Hot Take RoboMan's Kaspersky 2023 Light & Solid Settings

[harlan4096]

But, I have being doing some checking and restricting those folders in the way of: all UnTrusted, except the browser services/executables, may lead to severe issues

I tried with my KPlus RC 21.13 and got issues in Edge and FireFox (no tried with Chrome)... probably because there are additional external dependencies.

 

[piquiteco]

I think in FF is: C:\Users\<user account>\AppData\Roaming\Mozilla\Firefox\Profiles

Correct, corrected.

But, I have being doing some checking and restricting those folders in the way of: all UnTrusted, except the browser services/executables, may lead to severe issues

I tried with my KPlus RC 21.13 and got issues in Edge and FireFox (no tried with Chrome)... probably because there are additional external dependencies.

I am curious to test this, but I trust your tests, I believe that yes, there must be problems with additional dependencies, if there was a way to leave as read-only and read and write permission and only the browser process as reliable for example msedge.exe, it would help. I have already tested with hips, but I still can't, all attempts without success, when I allow one thing it allows everything and when I block the access the browser doesn't even open, it crashes.

 

[harlan4096]

I still have to confirm in a 21.13 final, will do when have time in my old lap.

 

[piquiteco]

I still have to confirm in a 21.13 final, will do when have time in my old lap.

Yes, I think it may not work that way, because the "USER DATA" folder contains the profile and all the browser data, like extensions, bookmarks, so if you use *. you will be protecting folders and subfolders, so I think that presents problems, as you can't protect individual files, you end up allowing everything or blocking everything, unless you could move the cookie files to a specific folder, but I don't think that would be possible at least as far as I know.

 

[harlan4096]

But yes, You can protect also specific files with Kaspersky IP rules, You only need to know which files to protect and create the rules, but this time 1 rule per file if different extensions.

 

[piquiteco]

But yes, You can protect also specific files with Kaspersky IP rules, You only need to know which files to protect and create the rules, but this time 1 rule per file if different extensions.

Yes, I understand, but the rule applies to a single file even if it is located in subfolders? in this case the browser? it will be a little difficult because there are several files that are part of the session along with cookies. You have tried to protect only folders and subfolders "User Data\Default" because it has Session Storage, Service Worker, Sessions, Storage, Sync Data it's complicated.

 

[piquiteco]

@harlan4096 Kaspersky Standard can you make these adjustments?

 

[harlan4096]

Yes, that tweaks can be done in any paid Kaspersky product except in old Kaspersky AV (no Application Control / Intrusion Prevention)

 

[Smoke]

Does the protection level of this config suffer if you disable Kaspersky's firewall?

I tend to just run simplewall in default deny, I haven't found an AV firewall that does it as well simplewall yet.

 

[harlan4096]

Do you mean to disable K. FireWall?

 

[Smoke]

Do you mean to disable K. FireWall?

Yes. I typically disable any included FW as I prefer using simplewall but if it will drastically reduce the protection of kaspersky then I will have to re-think.

 

[harlan4096]

---

K.'s FW is closely related to Intrusion Prevention module, but in any case it can be deactivated independently.

 

[Trident]

Kaspersky firewall is way more robust than SimpleWall and is probably the number one firewall, as all others manage just processes, whereas Kaspersky can manage objects. E.g on Kaspersky you will be able to allow one Java app to connect and block a second one, whereas on many firewalls, including SimpleWall you will be able to control javaw.exe and it will affect all Java apps. It can also be fully auto-managed by reputation. I would suggest anyone to use that and not some freebies for a firewall.

 

[Smoke]

I'm more than happy to give up Simplewall if I can get another firewall running with Default Deny, can Kaspersky do Default Deny with notifications when something tries to make a connection allowing me to decide the outcome? If so how would I go about setting that up?

Thanks.

 

[harlan4096]

an Kaspersky do Default Deny with notifications when something tries to make a connection allowing me to decide the outcome? If so how would I go about setting that up?

Yes, You can set to Interactive Mode the product, and then set to "Ask User" all the trusting groups:



Or directly set Allow or Ask User, one by one, any app or own created groups of apps.

But if You set to Ask User the full Trusted group, You will get a bunch / a hell of notifications, of course

 

[Smoke]

Yes, You can set to Interactive Mode the product, and then set to "Ask User" all the trusting groups:

View attachment 276342

Or directly set Allow or Ask User, one by one, any app or own created groups of apps.

But if You set to Ask User the full Trusted group, You will get a bunch / a hell of notifications, of course

So I decided to set the full Trusted group to Ask User but I'm not getting any notifications at all regarding the firewall.

 

[harlan4096]

You have to set also Interactive Mode, deactivating:

 

[Smoke]

Ok I managed to find the setting you mentioned hidden away in the File Anti-Virus section of the UI. Does this mean I can't have the Firewall be the only part which is Ask User, I'll have to have the Anti-Virus part also linked to that setting?

 

[harlan4096]

That setting is Settings -> Security Settings -> Exclusions and actions on object detection, not in File Anti-Virus:

Exclusions and actions on object detection

support.kaspersky.com

When You set Interactive Mode in K. some protection modules get also in Interactive Mode, but still You may set them to auto remove, for example, I'm in Interactive Mode but my File-AV module is set as:

The same can be set for on demands Scanning tasks, System Watcher, Safe Browsing...

 

[superleeds27]

Encrypted connection scan: do not scan

Any reason why you've changed this?