Hot Take RoboMan's Kaspersky 2023 Light & Solid Settings

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
But, I have being doing some checking and restricting those folders in the way of: all UnTrusted, except the browser services/executables, may lead to severe issues 🤔

I tried with my KPlus RC 21.13 and got issues in Edge and FireFox (no tried with Chrome)... probably because there are additional external dependencies.
 
  • Like
Reactions: Berny and piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
I think in FF is: C:\Users\<user account>\AppData\Roaming\Mozilla\Firefox\Profiles
Correct, corrected.

But, I have being doing some checking and restricting those folders in the way of: all UnTrusted, except the browser services/executables, may lead to severe issues 🤔

I tried with my KPlus RC 21.13 and got issues in Edge and FireFox (no tried with Chrome)... probably because there are additional external dependencies.
I am curious to test this, but I trust your tests, I believe that yes, there must be problems with additional dependencies, if there was a way to leave as read-only and read and write permission and only the browser process as reliable for example msedge.exe, it would help. I have already tested with hips, but I still can't, all attempts without success, when I allow one thing it allows everything and when I block the access the browser doesn't even open, it crashes.
 
  • Like
Reactions: harlan4096

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
I still have to confirm in a 21.13 final, will do when have time in my old lap.
Yes, I think it may not work that way, because the "USER DATA" folder contains the profile and all the browser data, like extensions, bookmarks, so if you use *. you will be protecting folders and subfolders, so I think that presents problems, as you can't protect individual files, you end up allowing everything or blocking everything, unless you could move the cookie files to a specific folder, but I don't think that would be possible at least as far as I know.
 
  • Like
Reactions: harlan4096

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
But yes, You can protect also specific files with Kaspersky IP rules, You only need to know which files to protect and create the rules, but this time 1 rule per file if different extensions.
 
  • Like
Reactions: Berny and piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
But yes, You can protect also specific files with Kaspersky IP rules, You only need to know which files to protect and create the rules, but this time 1 rule per file if different extensions.
Yes, I understand, but the rule applies to a single file even if it is located in subfolders? in this case the browser? it will be a little difficult because there are several files that are part of the session along with cookies. You have tried to protect only folders and subfolders "User Data\Default" because it has Session Storage, Service Worker, Sessions, Storage, Sync Data it's complicated. :LOL:
 
  • Like
Reactions: harlan4096

Smoke

Level 4
Verified
Well-known
Dec 7, 2014
181
Does the protection level of this config suffer if you disable Kaspersky's firewall?

I tend to just run simplewall in default deny, I haven't found an AV firewall that does it as well simplewall yet.
 
  • Like
Reactions: simmerskool

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Kaspersky firewall is way more robust than SimpleWall and is probably the number one firewall, as all others manage just processes, whereas Kaspersky can manage objects. E.g on Kaspersky you will be able to allow one Java app to connect and block a second one, whereas on many firewalls, including SimpleWall you will be able to control javaw.exe and it will affect all Java apps. It can also be fully auto-managed by reputation. I would suggest anyone to use that and not some freebies for a firewall.
 

Smoke

Level 4
Verified
Well-known
Dec 7, 2014
181
I'm more than happy to give up Simplewall if I can get another firewall running with Default Deny, can Kaspersky do Default Deny with notifications when something tries to make a connection allowing me to decide the outcome? If so how would I go about setting that up?

Thanks.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
an Kaspersky do Default Deny with notifications when something tries to make a connection allowing me to decide the outcome? If so how would I go about setting that up?

Yes, You can set to Interactive Mode the product, and then set to "Ask User" all the trusting groups:

1687273681497.png

Or directly set Allow or Ask User, one by one, any app or own created groups of apps.

But if You set to Ask User the full Trusted group, You will get a bunch / a hell of notifications, of course 😁
 

Smoke

Level 4
Verified
Well-known
Dec 7, 2014
181
Yes, You can set to Interactive Mode the product, and then set to "Ask User" all the trusting groups:

View attachment 276342

Or directly set Allow or Ask User, one by one, any app or own created groups of apps.

But if You set to Ask User the full Trusted group, You will get a bunch / a hell of notifications, of course 😁
So I decided to set the full Trusted group to Ask User but I'm not getting any notifications at all regarding the firewall.
avpui_zxWCcORdfH.png
 

Smoke

Level 4
Verified
Well-known
Dec 7, 2014
181
Ok I managed to find the setting you mentioned hidden away in the File Anti-Virus section of the UI. Does this mean I can't have the Firewall be the only part which is Ask User, I'll have to have the Anti-Virus part also linked to that setting?
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
That setting is Settings -> Security Settings -> Exclusions and actions on object detection, not in File Anti-Virus:


When You set Interactive Mode in K. some protection modules get also in Interactive Mode, but still You may set them to auto remove, for example, I'm in Interactive Mode but my File-AV module is set as:

1687281099577.png


The same can be set for on demands Scanning tasks, System Watcher, Safe Browsing...
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top