New Update Prevention-First Kaspersky

Decopi

Level 6
Verified
Oct 29, 2017
252
Comodo used about 50-60 mb if I remember correctly?

CF:
cavwp.exe = ±2,000K (the sum of two processes)
cis.exe = ±2,000K (the sum of two processes)
cmdagent.exe = ±19,000K (the sum of two processes)
If you keep CF closed, the total consumption remains ±13,000 K, with very low CPU and disk writing use. WV was similar to CF.

Kapersky free tweaked:
avp.exe = ±40,000 K
avpui.exe = ±180,000 K
IMHO it's a reasonable consumption for 4GB RAM computers, and low consumption for 8GB RAM computers.
 
Last edited:

a090

Level 2
Mar 26, 2023
67
Hey! Nice guide my man.

Exactly what I needed. Funny thing is we were discussing how to beef up my pop’s PC (running Kaspersky Standard) in DMs. And you mentioned you’ll need to go through Big K’s settings and check things out. Appreciate you taking the time to do that!

Going to apply all of these settings to my pop’s PC ASAP. Thanks again for always coming through, my brother.

Great thread

I appreciate your recent guide on Kaspersky as well. I checked it out earlier and applied some of your tweaks.

Thanks for your efforts, mate.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,652
Personally, I prefer to sacrifice a bit of Web surfing speed and keep Safe Browsing Heur enabled. Also, it may detect some malicious script activity injected in sites. This is one of the 1st defense lines when surfing the net.
 
Last edited:

Trident

Level 27
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,695
Personally, I prefer to sacrifice a bit of Web surfing speed and keep Safe Browsing Heur enabled. Also, it may detect some malicious script activity injected in sites. This is one of the 1st defense lines when surfing the net.
Yeah, it was a request I received to create the lightest configuration possible. According to Kaspersky official documentation the heuristics level controls the number of instructions that get emulated. For scripts on web pages that will be chaotic, encoded/unescaped, emulation and heuristics would be crucial. Other than that, users will have to rely on crawlers/telemetry to add the website to the denylist.
 
Last edited:

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
I cranked up my win10_VM running Kaspersky Standard 21.13.5.506, and I think I flunked Trident Academy :(
When I got to Network settings | do not scan encrypted connections, K warned me that would disable Safe Money, made me stop and wonder: is that a good idea :unsure:
Then K suggested that I should disable 3d-party VMware virtualization to make K happier or more optimized. Seems counterintuitive, yes?, ie, if I disable VMw, I assume K would cease to exist on this VM as would the VM itself... :unsure: Concluding that whatever AI Kas is using is impaired? :unsure: Things need to be understood in context, or maybe I'm a couple cups of coffee short today? Other peculiarity: K warned me to install its browser extension in Edge, so I did, but K continued to warn me to do this, even after a reboot, so K seems to have some issues with my VM or visa versa -- I don't run this VM that often, I was just curious about the Prevention settings...
 

Xeno1234

Level 14
Jun 12, 2023
696
Great guide. Kaspersky has some of the best behavioral protection out there, so even advanced threats can still get completely removed and detected. However, I use something decently similar to this, and I think it works really well.
 
  • Like
Reactions: Kongo

Kongo

Level 35
Verified
Top Poster
Well-known
Feb 25, 2017
2,490
Great guide. Kaspersky has some of the best behavioral protection out there, so even advanced threats can still get completely removed and detected. However, I use something decently similar to this, and I think it works really well.
Why so mysterious? What are you using? 👀
 
  • Like
Reactions: Trident

Xeno1234

Level 14
Jun 12, 2023
696
I also put anything I trust but am not fully sure its legit in modified Low Restricted to give it some restrictions like no tampering with Sys 32, no Code Injection, and no reading of Browsers. I know its not the best preformance wise, but I'd rather be protected than sacrifice 1 extra second to load a webpage.
 

Xeno1234

Level 14
Jun 12, 2023
696
Wait does anyone know if like for example you set HIPS to not allow code injection, but something injects code that Sys Watcher or something would detect, but its denied by HIPS. Would Sys watcher detect it aswell as it getting blocked by HIPS, or would it not be detected by the other components.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top