KAV/KIS 2013 Beta - Final

Re: KAV/KIS 2013 Beta

2012 and 2013 both are light for me

 

Re: KAV/KIS 2013 Beta

Thanks Champ

 

Re: KAV/KIS 2013 Beta

Some more info on the new exploit protection module, seems largely based on forcing ASLR: http://securitywatch.pcmag.com/secu...aspersky-2013-products-will-expand-protection

I just compared the rights/rules list from the HIPS with 2012 and the only thing they added is "Modifying memory of other process" Among other things, with the loss of Proactive defense protection from suspicious driver installation is lost. The 32 bit version's HIPS has "Start driver" so not much is lost there, but the 64 bit version HIPS does not have this protection, I'd say protection from driver installation is one of the more important functions of any HIPS.

Does System watcher give pop-ups with options to block the behaviour or is it more of a passive thing?

That's quite dissappointing BTW, they did finally fix 'breaking' ASLR protection by loading their DLL's without ASLR support into explorer.exe and others and they added DEP and ASLR on their own processes as well.

 

Re: KAV/KIS 2013 Beta

System Watcher inherited PDM's suspicious driver installation from what I can see: -http://s7.postimage.org/vnapsgo3f/swdrvinstall.png
I believe manipulating of services (create/read/modify/start) is monitored on 64bit in HIPS, which provides protection against driver installs.
And there's the classic modifying registry entry/creating .sys in driver dir, as any classical HIPS has.

It does give popups (Interactive mode).
-Old Zbot sample: -http://s18.postimage.org/a0iu9fomh/swscar.png and rollback -http://s18.postimage.org/wqhz2f7u1/swscarrollback.png Items that will be rolled back -http://s18.postimage.org/66pe0a7ah/swscarrollback2.png

-TDL4/Pihar rootkit: -http://s18.postimage.org/q50nox2ll/swtdl.png -http://s18.postimage.org/us6pqopyh/swtdl2.png

-Boot.Cidox: -http://s18.postimage.org/gbo1pupux/swcidox.png

etc. etc.

You should have in mind that it is compensated a bit with the Exploit prevention feature in SW.

I'm on XP so I don't know about ASLR. Someone else could check.

 

Re: KAV/KIS 2013 Beta

Thanks for the reply
About the ASLR issue, it wasn't a question, I meant to say they did fix it for v2013.

 

Re: KAV/KIS 2013 Beta

Ah, sorry, read that wrong ("...did they finally fix...").

Here's an official changelog included in the RC distributive:

 

Re: KAV/KIS 2013 Beta

Do you know how System watcher handles files with digital signature? Proactive defense trusted them with default settings, but there was an option to disable that, I can't find one in System watcher settings.

 

Re: KAV/KIS 2013 Beta

^ I would also like to know.

 

Re: KAV/KIS 2013 Beta

Is blocked | logged using Kaspersky Endpoint Security 8?

 

Re: KAV/KIS 2013 Beta

The option is removed for System Watcher, it automatically trusts files with valid digital signatures and with Trusted status in KSN.

Sorry, I don't use KES 8 so don't really know.

 

Re: KAV/KIS 2013 Beta

A wise man once said:
"That's ~ Snipped as per TOS ~ garbage"

Kaspersky should listen to their elders or I'll be finding a different security solution. Off to their forums to complain!

 

Re: KAV/KIS 2013 Beta

The Kaspersky Whitelisting program seems to be a good idea for developers
http://whitelist.kaspersky.com/

 

Re: KAV/KIS 2013 Beta

Interesting. I'll be curious to see how it works out.

Have fun getting banned.

 

Re: KAV/KIS 2013 Beta

You still have the option to not trust digitally signed/KSN trusted files in Application Control.

 

Re: KAV/KIS 2013 Beta

Kill KAV/KIS2012 from user mode...

 

Re: KAV/KIS 2013 Beta

Or at least getting roasted/posts removed by richbuff

 

Re: KAV/KIS 2013 Beta

Wow, not good.

 

Re: KAV/KIS 2013 Beta

Nah, all he did was move my post into the correct section of the forum

Never said I was gonna be a jerk about it.

 

Re: KAV/KIS 2013 Beta

I see they are saying beta testing is over. I hope nobody is looking for any major changes at this point.

 

Re: KAV/KIS 2013 Beta

Wow.. Kaspersky sure does spend a lot of money on marketing these days and copying their other larger competitors.

Been using the Symantec Whitelisting program for years https://submit.symantec.com/whitelist/isv/

Why is Kaspersky's different?

Its funny, that as soon as Symantec introduced Reputation/Whitelisting in their 2009 (2010 ?) products, the very next year Kaspersky had Reputation in their product Coincidence. Even their user-interface on the reputation page, the green/red/grey looked ripped off from Symantec's

I am beginning to think that as far as intellectual property goes, Kaspersky is to Symantec, as Samsung is to Apple.

 

Re: KAV/KIS 2013 Beta

@qakbot

Do you have any idea what you're talking about? Why are you even comparing the two?
Every company has their white list so 3rd party applications don't have trouble working in an environment with said security solution installed.
Since Symantec != Kaspersky the answer is obvious.

Kaspersky Security Network (i.e white list) has been present since mid 2008, when v8 (aka v2009) was released.

 

Re: KAV/KIS 2013 Beta

Spoken like true Norton "qakpot"

Every big AV has had these kind of measures for some years now, the "Samsung is to Apple" got me laughing quite hard though as it is a bad comparison, i have both and Samsung is quite a lot better than Iphone right now.

What you did yesterday somebody will improve and do better today.

 

Re: KAV/KIS 2013 Beta

Prove to me that Kaspersky's whitelist is better than its competitors. If not, then I'd assert that they are just playing catch-up, as always.

 

Re: KAV/KIS 2013 Beta

Kaspersky playing catch up to Symentec? LOL!!

 

Re: KAV/KIS 2013 Beta

I have nothing to prove, you were the one who had to derail a thread with statements that seemed based on nothing more than fanboy rhetoric.

Perhaps time to get back on topic = a beta of Kaspersky and not the Symantec Whitelisting program?