Kaspersky (KAV/KIS) 2013 settings & tweaks thread

Discussion in 'other anti-virus software' started by acr1965, Oct 10, 2012.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have KIS 2013 running pretty well on one of my desktops. One setting I made was to uncheck the "trust applications with digital signature" which is checked by default. Also I made a setting change to move unknown applications to untrusted. I also disabled the web, mail and IM antivirus and also disabled anti-spam. I noticed under the anti-banner settings there is a setting to have IP addresses resolved to domain names. Is there a similar setting for the firewall / network monitor connections? Any other tweaks to KIS 2013 people would like to share?
     
  2. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    786
    Location:
    255.255.255.255
    Uncheck "Perform Idle Scan & Regular RootKit" Scan In General Settings.
     
  3. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Why? It doesn't run during regular PC usage, only if the screensaver is active more than 5 minutes or user is logged off.
    http://support.kaspersky.com/faq/?qid=208286053
    There's no performance impact on regular PC usage.

    @acr1965
    you'll need to be more specific as to what you want to change in terms of security/performance.
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I had KIS set to move unknown files to untrusted and was doing a Windows update. The Windows update would not install until I paused KIS protection. There was no warning from KIS that a file had been moved to untrusted, I presume that is why the Windows update was not successful initially. Is there a warning or pop up message that a file has been moved to untrusted status? It would seem that KIS would issue some notification.
     
  5. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Not by default, but you can enable it somewhere in Settings -> Miscellaneous (the toolbox in the left panel) -> Notifications. I don't have KIS on this system so I can't tell the exact instructions.
     
  6. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    The settings for Kaspersky on free ZA AV/Firewall are greyed-out and if you want granular control, you have to upgrade the paid version.

    For home users, the default is good enough but for power users the trade-off may not be acceptable.
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Thanks- I found some notifications regarding application control that were not checked. That seemed to do the trick.
     
  8. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    I'd enable the 'other' detection category in settings.

    Settings->Cardboard box icon->'Detection of the following...' settings and tick other.
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Yes, I did that. Are there any tests that show KIS with the settings of moving unknown to untrusted? Is there any particular family of malware which can bypass this setting? I've also unchecked the 'trust digitally signed apps' or whatever the wording is.
     
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,049
    Location:
    USA
    I've wondered and never seen a clear answer... does it just trust something with a digital signature? Does it try to verify the signature is valid? Is there a whitelist of known good signatures? A blacklist of bad ones?
     
  11. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Simply start an application that is not widely known or disable trust of applications that are known in KSN in addition to disabling trust digitally signed apps.

    Digital signature must be valid, the list of trusted vendors is maintained by KSN, digitally signed malware can be blacklisted in KSN before the digital signature that malware used is revoked by CA.
    MS dig. sig. are trusted even if you disable trust digitally signed apps.
     
  12. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    With that one setting change alone kaspersky is more or less bulletproof.
    Nothing malicious gets by at all.Ive tried it myself.:thumb:
     
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,049
    Location:
    USA
    Sounds like there is no reason to disable the trusting of digitally signed applications then, which was what I suspected anyway. Thanks for the reply.
     
  14. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Mine shows MS digitally signed are blocked and I've attached a picture. Also, I tried to launch task manager (dig. sig. by MS) and it was blocked. I moved TM to trusted apps and it launched normally. I then deleted the rule and tried to launch MS again and it automatically was added to trusted programs.
     

    Attached Files:

    • ms2.jpg
      ms2.jpg
      File size:
      136 KB
      Views:
      52
  15. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    If you have Kaspersky AV AND are running Blue Coat K-9 Administration Web Filter, have K9 Filter. exe added to the Kaspersky Exclusion List.

    It falsely reports K-9's website blocking action in the Windows Host File as a Trojan.Win32.Hosts2.gen virus. This is a false positive and engaging the Kaspersky advanced cleaning mode can make it impossible for you to get access on the Internet without a working Windows Hosts File - which it mistakenly thinks is affected by a known virus.

    There are of course real viruses/trojans that try to modify the Windows Hosts for malicious purposes. Kaspersky is only doing its job warning you of a possible threat. Its also possible for it to report a threat where none exists as many security applications do modify the Hosts File to protect the operating system from online threats.

    Hopefully, Kaspersky will come up with a fix to this false positive that pops up on a scan of Blue Coat K-9 and the Windows Hosts File.
     
  16. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Yes, this is the price you have to pay when using third party software that uses hosts file as a mean to block IP/sites. This is not what hosts file is designed for and it is not officially supported by Microsoft. The same was discussed in another thread. Rather then kaspersky to adapt to K9 it should be K-9 to find a better way to properly filter sites/IPs. This is not new as many (most) other security related software do not use this method to filter web traffic. :)
     
  17. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    1,441
    The idea is to make dangerous sites inaccessible. Of course you can enable a site on a case by case basis because there can be false positives in web filtering - some genuine sites have signatures akin to the bad ones and one should use one's judgment to decide whether to exclude a site from a web filter.
     
  18. riyad

    riyad Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    11
    Location:
    India
  19. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
  20. riyad

    riyad Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    11
    Location:
    India
    its already released...update your databases and reboot and you can check that patch c is installed.
     
  21. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    so a reboot is required?
     
  22. riyad

    riyad Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    11
    Location:
    India
    yes a reboot is required
     
  23. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I rebooted and still show B
     
  24. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I don't think it has been released publicly as a final build. Otherwise the beta thread would've been updated to say so or an announcement somewhere.
     
  25. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
Loading...
Thread Status:
Not open for further replies.