Advanced Plus Security Shmu26 Config in 2018

[XhenEd]

If at all the concerned app is risky and I allow some initial actions, the System Watcher+other restrictions+ZETA approach of Kaspersky (and my complementary protections) should further do the guarding.

ZETA Shield isn't in the current KL's products anymore. It has been removed at least 2 versions past.
Don't worry, though. They said that ZETA Shield has been "transferred" to the cloud. If I get them right, it's now part of signature updates.

 

[shmu26]

Why dislike KIS :/

well, I don't like KIS interactive mode because I don't always understand the prompt well enough, and I am afraid I will allow something that should be blocked, and shoot myself in the foot.

And without interactive mode, it is difficult to control those vulnerable processes that you sometimes need to allow, such as cmd.exe.

 

[Parsh]

ZETA Shield isn't in the current KL's products anymore. It has been removed at least 2 versions past.
Don't worry, though. They said that ZETA Shield has been "transferred" to the cloud. If I get them right, it's now part of signature updates.

I read in the (probably latest) available White paper at their site and it mentions that ZETA shield has been brought to Home products too.

Maybe it has been altered later. But if it gets anyways included in signature updates and the module removed from the product, then it won't be ZETA anymore.
ZETA's work is to capture data streams (not data files) on user workstations in realtime, analyse any unusual code or data, their interconnection (this helps to detect hidden or well-planned usually undetectable attack vectors), uses heuristics, consults KSN and thus protects against new exploits and targeted attacks. It analyses and compares data from and with home and corporate clients to get the best of potential attack data.
So it does consult KSN/is integrated with the cloud, but if its not included with the product, then it won't apparently be ZETA

 

[Parsh]

well, I don't like KIS interactive mode because I don't always understand the prompt well enough, and I am afraid I will allow something that should be blocked, and shoot myself in the foot.

And without interactive mode, it is difficult to control those vulnerable processes that you sometimes need to allow, such as cmd.exe.

I totally understand and kindof agree with this confusion in such situations. It can be a headache for average to advanced users too as you know.
I think if it is set to automatic, it will most likely make the best decision and usually allows most of the things.
Think this way, the unidentified and risky applications and their processes are already limited by KSN and application control. The alerts related to those apps are good to address (atleast for me, I prefer to).
If some thing that you wished to allow is disallowed by KIS (in auto mode, that should happen less, it mostly allows except when the activity is untrustable or risky), you can always check Application Activity to detect and reverse it.
If KIS allows a possibly dangerous activity by any process in Auto mode, its System Watcher, Anti-exploit and heuristic modules should mostly tackle the actual malicious activities that may follow. Though we can't always be sure.

There's where your rest of setup comes With KIS in auto-mode (as one might prefer), apps like reHIPS or VDS (or whatever) can be great complementary informers and blockers.

 

[XhenEd]

I read in the (probably latest) available White paper at their site and it mentions that ZETA shield has been brought to Home products too.
View attachment 140696
Maybe it has been altered later. But if it gets anyways included in signature updates and the module removed from the product, then it won't be ZETA anymore.
ZETA's work is to capture data streams (not data files) on user workstations in realtime, analyse any unusual code or data, their interconnection (this helps to detect hidden or well-planned usually undetectable attack vectors), uses heuristics, consults KSN and thus protects against new exploits and targeted attacks. It analyses and compares data from and with home and corporate clients to get the best of potential attack data.
So it does consult KSN/is integrated with the cloud, but if its not included with the product, then it won't apparently be ZETA

I too believed that ZETA Shield was still present. But I already asked Kaspersky Support about it a long time ago. I asked whether it is still in the Kaspersky products or not. An expert, through the Support, replied that ZETA Shield is no more, but is transferred to the cloud infrastructure.

 

[WinXPert]

Great config.

Maybe I have to use a rocket launcher to get past it

 

[Parsh]

Alright, cloud it is!
Yet, as long as the essence of its mechanism isn't disturbed or degraded, it should work effectively.
The data being sent to KSN cloud to feed to the ZETA and thus benefit the corporate and the home users should be great too

 

[XhenEd]

Alright, cloud it is!
Yet, as long as the essence of its mechanism isn't disturbed or degraded, it should work effectively.
The data being sent to KSN cloud to feed to the ZETA and thus benefit the corporate and the home users should be great too

But we can't be sure if it's still there in the cloud.

