AV Test MalwareTips - Kaspersky Report - March 2017

Discussion in 'Kaspersky' started by BoraMurdar, Apr 19, 2017.

  1. BoraMurdar

    BoraMurdar Super Moderator
    Staff Member

    Aug 30, 2012
    5,781
    22,479
    Doctor of medicine
    Serbia
    Windows 10
    Emsisoft
    All credits to AV Tester @harlan4096

    All tests were conducted in protected virtual environment. Due to the small number of samples used in these tests, you should take results with a grain of salt. This test shows how the tested product behaves with certain malware samples, under unique circumstances, in a given period of time. Product’s malware detection rate is not an equivalent of protection. This should not be mixed up. MalwareTips encourage you to compare these results with others and take informed decisions on what security products to use.

    MalwareTips AV Test – March 2017 – Kaspersky Total Security-1.jpg MalwareTips AV Test – March 2017 – Kaspersky Total Security-2.jpg

    PDF
     
  2. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,259
    13,539
    Utopia
    Pretty impressive.
    @harlan4096, do you test with TAM enabled and trust sigs disabled?
     
    Sunshine-boy, JB007, shukla44 and 8 others like this.
  3. harlan4096

    harlan4096 Moderator
    Staff Member AV Tester

    Apr 28, 2015
    2,622
    20,663
    Almería (Spain)
    Windows 10
    Kaspersky
    #3 harlan4096, Apr 19, 2017
    Last edited: Apr 19, 2017
    No, tests in general are in"Deafault settings" + PUP/Adware setting enabled. You can see the settings I used in every test I ran -> check spoilers ;) but during some time I used High Restricted to unknown files...

    But probably I could run in future some extra tests with TAM on :)
     
  4. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,259
    13,539
    Utopia
    If you run some tests with High Restricted for unknown files, isn't that almost like using Kaspersky in a default/deny mode?
     
  5. harlan4096

    harlan4096 Moderator
    Staff Member AV Tester

    Apr 28, 2015
    2,622
    20,663
    Almería (Spain)
    Windows 10
    Kaspersky
    Yes, very similar similar...
     
    Sunshine-boy, JB007, Parsh and 4 others like this.
  6. shukla44

    shukla44 Level 10

    Jan 14, 2016
    480
    4,527
    India
    Windows 7
    Kaspersky
    Testing with TAM on would be like an Anti-exe. All the samples including scripts & dll's would be blocked if they are not trusted. Which they won't be if you have trust signatures disabled. Furthermore only a handful of samples are digitally signed.

    So, it would be pointless to test it in TAM mode ON. Just my impression.

    Regards.
     
  7. harlan4096

    harlan4096 Moderator
    Staff Member AV Tester

    Apr 28, 2015
    2,622
    20,663
    Almería (Spain)
    Windows 10
    Kaspersky
    What about TAM On, Trust in digitally signed application off, High Restricted for unknown apps but KSN On? which have been usually my settings for long periods of time, sometimes disabling TAM... :)
     
    venustus, ZeroDay, JB007 and 4 others like this.
  8. ttto

    ttto Level 7

    Sep 22, 2016
    312
    1,503
    Chemist
    Spain
    macOS Sierra
    Norton
    Results talk themselves, Kaspersky is nowadays one of the most solid solutions out there.
     
  9. Tony Cole

    Tony Cole Level 27

    May 11, 2014
    1,619
    3,430
    Emergency medicine ST3
    UK
    Windows 10
    Kaspersky
    Would enabling TAM protect the system more, or just default settings with AppGuard protect the system 100%?
     
    JB007 likes this.
  10. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,259
    13,539
    Utopia
    AppGuard is stronger than TAM -- but when you install software, you have to turn it off.
    If a user has the bad habit of running iffy apps, TAM would be better.
     
    JB007, harlan4096 and shukla44 like this.
  11. shukla44

    shukla44 Level 10

    Jan 14, 2016
    480
    4,527
    India
    Windows 7
    Kaspersky
    I have that setting, except for TAM on. I don't use TAM. Instead i use VS.
     
    Parsh and JB007 like this.
  12. shukla44

    shukla44 Level 10

    Jan 14, 2016
    480
    4,527
    India
    Windows 7
    Kaspersky
    IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
     
  13. mekelek

    mekelek Level 21

    Feb 24, 2017
    1,012
    4,410
    Hungary
    Windows 10
    Kaspersky
    after a while it becomes your natural reflex to check the blocked list if something isn't working as intended. imo it's not big of a deal.
     
    ZeroDay, JB007 and shukla44 like this.
  14. XhenEd

    XhenEd Level 27
    Content Creator Trusted

    Mar 1, 2014
    1,607
    8,424
    Philippines
    Windows 10
    Default-Deny
    What I like about TAM is that it's more than just an anti-exe, anti-script, anti-..., etc.. It also acts similar to AppGuard's MemoryGuard. TAM has predefined programs that it further monitors, so that anything out of the ordinary these programs do is blocked.

    Anyway, this is a bit off-topic because the tests were done with TAM turned off. :p
     
    JB007, shukla44, frogboy and 2 others like this.
  15. XhenEd

    XhenEd Level 27
    Content Creator Trusted

    Mar 1, 2014
    1,607
    8,424
    Philippines
    Windows 10
    Default-Deny
    #15 XhenEd, Apr 21, 2017
    Last edited: Apr 21, 2017
    Do the blocks happen even when you have internet connection? Mine only happened when internet connection was out.
     
  16. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,259
    13,539
    Utopia
    I have a question whether it is fair to test Kaspersky against other AVs, when Kaspersky has unknowns set to high restricted. That is a very strong tweak, and I am sure it affects the results.
    Avast could turn on hardened mode/aggressive, and also get better results.
     
    JB007, shukla44 and harlan4096 like this.
  17. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,798
    13,158
    Vietnam
    Windows 8.1
    Avast
    I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

    I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

    it's truly default-deny, no need for appguard
     
    ZeroDay, JB007, shukla44 and 2 others like this.
  18. XhenEd

    XhenEd Level 27
    Content Creator Trusted

    Mar 1, 2014
    1,607
    8,424
    Philippines
    Windows 10
    Default-Deny
    media.kaspersky.com/pdf/kaspersky_lab_whitepaper_trusted_applications_mode.pdf
     
    JB007, shukla44, Sunshine-boy and 2 others like this.
  19. harlan4096

    harlan4096 Moderator
    Staff Member AV Tester

    Apr 28, 2015
    2,622
    20,663
    Almería (Spain)
    Windows 10
    Kaspersky
    Avast in previous months was also tested in "hardened mode" in some tests ;)

    I just changed to "High Restricted" to compare and check, but in general I test in Default Settings + PUP On.
     
    venustus, JB007, shukla44 and 2 others like this.
  20. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,259
    13,539
    Utopia
    TAM is not so black and white as you are describing it.
    There is a low-restricted category, which most unknowns fall into. It is not very restrictive, except regarding the loading of DLLs, which TAM is indeed very strict about.
     
    JB007, shukla44 and harlan4096 like this.
Loading...
Similar Threads Forum Date
AV Test MalwareTips - Kaspersky Report - November 2016 Kaspersky Dec 15, 2016
Q&A How many MalwareTips members are using Kaspersky 2016? Kaspersky Jul 21, 2016
Expired MalwareTips.com : Kaspersky Internet Security 2014 Giveaway Giveaways Archive Feb 12, 2014