan 14, 2016
Messages
479
OS
Windows 7
Antivirus
Kaspersky
#6
Pretty impressive.
@harlan4096, do you test with TAM enabled and trust sigs disabled?
Testing with TAM on would be like an Anti-exe. All the samples including scripts & dll's would be blocked if they are not trusted. Which they won't be if you have trust signatures disabled. Furthermore only a handful of samples are digitally signed.

So, it would be pointless to test it in TAM mode ON. Just my impression.

Regards.
 

harlan4096

Moderator
Staff member
AV-Tester
Joined
Apr 28, 2015
Messages
3,353
OS
Windows 10
Antivirus
Kaspersky
#7
What about TAM On, Trust in digitally signed application off, High Restricted for unknown apps but KSN On? which have been usually my settings for long periods of time, sometimes disabling TAM... :)
 
Joined
May 11, 2014
Messages
1,622
OS
Windows 10
Antivirus
Sophos
#9
Would enabling TAM protect the system more, or just default settings with AppGuard protect the system 100%?
 
Likes: JB007
Joined
Jan 14, 2016
Messages
479
OS
Windows 7
Antivirus
Kaspersky
#11
What about TAM On, Trust in digitally signed application off, High Restricted for unknown apps but KSN On? which have been usually my settings for long periods of time, sometimes disabling TAM... :)
I have that setting, except for TAM on. I don't use TAM. Instead i use VS.
 
Joined
Jan 14, 2016
Messages
479
OS
Windows 7
Antivirus
Kaspersky
#12
AppGuard is stronger than TAM -- but when you install software, you have to turn it off.
If a user has the bad habit of running iffy apps, TAM would be better.
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
 
Joined
Feb 24, 2017
Messages
1,709
OS
Windows 10
Antivirus
Kaspersky
#13
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
after a while it becomes your natural reflex to check the blocked list if something isn't working as intended. imo it's not big of a deal.
 

XhenEd

Level 27
Content Creator
Trusted
Joined
Mar 1, 2014
Messages
1,651
OS
Windows 10
Antivirus
Default-Deny
#14
What I like about TAM is that it's more than just an anti-exe, anti-script, anti-..., etc.. It also acts similar to AppGuard's MemoryGuard. TAM has predefined programs that it further monitors, so that anything out of the ordinary these programs do is blocked.

Anyway, this is a bit off-topic because the tests were done with TAM turned off. :p
 

XhenEd

Level 27
Content Creator
Trusted
Joined
Mar 1, 2014
Messages
1,651
OS
Windows 10
Antivirus
Default-Deny
#15
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
Do the blocks happen even when you have internet connection? Mine only happened when internet connection was out.
 
Last edited:

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,981
OS
Windows 10
#16
I have a question whether it is fair to test Kaspersky against other AVs, when Kaspersky has unknowns set to high restricted. That is a very strong tweak, and I am sure it affects the results.
Avast could turn on hardened mode/aggressive, and also get better results.
 

Evjl's Rain

Level 33
Content Creator
Trusted
AV-Tester
Joined
Apr 18, 2016
Messages
2,289
OS
Windows 8.1
Antivirus
Avast
#17
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
 

XhenEd

Level 27
Content Creator
Trusted
Joined
Mar 1, 2014
Messages
1,651
OS
Windows 10
Antivirus
Default-Deny
#18
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
media.kaspersky.com/pdf/kaspersky_lab_whitepaper_trusted_applications_mode.pdf
 

harlan4096

Moderator
Staff member
AV-Tester
Joined
Apr 28, 2015
Messages
3,353
OS
Windows 10
Antivirus
Kaspersky
#19
I have a question whether it is fair to test Kaspersky against other AVs, when Kaspersky has unknowns set to high restricted. That is a very strong tweak, and I am sure it affects the results.
Avast could turn on hardened mode/aggressive, and also get better results.
Avast in previous months was also tested in "hardened mode" in some tests ;)

I just changed to "High Restricted" to compare and check, but in general I test in Default Settings + PUP On.
 

shmu26

Level 60
Joined
Jul 3, 2015
Messages
4,981
OS
Windows 10
#20
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
TAM is not so black and white as you are describing it.
There is a low-restricted category, which most unknowns fall into. It is not very restrictive, except regarding the loading of DLLs, which TAM is indeed very strict about.