Advanced Plus Security Shmu26 Config in 2018

Last updated
Dec 28, 2018
Windows Edition
Pro
Security updates
Allow security updates and latest features
User Access Control
Always notify
Real-time security
Windows Defender with ConfigureDefender
Software Restriction Policy with Hard_Configurator
Firewall security
Microsoft Defender Firewall
Periodic malware scanners
Macrium Reflect does the job just fine...
Malware sample testing
I do not participate in malware testing
Browser(s) and extensions
Chrome
Edge
Maintenance tools
Hard_Configurator, SysHardener, BandiZip, PatchCleaner, autoruns
File and Photo backup
Dropbox
OneDrive
GoogleDrive
System recovery
Macrium Reflect, Timeshift (Ubuntu)

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
If at all the concerned app is risky and I allow some initial actions, the System Watcher+other restrictions+ZETA approach of Kaspersky (and my complementary protections) should further do the guarding.
ZETA Shield isn't in the current KL's products anymore. It has been removed at least 2 versions past. :D
Don't worry, though. They said that ZETA Shield has been "transferred" to the cloud. If I get them right, it's now part of signature updates. :)
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Why dislike KIS :/
well, I don't like KIS interactive mode because I don't always understand the prompt well enough, and I am afraid I will allow something that should be blocked, and shoot myself in the foot.

And without interactive mode, it is difficult to control those vulnerable processes that you sometimes need to allow, such as cmd.exe.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
ZETA Shield isn't in the current KL's products anymore. It has been removed at least 2 versions past. :D
Don't worry, though. They said that ZETA Shield has been "transferred" to the cloud. If I get them right, it's now part of signature updates. :)
I read in the (probably latest) available White paper at their site and it mentions that ZETA shield has been brought to Home products too.
Screenshot (44).png
Maybe it has been altered later. But if it gets anyways included in signature updates and the module removed from the product, then it won't be ZETA anymore.
ZETA's work is to capture data streams (not data files) on user workstations in realtime, analyse any unusual code or data, their interconnection (this helps to detect hidden or well-planned usually undetectable attack vectors), uses heuristics, consults KSN and thus protects against new exploits and targeted attacks. It analyses and compares data from and with home and corporate clients to get the best of potential attack data.
So it does consult KSN/is integrated with the cloud, but if its not included with the product, then it won't apparently be ZETA :)
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
well, I don't like KIS interactive mode because I don't always understand the prompt well enough, and I am afraid I will allow something that should be blocked, and shoot myself in the foot.

And without interactive mode, it is difficult to control those vulnerable processes that you sometimes need to allow, such as cmd.exe.
I totally understand and kindof agree with this confusion in such situations. It can be a headache for average to advanced users too as you know.
I think if it is set to automatic, it will most likely make the best decision and usually allows most of the things.
Think this way, the unidentified and risky applications and their processes are already limited by KSN and application control. The alerts related to those apps are good to address (atleast for me, I prefer to).
If some thing that you wished to allow is disallowed by KIS (in auto mode, that should happen less, it mostly allows except when the activity is untrustable or risky), you can always check Application Activity to detect and reverse it.
If KIS allows a possibly dangerous activity by any process in Auto mode, its System Watcher, Anti-exploit and heuristic modules should mostly tackle the actual malicious activities that may follow. Though we can't always be sure.

