Hot Take RoboMan's Kaspersky 2023 Light & Solid Settings

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,393
Hello and welcome to RoboMan's ultimate and most life-changing guide: How to configure Kaspersky 2023 for a light & solid protection.

In this thread you'll find some tips and tweaks you can perform on your Kaspersky's suite in order to make sure you are well protected, yet your system runs smooth and light as you want it to be.

Let's go to some Q&A!

Kaspersky-Security-Cloud-Free.jpg


Why Kaspersky, oh dear RoboGod?
Because Kaspersky is a market leader which offers one of the most solid and robust products on the industry. With its Intrusion Prevention module which can act "like" an anti-exe module, it can take protection to a whole new level.

Why the guide?
Because some users don't know how to configure this product/don't understand each module, and can use a little help to do so.

Which version is this guide for?
This guide will help Kaspersky users from Standard, Plus or Premium, since the interface has changed from Antivirus/Internet Security/Total Security.

Why are you the best robot and how are you tied to MalwareTips Bot?
I am just here to do my job and help the community. Also, MalwareTips is my twin evil brother and I make it my daily mission to save all MT's users from his wrath.

Now you've read the frequently asked questions, I'm sure you're ready to tweak your beloved product, so let's get to it.

INTRODUCTION

You've installed Kaspersky on its newest version. Congratulations! That was a good choice.
Now that you've opened the interface, you should see something like this. Do not mind my email there, that's a fresh one created for this thread, so don't try to hack me :mad:

1.png


Now, you're gonna head to "Security" tab to get our configuration guide started. This is what you see:

2.png

You wanna click that settings icon you see on the right top, next to the question mark.

3.png

Congratulations, you've now entered the settings menu. Let's get started, shall we?

THE TWEAKING PART

Click on FILE ANTIVIRUS option. Copy exactly my setup here.

Action on thread detection: disinfect, delete if fails
Heuristic Analysis: light scan
Scan only new and changed files: check
Scan mode: on execution

The rest of the options are default.

4.png5.png6.png7.png

Click on SAFE BROWSING SETTINGS option. Copy exactly my setup here.

Action on threat detection: Block download
Scan method: check all

The rest is default.

8.png9.png10.png

Click on FIREWALL option. Check every box there is.

11.png

Click on INTRUSION PREVENTION option. Copy exactly my setup here.

Trust group for applications that could not be added to existing groups: Untrusted
Trust group for applications started before startup of Kaspersky: Low Restricted
Trust digitally signed applications: unchecked

12.png

This specific configuration for the Intrusion Prevention module will be the key for a "lockdown" protection. Whenever an unknown application, wether its signed or not, is executed, it will be automatically blocked for your protection (it doesn't get safer than this). If you encounter an app you trust to be blocked, just head to this module, click on "Manage applications", filter for "Untrusted" and move it to the "Trusted" group.

For more information on how this module works, check: Need Advice - Kaspersky's Application Control: what is it, how it works

Click on NETWORK. Copy my exact setup here.

Traffic processing: check all
Encrypted connection scan: do not scan

The rest is default.

13.png

Click on PRIVATE BROWSING. Copy my exact setup here.

Block data collection: selected
Block tracking: checked
Allow data on Kaspersky website: unchecked
Allow data collection on incompatible websites: checked

14.png

If a module is not listed here, that's because my suggestion is to leave it default, as it's the best approach for a light, yet solid protection.
I've skipped the "PERFORMANCE" and "PRIVACY" tabs, since they're not the main objective of this thread. Nevertheless, I encourage you to take a look at them and see which module here you find useful.

That concludes our Kaspersky's Tweaking Guide for the ultimate light yet solid protection.

"Wait, RoboMan, don't leave! I'm too lazy to do all this! Can't you just give me a configuration file I can import?"

You lazy mortal... Of course I thought of you, take it:

CONFIGURATION FILE:

This includes my suggestion tweaks for "PRIVACY" and "PERFORMANCE" tabs too. To import it, just head to settings icon on the home interface (located on the bottom part), now head to "Manage Settings", and use the "Import" option.

