Malware Hub Report MalwareTips - Kaspersky Report - March 2017

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
TAM is not so black and white as you are describing it.
There is a low-restricted category, which most unknowns fall into. It is not very restrictive, except regarding the loading of DLLs, which TAM is indeed very strict about.
I think only with TAM disabled, unknown apps will be in low restricted category

when I enabled TAM for a while, everything I ran was blocked including many safe apps. It simply blocked everything, nothing was put into low restricted. I don't know about your case but because of this, I had to disable TAM
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
TAM is not so black and white as you are describing it.
There is a low-restricted category, which most unknowns fall into. It is not very restrictive, except regarding the loading of DLLs, which TAM is indeed very strict about.
TAM is "black and white". It doesn't put files into low-restricted, but Untrusted. It is restrictive. Putting files into different categories is what the Application Control does. But TAM is different from, but working closely with, Application Control.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I think only with TAM disabled, unknown apps will be in low restricted category

when I enabled TAM for a while, everything I ran was blocked including many safe apps. It simply blocked everything, nothing was put into low restricted. I don't know about your case but because of this, I had to disable TAM
I know what you are talking about. Sometimes they are blocked, but are still in a permissive category. All you have to do is open up Application Control, expand the list, and look for the red dots. Slide it back to "allowed", and it will run.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I know what you are talking about. Sometimes they are blocked, but are still in a permissive category. All you have to do is open up Application Control, expand the list, and look for the red dots. Slide it back to "allowed", and it will run.
I tried to do this but it took so many clicks to allow 1 app, also the resource usage was noticeable
I prefer VS in autopilot mode because it just requires 1 or a few clicks to allow 1 app.

It's suitable for users who want a lockdown PC but not for many users like me :)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I tried to do this but it took so many clicks to allow 1 app, also the resource usage was noticeable
I prefer VS in autopilot mode because it just requires 1 or a few clicks to allow 1 app.

It's suitable for users who want a lockdown PC but not for many users like me :)
I, too, had various problems with TAM. I don't use it anymore. I use NVT ERP. I tried VS again recently, but it still blocks certain files, even if I whitelist them.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
TAM is not so black and white as you are describing it.
There is a low-restricted category, which most unknowns fall into. It is not very restrictive, except regarding the loading of DLLs, which TAM is indeed very strict about.
You're right. TAM would put files into Low restricted category, instead of Untrusted, which was the case in the past. But it is still very restrictive because the files are blocked, rather than allowed (or asked for permission), which is the default action of Low restricted category.

I'm using KIS with TAM, again. :D
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
since i reinstalled Windows and KIS, TAM has been going nuts, blocking dll's of legitimate games already installed on my hard drive that wasn't formatted.
ran the TAM scan again, lets hope it fixed it.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
since i reinstalled Windows and KIS, TAM has been going nuts, blocking dll's of legitimate games already installed on my hard drive that wasn't formatted.
ran the TAM scan again, lets hope it fixed it.
1. Was internet connected, or at least KSN could connect to the internet, when those happened?
2. How did you enable TAM? By clicking "Enable", or by clicking "Turn on and scan all installed applications"?
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
1. Was internet connected, or at least KSN could connect to the internet, when those happened?
2. How did you enable TAM? By clicking "Enable", or by clicking "Turn on and scan all installed applications"?
yes
enable then it ran a scan.

after i disabled it and enabled it again, the scan popped up with more dll's/exe's that i allowed now, so lets hope it will be fine.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
yes
enable then it ran a scan.

after i disabled it and enabled it again, the scan popped up with more dll's/exe's that i allowed now, so lets hope it will be fine.
I hate to say it, but this is common behavior for TAM.
After enabling TAM, you have to go into application control, expand the list, and scroll down it, looking for the red dots. Slide them all back to "allow".

There will still be some items that didn't make it onto the list, and will only be blocked when you first run them. When that happens, go back to the list, and slide them to "allow". They won't get blocked again.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
I hate to say it, but this is common behavior for TAM.
After enabling TAM, you have to go into application control, expand the list, and scroll down it, looking for the red dots. Slide them all back to "allow".

There will still be some items that didn't make it onto the list, and will only be blocked when you first run them. When that happens, go back to the list, and slide them to "allow". They won't get blocked again.
I'm aware of this, but I expected only stuff that are newly installed to be marked by TAM like this, not already installed ones.
 

PCGamer

Level 3
Verified
Well-known
Oct 14, 2015
124
As Always Kaspersky one of the best If not the best Internet suite out there! :)
The King Kaspersky.
 
  • Like
Reactions: JB007

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top