Anyway, regardless whether there is ZETA Shield or not, what is important is the protection of users. If ZETA Shield is scrapped, maybe Kaspersky employed another tech. Or that, they improved it in the cloud.

Not announcing the removal of components (e.g ZETA Shield) is one of the things I hated with Kaspersky. They could have at least told its users that this or that has been removed to be replaced by something better in the cloud. I salute Avast because they announce like this, like what they did to NG/Secure VM.

Recently, TAM's automatic activation is put into question. Maybe it's also scrapped without any word.

 

[Parsh]

Sorry but I think Peazip is more a secure option.
Here give it a peek @shmu26
Peazip: PeaZip | Free archiver, free RAR TAR ZIP files utility
I have used it for almost 2yrs now and very quickly fell in love with
it's functionality and ease of use.

How about Haozip?
Many formats here too, a very high compression ratio and here's what it claims:
- Powerful dual-core Trojan horse checking engine
- Without sacrificing the compression ratio, 40% faster than traditional compression software
- After thousands times of compression tests in laboratory, compression of Haozip is 30% higher than traditional compression software
- Original annotations for .7Z, high ability to repair damaged zip file
- selected a variety of functions including Batch Picture Converter
- Image Viewer to meet your needs
- Support decompression 50 formats
I use it in VM
PS: its a Chinese, was paid earlier

But we can't be sure if it's still there in the cloud.
Anyway, regardless whether there is ZETA Shield or not, what is important is the protection of users. If ZETA Shield is scrapped, maybe Kaspersky employed another tech. Or that, they improved it in the cloud.
Recently, TAM's automatic activation is put into question. Maybe it's also scrapped without any word.

Gotta find out.
TAM auto activation in which case? I freshly installed it (2017 latest build) and it didn't happen like that..

 

[_CyberGhosT_]

How about Haozip?

I am not sure brother as I have never herd of them.
I went straight from 7-zip that I used for years to PeaZip.
I will read up on this new one you mention, Thanks

 

[XhenEd]

Gotta find out.
TAM auto activation in which case? I freshly installed it (2017 latest build) and it didn't happen like that..

See? You didn't know that there is that "auto activation". Kaspersky really sucks with giving info to its users.

Read here and the posts that follow: Q&A - Kaspersky 2017 - Trusted Application Mode

 

[Winizsol]

Good config, thanks for sharing it!

 

[Parsh]

See? You didn't know that there is that "auto activation". Kaspersky really sucks with giving info to its users.

Read here and the posts that follow: Q&A - Kaspersky 2017 - Trusted Application Mode

I found the source: About Trusted Applications mode
The help file says, "Trusted Applications mode is enabled automatically if Kaspersky Internet Security analysis of the operating system and installed applications reveals that mostly trusted applications are used on the computer."

I installed KIS on a fresh Windows install. Shouldn't that be enough then, for KIS to automatically enable TAM on my Laptop?
It didn't! And if it has to, it should be a checkbox provided for TAM during/immediately after installation with a tick by default. Have you seen that?

 

[XhenEd]

I installed KIS on a fresh Windows install. Shouldn't that be enough then, for KIS to automatically enable TAM on my Laptop?
It didn't! And if it has to, it should be a checkbox provided for TAM during/immediately after installation with a tick by default. Have you seen that?

Supposedly, TAM will analyze your system in several weeks. If it finds no obstacle, TAM will turn on. And that never happens. @Lockdown said that he tested Kaspersky for 6 months, but never got an auto-activation. That's why it's not certain whether that option is still there or not. Probably not, despite that it's mentioned in the current version's official help file.

 

[shmu26]

Great config.

Maybe I have to use a rocket launcher to get past it

thanks
actually, I am not even using ReHIPS at its full capabilities. I use standard settings, more or less. I like the anti-exe and application control. It puts you in charge of your system.

 

[shmu26]

I am giving Comodo another try

Proactive config, HIPS without autosandbox

 

[Rengar]

I am giving Comodo another try

Proactive config, HIPS without autosandbox

Set Hips to Paranoid

 

[shmu26]

Set Hips to Paranoid

can you live that way?

 

[Deleted member 178]

can you live that way?

i did

 

[shmu26]

i did

tell me, Umbra, if HIPS is in safe mode, how much protection do you get for memory, dll and driver attacks?
I am assuming that the good protection you have mentioned is only for paranoid mode, correct?