TAM blocking dropbox

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Jul 3, 2015
8,148
1
31,237
8,388
Middle Earth
after enabling TAM with default settings, it prevented dropbox desktop app from syncing.
I had to grant it special permissions in order to get it to work.
Why does this happen, and maybe TAM is preventing certain programs from updating, without my knowledge?
 
As far as I know, TAM shouldn't be blocking internet traffic. What it should block are non-whitelisted software or parts of software.
I also don't see anything about this blocking of internet traffic in Kaspersky's official paper.
 
  • Like
Reactions: _CyberGhosT_ and Mihir :-)
I think the problem was that I unticked "trust digitally signed applications" in the Application Control Settings. Now it seems to be working.

EDIT: after another reboot, dropbox stopped syncing again. The behavior is erratic.
 
Last edited:
You can find this behaviour if You don't trust signed applications, and some users also say when there is no internet connection... TAM (Trusted Application Mode), the acronym just say it, if We disable trusting signing applications (whielisting), although We still have KSN rules, We are cutting one of big bases of TAM :D

We can find this specially, for instance, with new versions of applications... but in general, going to TAM settings -> manage blocked applications, and allowing there the application to Start, or via Application Control (manage Applications) -> Start, and find the applications located in Blocked StartUp and allowing them, should fix the issue.

I have always TAM enabled and untrusting signed applications, and in general not having any issues, sometimes as I said before, We can find a blocked application, but allowing them manually should solve the problems...
 
  • Like
Reactions: Ink, XhenEd, _CyberGhosT_ and 1 other person
harlan4096 said:
You can find this behaviour if You don't trust signed applications, and some users also say when there is no internet connection... TAM (Trusted Application Mode), the acronym just say it, if We disable trusting signing applications (whielisting), although We still have KSN rules, We are cutting one of big bases of TAM :D

We can find this specially, for instance, with new versions of applications... but in general, going to TAM settings -> manage blocked applications, and allowing there the application to Start, or via Application Control (manage Applications) -> Start, and find the applications located in Blocked StartUp and allowing them, should fix the issue.

I have always TAM enabled and untrusting signed applications, and in general not having any issues, sometimes as I said before, We can find a blocked application, but allowing them manually should solve the problems...
Click to expand...
the funny thing here is dropbox doesn't appear in the list of blocked applications, and kaspersky doesn't give any warning about blocking it. Even though dropbox is in the list of trusted apps in TAM, it still can't sync, unless I give it special permissions.
 
Ok, if dropbox can't sync then maybe is an issue with encrypted connections... in Settings -> Additional -> NetWork -> Encrypted connections scanning, how do You have this setting?.

You can try to create an exclusion for dropbox services/executables and its encrypted traffic in Settings -> Additional -> Threats & Exclusions -> Specify Trusted Applications, something similar to this but with dropbox:
0s5ebdy.png
 
  • Like
Reactions: Ink
okay, I think I got it sorted out now.
I uninstalled dropbox, and reinstalled.
after the reinstall, I saw a lot more subprocesses under the heading of dropbox.
I think that TAM failed to detect some of the subprocesses, so it didn't know whether to allow them or not, and gave unreliable results. Now it sees all of them, and allows them , even though I did not enable trust for digitally signed apps.
 
  • Like
Reactions: harlan4096 and XhenEd
It's ok, I also don't trust in digitally signed applications ;)
 
  • Like
Reactions: shmu26
harlan4096 said:
It's ok, I also don't trust in digitally signed applications ;)
Click to expand...
I see you have unknown apps set at high restricted. Does this cause any problems? And what is the Kaspersky default setting for this?
 
You see, my settings are quite paranoid :rolleyes:

Kaspersky defaults settings for that is: Select trust group automatically...

Well, not signed digitally applications and/or those still unknown in KSN are sent in 1st run to High Restricted group (as I set, of course) but it's normal behaviour, since this is very paranoid setting :D, but if You trust that applications and are really trusted, just moving them manually to Trusted group does the trick.

With TAM on, sending to High Restricted group unknown applications and untrusting digitally unsigned ones, We are in a "default deny" environment :) I like it :cool:
 
  • Like
Reactions: shmu26
harlan4096 said:
You see, my settings are quite paranoid :rolleyes:

Kaspersky defaults settings for that is: Select trust group automatically...

Well, not signed digitally applications and/or those still unknown in KSN are sent in 1st run to High Restricted group (as I set, of course) but it's normal behaviour, since this is very paranoid setting :D, but if You trust that applications and are really trusted, just moving them manually to Trusted group does the trick.

With TAM on, sending to High Restricted group unknown applications and untrusting digitally unsigned ones, We are in a "default deny" environment :) I like it :cool:
Click to expand...
if you untrust digitally signed applications, and you place everything unknown,and everything that starts before Kaspersky, in the high restricted group, isn't that the same effect as TAM, more or less?
 
  • Like
Reactions: harlan4096
Not exactly the same, TAM only restricts start/execution of applications, and in High Restricted group there are many others system resources/rules/rights that are controlled, but yes, in that point of execution, would be similar effect in many cases...
 
harlan4096 said:
Not exactly the same, TAM only restricts start/execution of applications, and in High Restricted group there are many others system resources/rules/rights that are controlled, but yes, in that point of execution, would be similar effect in many cases...
Click to expand...
for some reason, TAM seems to slow down the starting of programs, even the approved programs. Some programs start up very, very slow, at least on the first execution of the current session. But with TAM turned off, they start up normally, even with paranoid settings in application control.
 
  • Like
Reactions: XhenEd
shmu26 said:
for some reason, TAM seems to slow down the starting of programs, even the approved programs. Some programs start up very, very slow, at least on the first execution of the current session. But with TAM turned off, they start up normally, even with paranoid settings in application control.
Click to expand...
Fortunately, I'm not the only one experiencing this!
One of the reasons why I disabled TAM is because of very, very slow startup of some programs, even though they're "trusted".
 
  • Like
Reactions: shmu26
I think putting application control on paranoid settings should give pretty good protection. Even if malware executes, it can't actually do damage.

But whatever settings you use, you still need protection against process hollowing and exploits of that type, where the malware appears as a known and trusted app, and inherits its permissions. Any ideas how to improve protection in that area?
 
shmu26 said:
I think putting application control on paranoid settings should give pretty good protection. Even if malware executes, it can't actually do damage.

But whatever settings you use, you still need protection against process hollowing and exploits of that type, where the malware appears as a known and trusted app, and inherits its permissions. Any ideas how to improve protection in that area?
Click to expand...
You're pretty much covered.
Kaspersky has Automatic Exploit Prevention for exploit protection. It has also protection against process hollowing (he would say above average protection), according to a member of Wilders.
 
  • Like
Reactions: harlan4096 and shmu26
In general I have not been experiencing slowdowns running applications with TAM on, well maybe on 1st run when it has to be categorized, but once it is allowed, didn't notice much slowdown, anyway every system is a different world ;)

About to improve Kaspersky anti-exploit protection with a companion, sometimes I use MW-AE Free and KeyScrambler Free alongside my KTS2016 but probably They are not necessary :)
 
Last edited:
  • Like
Reactions: shmu26 and XhenEd
Does Application Control apply to anything that executes, including scripts and BAT files etc, or is it only for exe files?
 
Yes, just go to Microsoft group in Trusted, and check... .exe .dll .com .bat .msc etc. even .cpl and .tmp could appear...
 
Status
Not open for further replies.

You may also like...