Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
Trade-off: Windows Virtualization-based Security VS Kaspersky Functionalities
Message
<blockquote data-quote="ExecutiveOrder" data-source="post: 962553" data-attributes="member: 93099"><p>I need recommendations (and further explanation) on which to choose:</p><p></p><p><strong>1.)</strong> <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity" target="_blank">Hypervisor-Protected Code Integrity (HVCI)</a>/Memory Integrity <strong>VS </strong>Kaspersky with "better" System Watcher & <a href="https://support.kaspersky.com/common/safemoney/13713" target="_blank">Protected Browser/Safe Money additional functionality</a>.</p><p>[ATTACH=full]261515[/ATTACH] [ATTACH=full]261506[/ATTACH]</p><p>When HVCI (or any VBS) is enabled, Kaspersky protection using hardware virtualization becomes unavailable.</p><p>Back then <a href="https://community.kaspersky.com/kaspersky-free-for-windows-72/hardware-virtualization-security-features-safe-money-or-other-features-compare-to-windows-memory-integrity-11783" target="_blank">I asked the Kaspersky community</a>. According to Kaspersky Employee, other than Safe Money, virtualization is also used in System Watcher in certain scenarios (I'm not sure which).</p><p>Also, he said that "Kaspersky products definitely protect from the injection and execution of malicious or unverified code with the help of File Anti-Virus, System Watcher and Application Control." suggesting that Kaspersky could protect users from threat just like HVCI except it's not by isolated area of system memory but protecting it from malicious code injection.</p><p></p><p>With all of this information, it seems that both are good with their trade-off, but for me, HVCI is more important especially with isolated secure system memory areas and easy pick.</p><p></p><p><strong>2.)</strong> <a href="https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard" target="_blank">Credential-Guard</a> VS <a href="https://support.kaspersky.com/15512" target="_blank"><strong>Various Kaspersky Functionalities</strong></a></p><p>[ATTACH=full]261509[/ATTACH]</p><p></p><p>First managed to activate both HVCI and Credential Guard but I have to reinstall my android emulator because it needs to run with Hyper-V if Windows VBS is enabled but after that, I had trouble with credential guard (only HVCI enabled) and have to find ways to fix it. After I fixed it look like this:</p><p>[ATTACH=full]261510[/ATTACH]</p><p>(At first, IIRC WD App Ctrl <u>user mode policy</u> set to off, and <u>policy</u> is enforced). Immediately after I managed to fix it, I suddenly got this warning message from Kaspersky (after I close it, there's no warning appears anywhere, not even in reports):</p><p>[ATTACH=full]261511[/ATTACH]</p><p>I'm using Windows 10 Pro 21H1 but it still generates this warning, most likely article above forget this version exists.</p><p>Which "<a href="https://support.kaspersky.com/15512" target="_blank">Learn more</a>" hyperlink leads to limitation details above, even worse for older Windows: limitations against file-encrypting malware and screen lockers (only these two), most likely if System Watcher is the last resort. AFAIK, limitations mean there's still functionality but will not be optimal, except it directly said that certain functionality won't work at all.</p><p></p><p>I think is both are important but the Kaspersky functionality trade-off is a bit too much variety compared to <a href="https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard" target="_blank">Credential Guard</a>.</p><p>Still, no idea what three kinds of three browser protection mean, also what kind of unauthorized remote access is, RCE?</p><p>Any suggestions for my case (latest Windows)?</p></blockquote><p></p>
[QUOTE="ExecutiveOrder, post: 962553, member: 93099"] I need recommendations (and further explanation) on which to choose: [B]1.)[/B] [URL='https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity']Hypervisor-Protected Code Integrity (HVCI)[/URL]/Memory Integrity [B]VS [/B]Kaspersky with "better" System Watcher & [URL='https://support.kaspersky.com/common/safemoney/13713']Protected Browser/Safe Money additional functionality[/URL]. [ATTACH type="full"]261515[/ATTACH] [ATTACH type="full" alt="1635252933916.png"]261506[/ATTACH] When HVCI (or any VBS) is enabled, Kaspersky protection using hardware virtualization becomes unavailable. Back then [URL='https://community.kaspersky.com/kaspersky-free-for-windows-72/hardware-virtualization-security-features-safe-money-or-other-features-compare-to-windows-memory-integrity-11783']I asked the Kaspersky community[/URL]. According to Kaspersky Employee, other than Safe Money, virtualization is also used in System Watcher in certain scenarios (I'm not sure which). Also, he said that "Kaspersky products definitely protect from the injection and execution of malicious or unverified code with the help of File Anti-Virus, System Watcher and Application Control." suggesting that Kaspersky could protect users from threat just like HVCI except it's not by isolated area of system memory but protecting it from malicious code injection. With all of this information, it seems that both are good with their trade-off, but for me, HVCI is more important especially with isolated secure system memory areas and easy pick. [B]2.)[/B] [URL='https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard']Credential-Guard[/URL] VS [URL='https://support.kaspersky.com/15512'][B]Various Kaspersky Functionalities[/B][/URL] [ATTACH type="full" alt="1635253146730.png"]261509[/ATTACH] First managed to activate both HVCI and Credential Guard but I have to reinstall my android emulator because it needs to run with Hyper-V if Windows VBS is enabled but after that, I had trouble with credential guard (only HVCI enabled) and have to find ways to fix it. After I fixed it look like this: [ATTACH type="full" alt="1635253823948.png"]261510[/ATTACH] (At first, IIRC WD App Ctrl [U]user mode policy[/U] set to off, and [U]policy[/U] is enforced). Immediately after I managed to fix it, I suddenly got this warning message from Kaspersky (after I close it, there's no warning appears anywhere, not even in reports): [ATTACH type="full" alt="1635253954509.png"]261511[/ATTACH] I'm using Windows 10 Pro 21H1 but it still generates this warning, most likely article above forget this version exists. Which "[URL='https://support.kaspersky.com/15512']Learn more[/URL]" hyperlink leads to limitation details above, even worse for older Windows: limitations against file-encrypting malware and screen lockers (only these two), most likely if System Watcher is the last resort. AFAIK, limitations mean there's still functionality but will not be optimal, except it directly said that certain functionality won't work at all. I think is both are important but the Kaspersky functionality trade-off is a bit too much variety compared to [URL='https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard']Credential Guard[/URL]. Still, no idea what three kinds of three browser protection mean, also what kind of unauthorized remote access is, RCE? Any suggestions for my case (latest Windows)? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
