BoraMurdar

Community Manager
Verified
Staff member
All credits to AV Tester @harlan4096

All tests were conducted in protected virtual environment. Due to the small number of samples used in these tests, you should take results with a grain of salt. This test shows how the tested product behaves with certain malware samples, under unique circumstances, in a given period of time. Product’s malware detection rate is not an equivalent of protection. This should not be mixed up. MalwareTips encourage you to compare these results with others and take informed decisions on what security products to use.

MalwareTips AV Test – March 2017 – Kaspersky Total Security-1.jpg
MalwareTips AV Test – March 2017 – Kaspersky Total Security-2.jpg

PDF
 

harlan4096

Level 61
Verified
Staff member
Malware Hunter
No, tests in general are in"Deafault settings" + PUP/Adware setting enabled. You can see the settings I used in every test I ran -> check spoilers ;) but during some time I used High Restricted to unknown files...

But probably I could run in future some extra tests with TAM on :)
 
Last edited:

shmu26

Level 82
Verified
Trusted
Content Creator
No, tests in general are in"Deafault settings" + PUP/Adware setting enabled. You can see the settings I used in every test I ran -> check spoilers ;) but during some time I used High Restricted to unknown files...

But probably I could run in future some extra tests with TAM on :)
If you run some tests with High Restricted for unknown files, isn't that almost like using Kaspersky in a default/deny mode?
 

shukla44

Level 11
Pretty impressive.
@harlan4096, do you test with TAM enabled and trust sigs disabled?
Testing with TAM on would be like an Anti-exe. All the samples including scripts & dll's would be blocked if they are not trusted. Which they won't be if you have trust signatures disabled. Furthermore only a handful of samples are digitally signed.

So, it would be pointless to test it in TAM mode ON. Just my impression.

Regards.
 

shukla44

Level 11
AppGuard is stronger than TAM -- but when you install software, you have to turn it off.
If a user has the bad habit of running iffy apps, TAM would be better.
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
 

mekelek

Level 28
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
after a while it becomes your natural reflex to check the blocked list if something isn't working as intended. imo it's not big of a deal.
 

XhenEd

Level 27
Verified
Trusted
Content Creator
What I like about TAM is that it's more than just an anti-exe, anti-script, anti-..., etc.. It also acts similar to AppGuard's MemoryGuard. TAM has predefined programs that it further monitors, so that anything out of the ordinary these programs do is blocked.

Anyway, this is a bit off-topic because the tests were done with TAM turned off. :p
 

XhenEd

Level 27
Verified
Trusted
Content Creator
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
Do the blocks happen even when you have internet connection? Mine only happened when internet connection was out.
 
Last edited:

shmu26

Level 82
Verified
Trusted
Content Creator
I have a question whether it is fair to test Kaspersky against other AVs, when Kaspersky has unknowns set to high restricted. That is a very strong tweak, and I am sure it affects the results.
Avast could turn on hardened mode/aggressive, and also get better results.
 

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
 

XhenEd

Level 27
Verified
Trusted
Content Creator
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
media.kaspersky.com/pdf/kaspersky_lab_whitepaper_trusted_applications_mode.pdf
 

harlan4096

Level 61
Verified
Staff member
Malware Hunter
I have a question whether it is fair to test Kaspersky against other AVs, when Kaspersky has unknowns set to high restricted. That is a very strong tweak, and I am sure it affects the results.
Avast could turn on hardened mode/aggressive, and also get better results.
Avast in previous months was also tested in "hardened mode" in some tests ;)

I just changed to "High Restricted" to compare and check, but in general I test in Default Settings + PUP On.
 

shmu26

Level 82
Verified
Trusted
Content Creator
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
TAM is not so black and white as you are describing it.
There is a low-restricted category, which most unknowns fall into. It is not very restrictive, except regarding the loading of DLLs, which TAM is indeed very strict about.