New Update Prevention-First Kaspersky

[Decopi]

Comodo used about 50-60 mb if I remember correctly?

CF:
cavwp.exe = ±2,000K (the sum of two processes)
cis.exe = ±2,000K (the sum of two processes)
cmdagent.exe = ±19,000K (the sum of two processes)
If you keep CF closed, the total consumption remains ±13,000 K, with very low CPU and disk writing use. WV was similar to CF.

Kapersky free tweaked:
avp.exe = ±40,000 K
avpui.exe = ±180,000 K
IMHO it's a reasonable consumption for 4GB RAM computers, and low consumption for 8GB RAM computers.

 

[RoboMan]

Great thread

 

[a090]

Hey! Nice guide my man.

Exactly what I needed. Funny thing is we were discussing how to beef up my pop’s PC (running Kaspersky Standard) in DMs. And you mentioned you’ll need to go through Big K’s settings and check things out. Appreciate you taking the time to do that!

Going to apply all of these settings to my pop’s PC ASAP. Thanks again for always coming through, my brother.

Great thread

I appreciate your recent guide on Kaspersky as well. I checked it out earlier and applied some of your tweaks.

Thanks for your efforts, mate.

 

[harlan4096]

Personally, I prefer to sacrifice a bit of Web surfing speed and keep Safe Browsing Heur enabled. Also, it may detect some malicious script activity injected in sites. This is one of the 1st defense lines when surfing the net.

 

[Trident]

Personally, I prefer to sacrifice a bit of Web surfing speed and keep Safe Browsing Heur enabled. Also, it may detect some malicious script activity injected in sites. This is one of the 1st defense lines when surfing the net.

Yeah, it was a request I received to create the lightest configuration possible. According to Kaspersky official documentation the heuristics level controls the number of instructions that get emulated. For scripts on web pages that will be chaotic, encoded/unescaped, emulation and heuristics would be crucial. Other than that, users will have to rely on crawlers/telemetry to add the website to the denylist.

 

[simmerskool]

I cranked up my win10_VM running Kaspersky Standard 21.13.5.506, and I think I flunked Trident Academy
When I got to Network settings | do not scan encrypted connections, K warned me that would disable Safe Money, made me stop and wonder: is that a good idea
Then K suggested that I should disable 3d-party VMware virtualization to make K happier or more optimized. Seems counterintuitive, yes?, ie, if I disable VMw, I assume K would cease to exist on this VM as would the VM itself... Concluding that whatever AI Kas is using is impaired? Things need to be understood in context, or maybe I'm a couple cups of coffee short today? Other peculiarity: K warned me to install its browser extension in Edge, so I did, but K continued to warn me to do this, even after a reboot, so K seems to have some issues with my VM or visa versa -- I don't run this VM that often, I was just curious about the Prevention settings...

 

[Xeno1234]

Great guide. Kaspersky has some of the best behavioral protection out there, so even advanced threats can still get completely removed and detected. However, I use something decently similar to this, and I think it works really well.

 

[Kongo]

Great guide. Kaspersky has some of the best behavioral protection out there, so even advanced threats can still get completely removed and detected. However, I use something decently similar to this, and I think it works really well.

Why so mysterious? What are you using?

 

[Xeno1234]

I keep everything at Optimal and use Untrusted for anything running before Kaspersky or anything Unknown and dont have trust digitally signed applications on either

 

[Xeno1234]

I also put anything I trust but am not fully sure its legit in modified Low Restricted to give it some restrictions like no tampering with Sys 32, no Code Injection, and no reading of Browsers. I know its not the best preformance wise, but I'd rather be protected than sacrifice 1 extra second to load a webpage.

 

[Xeno1234]

Wait does anyone know if like for example you set HIPS to not allow code injection, but something injects code that Sys Watcher or something would detect, but its denied by HIPS. Would Sys watcher detect it aswell as it getting blocked by HIPS, or would it not be detected by the other components.