Kaspersky (KAV/KIS) 2013 settings & tweaks thread

I have KIS 2013 running pretty well on one of my desktops. One setting I made was to uncheck the "trust applications with digital signature" which is checked by default. Also I made a setting change to move unknown applications to untrusted. I also disabled the web, mail and IM antivirus and also disabled anti-spam. I noticed under the anti-banner settings there is a setting to have IP addresses resolved to domain names. Is there a similar setting for the firewall / network monitor connections? Any other tweaks to KIS 2013 people would like to share?

 

Uncheck "Perform Idle Scan & Regular RootKit" Scan In General Settings.

 

Why? It doesn't run during regular PC usage, only if the screensaver is active more than 5 minutes or user is logged off.
http://support.kaspersky.com/faq/?qid=208286053

There's no performance impact on regular PC usage.

@acr1965
you'll need to be more specific as to what you want to change in terms of security/performance.

 

I had KIS set to move unknown files to untrusted and was doing a Windows update. The Windows update would not install until I paused KIS protection. There was no warning from KIS that a file had been moved to untrusted, I presume that is why the Windows update was not successful initially. Is there a warning or pop up message that a file has been moved to untrusted status? It would seem that KIS would issue some notification.

 

Not by default, but you can enable it somewhere in Settings -> Miscellaneous (the toolbox in the left panel) -> Notifications. I don't have KIS on this system so I can't tell the exact instructions.

 

The settings for Kaspersky on free ZA AV/Firewall are greyed-out and if you want granular control, you have to upgrade the paid version.

For home users, the default is good enough but for power users the trade-off may not be acceptable.

 

Thanks- I found some notifications regarding application control that were not checked. That seemed to do the trick.

 

I'd enable the 'other' detection category in settings.

Settings->Cardboard box icon->'Detection of the following...' settings and tick other.

 

Yes, I did that. Are there any tests that show KIS with the settings of moving unknown to untrusted? Is there any particular family of malware which can bypass this setting? I've also unchecked the 'trust digitally signed apps' or whatever the wording is.

 

I've wondered and never seen a clear answer... does it just trust something with a digital signature? Does it try to verify the signature is valid? Is there a whitelist of known good signatures? A blacklist of bad ones?

 

Simply start an application that is not widely known or disable trust of applications that are known in KSN in addition to disabling trust digitally signed apps.

Digital signature must be valid, the list of trusted vendors is maintained by KSN, digitally signed malware can be blacklisted in KSN before the digital signature that malware used is revoked by CA.
MS dig. sig. are trusted even if you disable trust digitally signed apps.

 

With that one setting change alone kaspersky is more or less bulletproof.
Nothing malicious gets by at all.Ive tried it myself.

 

Sounds like there is no reason to disable the trusting of digitally signed applications then, which was what I suspected anyway. Thanks for the reply.

 

Mine shows MS digitally signed are blocked and I've attached a picture. Also, I tried to launch task manager (dig. sig. by MS) and it was blocked. I moved TM to trusted apps and it launched normally. I then deleted the rule and tried to launch MS again and it automatically was added to trusted programs.

 

If you have Kaspersky AV AND are running Blue Coat K-9 Administration Web Filter, have K9 Filter. exe added to the Kaspersky Exclusion List.

It falsely reports K-9's website blocking action in the Windows Host File as a Trojan.Win32.Hosts2.gen virus. This is a false positive and engaging the Kaspersky advanced cleaning mode can make it impossible for you to get access on the Internet without a working Windows Hosts File - which it mistakenly thinks is affected by a known virus.

There are of course real viruses/trojans that try to modify the Windows Hosts for malicious purposes. Kaspersky is only doing its job warning you of a possible threat. Its also possible for it to report a threat where none exists as many security applications do modify the Hosts File to protect the operating system from online threats.

Hopefully, Kaspersky will come up with a fix to this false positive that pops up on a scan of Blue Coat K-9 and the Windows Hosts File.

 

Yes, this is the price you have to pay when using third party software that uses hosts file as a mean to block IP/sites. This is not what hosts file is designed for and it is not officially supported by Microsoft. The same was discussed in another thread. Rather then kaspersky to adapt to K9 it should be K-9 to find a better way to properly filter sites/IPs. This is not new as many (most) other security related software do not use this method to filter web traffic.

 

The idea is to make dangerous sites inaccessible. Of course you can enable a site on a case by case basis because there can be false positives in web filtering - some genuine sites have signatures akin to the bad ones and one should use one's judgment to decide whether to exclude a site from a web filter.

 

kis 2013 patch"c" released

http://forum.kaspersky.com/index.php?showtopic=248146

 

As far as I can see, only for testing at the moment.

 

its already released...update your databases and reboot and you can check that patch c is installed.

 

so a reboot is required?

 

yes a reboot is required

 

I rebooted and still show B

 

I don't think it has been released publicly as a final build. Otherwise the beta thread would've been updated to say so or an announcement somewhere.

 

It is released: http://support.kaspersky.com/9128