Malware Hub Report MalwareTips - Kaspersky Report - March 2017

BoraMurdar

Super Moderator
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
All credits to AV Tester @harlan4096

All tests were conducted in protected virtual environment. Due to the small number of samples used in these tests, you should take results with a grain of salt. This test shows how the tested product behaves with certain malware samples, under unique circumstances, in a given period of time. Product’s malware detection rate is not an equivalent of protection. This should not be mixed up. MalwareTips encourage you to compare these results with others and take informed decisions on what security products to use.

MalwareTips AV Test – March 2017 – Kaspersky Total Security-1.jpg
MalwareTips AV Test – March 2017 – Kaspersky Total Security-2.jpg

PDF
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
No, tests in general are in"Deafault settings" + PUP/Adware setting enabled. You can see the settings I used in every test I ran -> check spoilers ;) but during some time I used High Restricted to unknown files...

But probably I could run in future some extra tests with TAM on :)
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
No, tests in general are in"Deafault settings" + PUP/Adware setting enabled. You can see the settings I used in every test I ran -> check spoilers ;) but during some time I used High Restricted to unknown files...

But probably I could run in future some extra tests with TAM on :)
If you run some tests with High Restricted for unknown files, isn't that almost like using Kaspersky in a default/deny mode?
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
Pretty impressive.
@harlan4096, do you test with TAM enabled and trust sigs disabled?
Testing with TAM on would be like an Anti-exe. All the samples including scripts & dll's would be blocked if they are not trusted. Which they won't be if you have trust signatures disabled. Furthermore only a handful of samples are digitally signed.

So, it would be pointless to test it in TAM mode ON. Just my impression.

Regards.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
What about TAM On, Trust in digitally signed application off, High Restricted for unknown apps but KSN On? which have been usually my settings for long periods of time, sometimes disabling TAM... :)
 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Would enabling TAM protect the system more, or just default settings with AppGuard protect the system 100%?
 
  • Like
Reactions: JB007

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
What about TAM On, Trust in digitally signed application off, High Restricted for unknown apps but KSN On? which have been usually my settings for long periods of time, sometimes disabling TAM... :)
I have that setting, except for TAM on. I don't use TAM. Instead i use VS.
 
  • Like
Reactions: Parsh and JB007

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
AppGuard is stronger than TAM -- but when you install software, you have to turn it off.
If a user has the bad habit of running iffy apps, TAM would be better.
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
after a while it becomes your natural reflex to check the blocked list if something isn't working as intended. imo it's not big of a deal.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
What I like about TAM is that it's more than just an anti-exe, anti-script, anti-..., etc.. It also acts similar to AppGuard's MemoryGuard. TAM has predefined programs that it further monitors, so that anything out of the ordinary these programs do is blocked.

Anyway, this is a bit off-topic because the tests were done with TAM turned off. :p
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
IMO, i think TAM is a little strict for safe apps too. From time to time, Safe apps & their dll's gets blocked too. You have to constantly check the application manager to allow them. So, it gets a little tedious.
Do the blocks happen even when you have internet connection? Mine only happened when internet connection was out.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I have a question whether it is fair to test Kaspersky against other AVs, when Kaspersky has unknowns set to high restricted. That is a very strong tweak, and I am sure it affects the results.
Avast could turn on hardened mode/aggressive, and also get better results.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
media.kaspersky.com/pdf/kaspersky_lab_whitepaper_trusted_applications_mode.pdf
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
I have a question whether it is fair to test Kaspersky against other AVs, when Kaspersky has unknowns set to high restricted. That is a very strong tweak, and I am sure it affects the results.
Avast could turn on hardened mode/aggressive, and also get better results.
Avast in previous months was also tested in "hardened mode" in some tests ;)

I just changed to "High Restricted" to compare and check, but in general I test in Default Settings + PUP On.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
I still don't fully understand how TAM works but I think it will get the reputation of the file from KSN, if the file is not present in KSN, it will be marked as untrusted, exactly like comodo firewall

I think if TAM is enabled, the protection would be 99.9-100% because only safe files are allowed to run. Unknown or unsafe files are all untrusted. TAM supports all file types so it's better than hardened mode, IMO

it's truly default-deny, no need for appguard
TAM is not so black and white as you are describing it.
There is a low-restricted category, which most unknowns fall into. It is not very restrictive, except regarding the loading of DLLs, which TAM is indeed very strict about.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top