------------------------------

You may have questions, doubts, or may even want to drop a life threat, so feel free to do all that on the comment section.
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,393
good @RoboMan (y)
But why specify (inject script into web traffic to interact with web pages)
I thought it was slowing down browsing,Has anything changed in the new versions?
I chose to include the script injection into the browser for security reasons. I don't like the idea of having to install third-party browser addons like MalwareBytes Browser Guard or BitDefender TrafficLight. I believe the built in web protection is a more transparent and non-intrusive approach.

Also, I haven't encountered browsing slowdowns worth mentioning (on decent connection speeds at least).
 

Rita

Level 3
Well-known
Nov 3, 2021
124
I chose to include the script injection into the browser for security reasons. I don't like the idea of having to install third-party browser addons like MalwareBytes Browser Guard or BitDefender TrafficLight. I believe the built in web protection is a more transparent and non-intrusive approach.

Also, I haven't encountered browsing slowdowns worth mentioning (on decent connection speeds at least).
I remember it was a discussion on this topic and it said that the program will block malware even though this option is disabled using the built-in web protection, but it seems that you mean that this option provides additional protection and security
I will activate it and test the internet speed and agree that it will not be a problem with very fast connections
@Dixz45

Also, the Network Setting "Inject script into web traffic to interact with web pages"
is needed for the functioning of Kaspersky Safe Money , Private Browsing ... components.

View attachment 274663
I disable most of the features on which this option depends, so I did not find a reason to activate it, but if it adds additional security and does not affect the speed of the Internet clearly, I will do it
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,393
I disable most of the features on which this option depends, so I did not find a reason to activate it, but if it adds additional security and does not affect the speed of the Internet clearly, I will do it
It depends on the user, Chrome's built in security is already decent enough. I still see no reason why to add Kaspersky's protection if it doesn't slow you down.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,685
I did a speed test and it didn't seem to have any negative effect so I activated it
it does not affect internet speed but affects browser's responsiveness
I used script injection on my i7-3630QM. It made chrome respond a lot slower with more CPU consumption especially on heavy websites (facebook)

if you use kaspersky free, you can disable it. it's almost useless because free version doesn't have the important features that require script injection (except for URL advisor, most of us dont need)
with paid versions, there are some important components requiring it
 

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,393
Why heuristics set to light?
Because we're not using heuristics as our main line of defense, and because we're trying to make Kaspersky as light as possible. Our first line of defense with this configuration is Application Control (now Intrusion Prevention), which will block unknown files and mark them as untrusted. A quick, light heuristic scan is enough for this approach, since we rely more on KSN Vendor's List rather than on scanning files for malicious behaviour. Still, if you allow (mark as Trusted) a malicious file, heuristics will play its role, and even if it fails, Kaspersky's Intrusion Prevention will pop up again blocking a payload for lacking a signature or not being signed by a Trusted Vendor.

In most cases, our configuration will stop a threat prior full execution due to this aforementioned configuration.
 

Trident

Level 26
Verified
Top Poster
Well-known
Feb 7, 2023
1,522
I looked there and didn’t see it 🤦🏻‍♂️

In that case Kaspersky will be great to restrict various LOLBins. I’ll need to have a look which are the most abused ones and how the actual abuse can be blocked.

Off the top of my head, blocking creation of startup items, starting processes(that’s under a question mark if it should be implemented) and code injection may be enough. Potentially maybe blocking the network access as well.
 

Trident

Level 26
Verified
Top Poster
Well-known
Feb 7, 2023
1,522
I have one question about how did You create the rule (path to folder) to protect Edge cookies: did You just add the folder path or added "\*" at the end? Since in the pic is not clear / not shown the full path:

View attachment 274848

View attachment 274849
For the Edge cookies I added the star so it will block everything in the folder (passwords, autofill, cookies). For the ransomware protection I’ve not specified any additional rules like formats (users can play a bit more and do it).

There are many possibilities what can be done with this module, I was surprised actually. Other HIPS are not that useful.
 

piquiteco

Level 14
Oct 16, 2022
634
@harlan4096 @Trident restrict access to these folders from browsers Edge AppData\Local\Microsoft\Edge\User Data do Chrome AppData\Local\Google\Chrome\User Data Firefox C:\Users\<user account>\AppData\Local\Mozilla\Firefox\Profiles Wouldn't that protect the cookies?
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top