KIS 7 Proactive Defense Driving Me Nuts

I've been running KIS 7 for a while now in training mode and, while I like the package as a whole there's a couple of things that bug me.

Firstly, I play Day of Defeat: Source regularly and everytime I start the game KIS alerts me that the hl2.exe has changed. There's no option on the alert to add a rule or ignore the hl2.exe on future loads. I've tried putting hl2.exe in the trusted zone but it still pops up an alert. It's not a deal breaker but it is annoying.

Secondly, Proactive Defense is driving me (and more to the point my wife) nuts. I have a constant stream of alerts and even though I'm ticking the add to rules box, they keep coming. I use my PC every day and would have thought that most rules would have been established by now and the pop-ups would slow or stop.

Due to the pop-ups I've disabled Proactive Defense to appease the wife but I'm concerned that I'm crippling my defenses by doing this.

Along with KIS i run Superantispyware Pro and am behind a NAT Router.

Is it safe to leave Proactive Defense off? Or am I doing something wrong that's causing the alerts to keep popping up.

 

The problem with DoD:S is normal. A workaround is to remove any firewall rules for it and set Anti-Hacker to Low Security.

As for Proactive Defense, disabling it would make you less safe but not dramatically so. I dont use teh PDM and I do fairly well. The constant popups dont sound normal though.

 

Have you got the pdm set to basic or advanced?

 

You are still safe with Proactive Defense disabled... you'll still be protected by Kaspersky's signatures (like any other antivirus), ProactiveDefense is simply an additional layer of protection... (not recommended for newbies or people who donot know alot about PCs).
If you're an average PC user (bit of knowledge), you can enable ProactiveDefense, but make sure ApplicationIntegrityControl is disabled... (thats only for advanced/professional users).

Popups should more-or-less stop after creating rules. If they're continuing, then there maybe a problem.
What was your previous security setup... previous Antivirus, AntiSpyware, SecuritySuite etc?

 

That's good to know. My concern was that by disabling Proactive Defense, I was *significantly* lowering my defenses.

Previously I had Sunbelt Kerio Personal Firewall 4, NOD32, Adaware and Spybot. I've now switched to KIS7 and AVG Anti-Spyware 7.5.

I'm also behind a NAT router.

 

Are you running both AVg and SuperAntispyware on real time?

 

i use kaspersky internet security 7.0.0.125
i disable Application integrity control
and i put the fire wall on low security

every thing is ok no hackers , no viruses

i use
xp sp2 pro
processor 2800
ram 1.5 G
vga 128

 

That's safe
You could also set it to training mode at first. In a couple of days the pop ups will be less by far

 

KIS7 is a product for the advanced user.. period. In a default configuration it will even ask you if you want to delete malware sometimes!! So you dont want to install it on computers that are used by the family.

 

If you want it for newbie users, you can install File-AV, Web-AV and Firewall (and maybe mail-AV).
I dont know whats wrong with asking the user if they want to delete malware in default configuration... I think even for newbie users, this popup's a no-braner... if it says virus... most users will click "delete" anyway... even if you click skip, if you try to execute the file, it'll block it and warn you again... have to add it to TrustedZone or Pause Kaspersky (or File-AV) to run the file, which must be an intentional act, wouldnt do all that by "accident", user must realize there's something wrong with the file if they had to do all this just to open it.

Also, if user sees a big red popup on the screen saying its malware, then at least they know where it came from and it'll remind them about opening dodgy files on the internet.

You can always easily make Kaspersky delete/disinfect without the prompting the user...
To make it default for File-AV Settings>File-AV>BlockAccess>OK ... 4 clicks of the mouse, not difficult or time-consuming
To make it default for Web-AV Settings>Web-AV>Block>OK... 4 clicks of the mouse again, not difficult or time-consuming again

 

If delete malware is a no-brainer then why does Kaspersky ask in the default configuration. Covering their as** in case of false positives maybe ?

 

maybe... but also so users know when they downloaded the malware... if they surf a website where many malware is being downloaded from, at least they know its a risky site to surf which hosts many malware and they shouldn't use it again.
Also, if files users download automatically disappear without notification, the user may think there's something wrong with the computer... maybe trojan deleting the files?
Also, getting a warning will remind users about surfing safely... If nobody ever saw their antivirus detecting anything, most users would think the internet is safe and they've never encountered malware and probably never will... although in reality, its not like this.

 

This doesn't make sense. Kaspersky is not merely informing the user that they have deleted a virus. They are ASKING the user "Should I delete or should I skip". That to me is ridiculous. They should just inform the user that a malware was detected and automatically deleted. That way as you said, the user now knows that they shouldn't be visiting that website. If Eugene Kaspersky the anti-malware-ninja doesn't know if the malware should be deleted or skipped, how is the JoSchmo user going to know.

 

You mean do it the way Symantec does, and cripple PCs nationwide in China because it FPed and automatically quarantined a critical system file?

If you want Kaspersky to auto-delete, then you configure it to auto-delete. Simple. I don't see the point of all this fuss, except for the sole purpose of making useless noise.

 

Yes the way Symantec does it. Are you saying with Kaspersky's "ask the user" method the average user when they see a BIG RED box that says "Trojan.Downloader xyz detected, do you want to allow deny" is actually going to choose Allow ? You've got to be kidding me. They would choose Deny and the critical system file would get quarantined.

Oh and about China.. Rising called Kaspersky "the king of FPs" since they had an FP almost every day for a month. Ofcourse, KIS threatened to sue them over that, but facts are facts. You only hear about Symantec FPs because they have 70% of the worldwide market. If they had as many FPs as Kaspersky had they would be out of business.

 

the problem is, they say set it to training mode, it drives you crazy and they never say about when you should increase the level. Or they say, lower it one notch and the pop-ups wont bother you. I find this total crap from a users standpoint. F-Secure has a better option. Avira will drive you crazy at the at the start with pop-ups, but at least it is only once. I really cant understand why the loyal following for Kaspersky, when all they really offer is so called detection. The suite is crap.

 

Click "Allow Always" and create a rule for applications and you wont see it again ... (and thats the Firewall you're talking about rather than Proactive Defense).

... personal preference my friend, personal preference... suppose its like Marmite... you either love it or you hate it... or like Sweden... neutral

 

good points and I always have respected your thoughts. But PDM or firewall, pop-ups are still a issue and rules dont always stop it. Ask SAS. Best at cleaning though.

 

Let's not get into hypothetical situations that do nothing but distract us from the real issue. Kaspersky offers you the option of investigating the file further for yourself, or if you prefer the "Symantec method", so to speak, it's equally easy to configure it that way. As for what happened with Symantec's approach, I think it's pretty obvious.

Hear, hear. So let's bring out the facts and evidence, because I don't see any. Or perhaps as far as you're concerned, a competing vendor's (equally unfounded) claim is enough to qualify as rock-solid evidence, even though you've obviously never used Kaspersky in China before.

Wrong again. We hear about Symantec's FP because it crippled PCs across an entire nation; market share has nothing to do with it. Are you honestly suggesting that such news would be hushed up and swept under the carpet if Kaspersky, a "minor vendor", was the culprit instead?