KAV/KIS 2013 Beta - Final

Re: KAV/KIS 2013 Beta

No, only Win8 PR: -http://www.kaspersky.com/pt/downloads/pdf/kaspersky_lab_whitepaper_windows_8_consumer_preview_eng.pdf-

 

Re: KAV/KIS 2013 Beta

Ok, thanks Interesting read btw.

 

Re: KAV/KIS 2013 Beta

Does anyone know why PDM was removed.. Possibly causing too many incompatibility issues ?

 

Re: KAV/KIS 2013 Beta

https://www.wilderssecurity.com/showpost.php?p=2025235&postcount=2

https://www.wilderssecurity.com/showpost.php?p=2025645&postcount=14

 

Re: KAV/KIS 2013 Beta

Is the HIPS enabled by default & does it give popups, lots of popups?

The safe run of KIS which is removed now, was like Comodo's restricted sandbox or full sandbox like thing? I remember seeing safe run option in popup when I tried it for once but never tried that option & dont know what actually it was.

 

Re: KAV/KIS 2013 Beta

HIPS/Application control is enabled and by default it gives nearly zero popups because of Automatic mode. If you want more popups, enable Interactive mode.

Full sandbox.

 

Re: KAV/KIS 2013 Beta

3x0g are u using the beta version now ? Is it usable or its slow becauses traces is still enabled ?

 

Re: KAV/KIS 2013 Beta

It's slow because code optimization isn't done yet, Application Verifier and traces slow it down additionally (but you can disable them manually).
The beta is still in the stabilization process/crash fixing, but they're getting close to relative stability (it's not crashing all the time but crashes do occur here and there).

 

Re: KAV/KIS 2013 Beta

Thanx for answering - il wait for a stable beta then

 

Re: KAV/KIS 2013 Beta

Build 13.0.0.3256 has been released. Based on a few hours of usage on my PC and the lack of crash bugreports from other users, it's relatively OK to use this beta if you've been waiting for "stability".
http://devbuilds.kaspersky-labs.com/devbuilds/KIS2013/13.0.0.3256/en/

Code optimization isn't completed yet. Additionally, Application Verifier and Traces are enabled by default. To disable them:

 

Re: KAV/KIS 2013 Beta

Thanks. I was just wondering if things had hit that point yet. Normally I start testing sooner but I really haven't been into it this year.

 

Re: KAV/KIS 2013 Beta

3x0gR13N,

wondering if this vulnerability is what the interviewee (ahem) was refering to in todays post: "Interesting Coversation with a Hacker"
https://www.wilderssecurity.com/showthread.php?t=324598

Can you give any advice re: regsevr32 hole you speak about? Move it to low restricted group? Will this mitigate -- or will it break something?

 

Re: KAV/KIS 2013 Beta

Without the actual sample I can't say much, but based on the description it's highly unlikely that those are the same "exploitations". The exploit the interviewee is speaking about is probably using some form of IPC/RPC (Inter Process Communication/Remote Procedure Calls), injecting code in other processes etc. to "malwaretize" trusted, privileged processes in doing the dirty work. There are some changes in Application control list of monitored events in 2013 which could address the issue: modifying address space of other processes is now monitored (at least on XP 32bit). But as I've said, it's difficult to say anything without the sample.

About regsvr32: putting regsvr32 in Low restricted would fix the issue demonstrated in the video. It's important to say that such method of infection is only possible if a trusted application is exploited into downloading a .dll, .tmp module and executing/"registering" the module via regsvr32- if the trusted application downloads and executes a "normal" executable which then uses regsvr32 to deliver it's payload Application Control would automatically restrict regsvr32 because it's started by an unknown executable (browser>unkn. executable>regsvr32 running a .dll).
The first action I would take in fixing the issue is keep your browsers updated, second- consider sandboxing it, thirdly consider manually configuring regsvr32 rules.

The same issue is present with java.exe- malicious/unknown .jar files have unlimited privileges because App Ctrl doesn't look at the .jar itself only java.exe. (same mitigation recommendations as above apply)

 

Re: KAV/KIS 2013 Beta

3x0gR13N,

Your expertise and clear explanation greatly appreciated.

Browser= updated
Browser=sandboxed
Will try configuring regsvr32 (move to low restricted, at least)

The tip about java helps in grasping how KIS functions and what to consider in additional configuration (somewhat new to this).

It's good to know KAV/KIS has great beta testers. The back-handed compliment that the guy gave Kaspersky is encouraging, and I am looking forward to KIS 2013.

 

Re: KAV/KIS 2013 Beta

Is the Proactive Defense Module still included in Kaspersky Endpoint Security?

 

Re: KAV/KIS 2013 Beta

No, only System watcher: http://support.kaspersky.com/kes8wks/protect?qid=208285371

 

Re: KAV/KIS 2013 Beta

august is the release

 

Re: KAV/KIS 2013 Beta

Possibly, depending on what country you are in, but if this year is like most others they will finalize a build for release (or at least a Technical Release) sometime in June. I found build 13.0.0.3275 to be very good. A couple of issues with newer builds since have caused me to stop testing... for now. I expect the final product will be quite good, if none of those issues persist.

 

Re: KAV/KIS 2013 Beta

http://forum.kaspersky.com/index.php?showtopic=237050
Build 13.0.0.3370 has been released as Release Candidate: http://devbuilds.kaspersky-labs.com/devbuilds/KIS2013/13.0.0.3370(RC)/
(if you don't see the installer, be patient as the servers get synced)

 

Re: KAV/KIS 2013 Beta

this means this version will be retailed?

 

Re: KAV/KIS 2013 Beta

No, as there are still likely to be further release candidate & then TRs (Technical Releases) but this will form the basis of the eventual retail release...as far as I understand.

 

Re: KAV/KIS 2013 Beta

Using the technical preview - no problems yet

 

Re: KAV/KIS 2013 Beta

i went to their forum and they said that unless there are some critical bugs....this build will be the TR.

 

Re: KAV/KIS 2013 Beta

Even if it becomes the Technical Release it will still be repackaged before it goes retail...that is how it has been with all the previous releases as far as I can recall.

 

Re: KAV/KIS 2013 Beta

Hi, is KIS 2013 lighter than 2012? I'm not sure to go with it. I own a license of KIS but version 2012 is a resource hog