Kasperky antivirus still agressive ?

Discussion in 'other anti-virus software' started by Fly, May 18, 2008.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I'll soon need a new firewall and a new antivirus.

    I was thinking about Zonealarm, but it seems they use Kaspersky's antivirus engine.

    A few years ago I tried Kaspersky, but I found it to be too agressive.

    How is it these days ? Agressive=many false positives, having a destructive effect on things on your computer, asking difficult questions like 'process X is trying to inject code in .dll file Y, do you want to block it ?'

    If configuring the program means making a strong antivirus a weak antivirus, then it defeats the point.

    I also have Counterspy, and currently McAfee. Counterspy AND McAfee both had to be manually configured to get them to work together, and Counterspy is at least partly working on kernel level. Would it go with Kaspersky's ?

    (I don't have any fancy imaging or virtualization software, this is a 4 year old computer that has its limitations, and testing all sorts of security software by trial and error would trash my system. I have decided not to buy any new hardware till it's time for a new computer.)
     
  2. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    I think you'll find v8 (2009) very unobtrusive and light. A lot of features and optimizations were implemented, and what's most important in your case, a huge whitelisting of applications was done for v8 (Bit9 DB, Digital signatures) which greatly reduces the popups requiring user input... especially if it's set in automatic mode (decisions taken automatically based upon application risk index (via emulation) and other algorithms)- you won't even know it's there :p

    If you wish, you can wait until it's officially released (still at TR ATM), just to avoid the risk of bumping in some bugs. :)

    A small side note: all those "False positives" most likely came from the PDM component, which was designed to be obtrusive/for advanced users in v7 :D and thus they can't be called FPs- that's how it works. :)
     
  3. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Hi Fly, reading this will help you a bit on your questions about KAV/KIS.
     
  4. jfd15

    jfd15 Registered Member

    Joined:
    Oct 12, 2007
    Posts:
    234
    Location:
    Sacramento, CA
    i got tired of KAV already....too much for my notebook....i have mobile broadband, seems i get a new IP with every log-on, so i just scan with SAS from time to time...never find anything though.....
     
  5. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I wonder which version is in Zonealarm ?
     
  6. JasSolo

    JasSolo Registered Member

    Joined:
    May 9, 2007
    Posts:
    414
    Location:
    Denmark
    I'm pretty sure it's version 6


    Cheers
     
  7. fce

    fce Registered Member

    Joined:
    May 20, 2007
    Posts:
    758

    very true!
     
  8. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I use version 7 and if you turn on the advanced options it does tend to be a bit aggressive with fp's. Now i just enable the basic settings and it seems to behave itself most of the time.
     
  9. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I can't remember the last false+ve I had with Kav and that's with V7 set to its highest setting in every module,but I don't have application integrity control running:-too many pop-ups,drove my wife mental if I wasn't there to ask what she should do!(not false +ves though!):-I personally prefer an "aggresive" av over a "laid back" one anytime!
     
  10. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    If you're not accustom to advanced settings, don't enable them; simple.
    Yes, its not using Kaspersky to its full potential, but disabling ProactiveDefense will simply mean Kaspersky's protection level will be equivalent to most other AVs, so it does not defeat the point; it will still be as good as other products.

    You can still use Kaspersky's ProactiveDefense by creating rules/exclusions and trusting applications if you want and the popups will rapidly decrease after a few days.


    As for "process X is trying to inject a code in .dll".... yes thats ApplicationIntegrityControl... thats very complicated and is very intrusive and is only for advanced/pro users, which is why it is not enabled by default and only enabled by user-interaction. Once again, if it is beyond one's capability of using; dont use it. I've never used it though; too advanced for me. Other ProactiveDefense feature's I have used with no problems.


    Kaspersky v8 is far less intrusive than v6/7 because of its new HIPS and whitelisting, but it will still give a few popups regarding unknown/other software which have not been whitelisted or blacklisted. Install it in Basic mode if you still cant handle them or don't like them (and let Kaspersky take the recommended action), but believe me, the number of popups have reduced dramatically, even in advanced mode.
     
  11. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    They're not FPs; they're behavior alerts... simply alerts about behavior which is similar to that of a malicious object.
    It does not say the object is malicious and should be deleted; hence, are not FPs
     
  12. Wyrd

    Wyrd Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    14
    KIS 8.0 still seems to be on the aggressive side, at least in terms of its heuristic engine, and generated MANY false positives on my PC, which turned out to be all innocuous MS Office updates. I sent the zipped files to Kaspersky Labs and got a confirmation that KIS had detected only false positives...well, in addition to "detecting" them, KIS also made all my MS Office programs unusable...I still have a valid subscription with KIS for another 10 months, but switched back to good ol' NOD32 and Comodo Defense +, as they, at least, do not devastate my entire "Windows Installer" folder, while KIS interpreted every second file in there as a "Heur.Trojan.Generic"...
     
  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    there was a bug with the heristics didnt you read the long kaspersky TR has been released thread? it was reported that there was a temporary issue with the heristics at the time.
    it was fixed soon after.
     
  14. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Kis8(kis 2009)hasn't been released yet,still in beta/pre release testing:-as with any product at this stage you should really expect a glitch or two,if you were sensible you would not have installed a beta product on a PC which had info on it which you needed,hardly the fault of Kis that you didn't follow usual "beta testing guidlines":-down to user error that one!
     
  15. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    for me it seems that KIS 2009 Beta is faster and much more compatible with my system than KIS 7 ever was.

    But KAV 2009 Beta is about the same incompatible with my system like KAV 7.
    Like always I have to install KAV 2009 Beta first and then Online Armor and even so it doesn't work.
    This constantly growing incompatibility of KAV with other security software is a real disappointment.

    I have a license and would like to use KAV, but because I like a smooth system more than KAV I use currently Avira 8 with OA instead.

    Cheers
     
  16. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I got fed up with its heuristic fp's so i simply disabled it. For my particular needs signature detection is enough.
     
  17. Ximi

    Ximi Infrequent Poster

    Joined:
    May 12, 2008
    Posts:
    40
    Location:
    Estern
    I don't know but i have a feeling that Kaspersky are not as agressive as it was once at the time.
    I do remember for some month's or years ago everybody speaked about Kaspersky and how the protection was excellent, but those last few weeks have not heard.
    I dont know if Kaspersky will ever be that strong as it used to be before, and that's to bad because i really like Kaspersky.
     
  18. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
    I've always used KIS from 2-3 years and I only had 1 single false positive. It was a sccfg.sys leftover from folder lock that KIS rated as suspicious, (as many other security software did). I have never experienced "aggressiveness" with Kaspersky. Of course, I mean in stable products, because I haven't used betas and TRs a lot.
     
  19. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    You're probably referring to the Application Integrity Control feature in KIS v6/7 which does fire off more alerts than most other components. I personally left this feature turned off - it is off by default anyway. It does no harm doing this as one is still well protected.
     
  20. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    In the v7 line of products, I never used the heuristics feature as I felt the PDM module was strong enough as had been shown in tests done by av-comparatives in June 2006.

    Since using KIS 2009, I have been running heuristics at the medium setting and have not yet had a single alert from its engine.
     
  21. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    I've seen 2 today a hour ago (and can confirm they are malicious :))... just waiting for the viruslab to add it to detections now.

    Haven't had a heuristic FPs yet with v2009.
     
Loading...
Thread Status:
Not open for further replies.