- Jun 15, 2023
- 226
Can it block scripts or filetypes protected by simple windows hardening, malicious drivers or execution of lolbins?
@harlan4096 what's your knowledge on this.
@harlan4096 what's your knowledge on this.
What types of attacks or files a hardened kaspersky application control can protect against?
- Thread starter Azazel
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
Xeno1234
Level 14
- Jun 12, 2023
- 699
Application Control can be configured to block untrusted files from running, or have restrictions on them.
The best hardening would be to make it where they can’t run, this includes scripts. Anything not signed by something super popular (assuming your following Harlan’s configuration), cannot start unless you manually put it into the trusted group.
So, it could technically block malware from using lol bins as it couldn’t start. If it’s signed by windows though or a popular signed vendor, the hardening will do nothing.
- Nov 19, 2014
- 2,346
Forgetting signatures and stuff Kaspersky mostly aims to stop the first step of an infection which is usually a script/application etc running with the application control module. If that somehow whitelists an infected file as trusted then no protection can happen. You should harden Kaspersky following the guides found on this site by @harlan4096 and it should be fine for most cases.
Now if you are really paranoid and you want to minimise the danger of lolbins then it's a lot easier to use Hard Configurator by @Andy Ful and click a few times to disable everything without thinking too much.
Now if you are really paranoid and you want to minimise the danger of lolbins then it's a lot easier to use Hard Configurator by @Andy Ful and click a few times to disable everything without thinking too much.
- Apr 28, 2015
- 8,672
Windows LOLBins are considered Trusted by KSN, since Microsoft digitally signs them. But We can move them manually to UnTrusted group, K. will warn You about this movement as You are moving a Windows legit file to UnTrusted, but it will allow You to do so.
Scripts of course can be blocked, dlls and other executable file files...
Scripts of course can be blocked, dlls and other executable file files...
Xeno1234
Level 14
- Jun 12, 2023
- 699
If it’s placed in trusted Kaspersky still monitors it. By default signed files are placed in trusted and Kaspersky detects signed malware - I’d be extremely disappointed if it whitelists it.
- Jun 15, 2023
- 226
@harlan4096 ,
does a hardened Kaspersky application control provide similar protection to cyberlock.
does a hardened Kaspersky application control provide similar protection to cyberlock.
- Apr 28, 2015
- 8,672
I don't know, since I haven't tested CyberLock lately, I ran some malware tests in Malware Hub some years ago with VodoShield...
- Jun 15, 2023
- 226
Other than reputation-based application blocking like WDAC with ISG, does application control have an automatic Intrusion Prevention System or HIPS?
- Apr 28, 2015
- 8,672
There are predefined rules by default, that You can modify and change to Your taste...
- Jun 15, 2023
- 226
- Apr 1, 2017
- 1,760
- Apr 28, 2015
- 8,672
There is no K. specific resource about to learn it, but You can check some sticky threads with K. tweaks posted in recent years, there You can find how to find the resources and how to adjust them
Also:
Hot Take - Hardening the Low Restricted Group
Recently I created a new small guide about how to harden the Low Restricted settings (Intrusion Prevention module), where are moved all the unknown apps by default. These tweaks are less aggressive than my previous ones in Default Deny guide. Here You are the link located at Kaspersky...
malwaretips.com
Similar threads
-
- Sticky