There's where your rest of setup comes :) With KIS in auto-mode (as one might prefer), apps like reHIPS or VDS (or whatever) can be great complementary informers and blockers.
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I read in the (probably latest) available White paper at their site and it mentions that ZETA shield has been brought to Home products too.
View attachment 140696
Maybe it has been altered later. But if it gets anyways included in signature updates and the module removed from the product, then it won't be ZETA anymore.
ZETA's work is to capture data streams (not data files) on user workstations in realtime, analyse any unusual code or data, their interconnection (this helps to detect hidden or well-planned usually undetectable attack vectors), uses heuristics, consults KSN and thus protects against new exploits and targeted attacks. It analyses and compares data from and with home and corporate clients to get the best of potential attack data.
So it does consult KSN/is integrated with the cloud, but if its not included with the product, then it won't apparently be ZETA :)
I too believed that ZETA Shield was still present. But I already asked Kaspersky Support about it a long time ago. I asked whether it is still in the Kaspersky products or not. An expert, through the Support, replied that ZETA Shield is no more, but is transferred to the cloud infrastructure. :)
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Alright, cloud it is!
Yet, as long as the essence of its mechanism isn't disturbed or degraded, it should work effectively.
The data being sent to KSN cloud to feed to the ZETA and thus benefit the corporate and the home users should be great too
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Alright, cloud it is!
Yet, as long as the essence of its mechanism isn't disturbed or degraded, it should work effectively.
The data being sent to KSN cloud to feed to the ZETA and thus benefit the corporate and the home users should be great too
But we can't be sure if it's still there in the cloud. :D

Anyway, regardless whether there is ZETA Shield or not, what is important is the protection of users. If ZETA Shield is scrapped, maybe Kaspersky employed another tech. Or that, they improved it in the cloud.

Not announcing the removal of components (e.g ZETA Shield) is one of the things I hated with Kaspersky. They could have at least told its users that this or that has been removed to be replaced by something better in the cloud. I salute Avast because they announce like this, like what they did to NG/Secure VM.

Recently, TAM's automatic activation is put into question. Maybe it's also scrapped without any word. :D
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Sorry but I think Peazip is more a secure option.
Here give it a peek @shmu26
Peazip: PeaZip | Free archiver, free RAR TAR ZIP files utility
I have used it for almost 2yrs now and very quickly fell in love with
it's functionality and ease of use.
How about Haozip?
Many formats here too, a very high compression ratio and here's what it claims:
- Powerful dual-core Trojan horse checking engine
- Without sacrificing the compression ratio, 40% faster than traditional compression software
- After thousands times of compression tests in laboratory, compression of Haozip is 30% higher than traditional compression software
- Original annotations for .7Z, high ability to repair damaged zip file
- selected a variety of functions including Batch Picture Converter
- Image Viewer to meet your needs
- Support decompression 50 formats
I use it in VM
PS: its a Chinese, was paid earlier

But we can't be sure if it's still there in the cloud. :D
Anyway, regardless whether there is ZETA Shield or not, what is important is the protection of users. If ZETA Shield is scrapped, maybe Kaspersky employed another tech. Or that, they improved it in the cloud.
Recently, TAM's automatic activation is put into question. Maybe it's also scrapped without any word. :D
Gotta find out.
TAM auto activation in which case? I freshly installed it (2017 latest build) and it didn't happen like that..
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
See? You didn't know that there is that "auto activation". Kaspersky really sucks with giving info to its users. :D

Read here and the posts that follow: Q&A - Kaspersky 2017 - Trusted Application Mode
I found the source: About Trusted Applications mode
The help file says, "Trusted Applications mode is enabled automatically if Kaspersky Internet Security analysis of the operating system and installed applications reveals that mostly trusted applications are used on the computer."
I installed KIS on a fresh Windows install. Shouldn't that be enough then, for KIS to automatically enable TAM on my Laptop? :)
It didn't! And if it has to, it should be a checkbox provided for TAM during/immediately after installation with a tick by default. Have you seen that?
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
I installed KIS on a fresh Windows install. Shouldn't that be enough then, for KIS to automatically enable TAM on my Laptop? :)
It didn't! And if it has to, it should be a checkbox provided for TAM during/immediately after installation with a tick by default. Have you seen that?
Supposedly, TAM will analyze your system in several weeks. If it finds no obstacle, TAM will turn on. And that never happens. @Lockdown said that he tested Kaspersky for 6 months, but never got an auto-activation. That's why it's not certain whether that option is still there or not. Probably not, despite that it's mentioned in the current version's official help file. :)
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Great config.

Maybe I have to use a rocket launcher to get past it :)
thanks
actually, I am not even using ReHIPS at its full capabilities. I use standard settings, more or less. I like the anti-exe and application control. It puts you in charge of your system.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top