Recommended setting for System Watcher in Kaspersky Total Security

Status
Not open for further replies.
A

Artificial intelligence

Level 2
Thread author
Verified
Mar 20, 2017
57
148
65
Barcelona
It's okay ? Or recommend an adjustment. Thank you.
2017-03-29_5-59-58.png
 
  • Like
Reactions: CodaPG, PCGamer, shukla44 and 4 others
Hello,
I cannot understand Spanish but it looks good. To really improve your system security you should look at Kaspersky's Application Control settings, that's were you can do the most work, here is a guide to help you - How to setup Kaspersky Internet Security 2016 for Maximum Protection (Guide) - it's for KIS 2016, but it should work for 2017 as well!

@harlan4096 may also give you some great tips on how to better configure Kaspersky.
 
  • Like
Reactions: PCGamer, shukla44, XhenEd and 7 others
  • Like
Reactions: PCGamer, shukla44, XhenEd and 6 others
harlan4096 said:
In case of module "System Watcher", defaults settings are ok and should not be changed...
Click to expand...
@harlan4096, what about the idea of using Application Control to put script interpreters in the High Restricted category? What do you say about that kind of a tweak?

I even put cmd.exe in High Restricted, and everything still works fine, and my apps that use cmd.exe are still able to function normally.
 
  • Like
Reactions: shukla44, XhenEd and harlan4096
@shmu26: I guess You did that because the last special sample I tested yesterday night that tried to Exploit cmd.exe. We have been testing at MWHub lately some similar/variants samples (usually .doc) that tried the same.

As You can see, in every case KTS2018 (and I guess also K2017 would do the same) in default settings detected the attack and blocked it without having signatures...

If that "strong tweak" is working fine for now for You, that's great... anyway I'm not sure whether You will have any issue in future with any other applications or Windows working, please let us know...
 
Last edited:
  • Like
Reactions: PCGamer, shukla44, shmu26 and 3 others
harlan4096 said:
@shmu26: I guess You did that because the last special sample I tested yesterday night that tried to Exploit cmd.exe. We have been testing at MWHub lately some similar/variants samples (usually .doc) that tried the same.

As You can see, in every case KTS2018 (and I guess also K2017 would do the same) in default settings detected the attack and blocked it without having signatures...

If that "strong tweak" is working fine for now for You, that's great... anyway I'm not sure whether You will have any issue in future with any other applications or Windows workings, let us know...
Click to expand...
I'm scared, do I return it to the default configuration?
 
Last edited:
  • Like
Reactions: XhenEd and Daniel Hidalgo
harlan4096 said:
@shmu26: I guess You did that because the last special sample I tested yesterday night that tried to Exploit cmd.exe. We have been testing at MWHub lately some similar/variants samples (usually .doc) that tried the same.

As You can see, in every case KTS2018 (and I guess also K2017 would do the same) in default settings detected the attack and blocked it without having signatures...

If that "strong tweak" is working fine for now for You, that's great... anyway I'm not sure whether You will have any issue in future with any other applications or Windows working, please let us know...
Click to expand...
Thanks, and it wasn't because of your latest test, it is just my general paranoia about script interpreters. Whatever my security config may be, I always try to get them under control.
Almost all users could block or restrict wscript and cscript and powershell without any issues, and that will make it really hard for malware to download and run payloads, or hack the registry etc.
The touchy process is cmd.exe. So far, I haven't had any problems, but potentially, it could cause issues.
 
  • Like
Reactions: shukla44, harlan4096 and Artificial intelligence
Status
Not open for further replies.

You may also like...