KIS 2014

Agreed. If you are reasonably sure your machine is not infected I would just allow everything currently and go from there.

 

Yes, I agree as well. Since it's already been on the system and Trusted Applications Mode has not been activated, there wasn't anything stopping it from running either.

 

Thanks, guys. That is my plan.
Jerry

 

Of course if the system is not used for confidential, sensitive financial or restricted information the "reasonably sure" can be sufficient.
If instead the use of the PC is linked to more critical data then you should be "sure" rather than reasonably sure... and, as a matter of security principle, if you don't know why something is in your system it shouldn't be there in the first place. This will generally minimise the "surface" exposed to attacks.

 

Trusted mode seems indeed a pretty neat feature. I wonder what criterion is used to consider a file "trusted". For instance, conduit toolbar files (and other stuff alike) are common and widespread, but that doesn't mean they should be in trusted list. Does anyone knows if trusted mode blocks those installs?

 

No, but you can block such "grayware" applications by unchecking Trust digital signatures and opting out of KSN while using Trusted applications mode or by setting "move unknown applications to Untrusted group" in Application Control. It's possible we'll see an option to blacklist specific digital signatures in the upcoming Maintenance Release 1 which will help block installs of such grayware specifically. You can preview that feature by downloading and installing the beta KIS for Geeks version from the beta section.

 

That would be a very useful feature, i think.

Do you know if trusted mode will also be available in KAV or is it only for KIS?

Thanks

 

One of the best AIO suites. Use it with confidence. Hahahaha

 

Trusted Applications Mode is not available in KAV, only in KIS.

 

Thank you guys, followed the Trusted Application set up through and enabled it on KIS.

Is it still advisable to run MBAM occasionally or is it not required at all?

 

I have to confess: until now... I never heard of 'trusted mode'...
It was disabled and I just enabled it. It is scanning system files in the background (heading for 7500 . . .)

In the morning I switch on my pc and in the meantime continue to do a number of other things, coffee, breakfast, etc.etc. When I return after about an hour, there is a lot of discactivity, the pc is slow when I click on ctrl-alt-del to run the taskmgr and see a LOT (I mean a LOT) of avp.exe and mbam.exe running.

Q:Cud this be the cause?
Also, Excel, when performing a specific action froze my system over and over (had to kill the process thru the task manager) whereas with others, the same task was completed in 1-2 minutes.
Cud that also be caused by this?

I was looking under threats/exclusions to add Excel there..?
But I could not believe I would need to add all my trusted applications there...

When looking at the below, it is going to take a while before the analysis has been completed...


http://imageshack.com/a/img856/6493/bbqi.png

Thanks for the tip!
=

 

I've heard some reports about Trusted mode slowing down the PC, so that could be the cause. Yours is still analyzing however, so I would wait for it the complete.(Though that is certainly quite a while :S)

I've an idea to get similar protection to Trusted mode. I hope some of the expert Kaspersky users here can comment.
Set Application Control to not automatically trusted files with digital signature, so only trusted files are put in the Trusted Group. Set it to move all other applications in another group(Low Restricted for example), and then edit the Group rights, specifically the Launch/Run rights and set them to Deny or Ask.
That way every whitelisted file ends up in Trusted group and can run, and every other file can not run or needs user permission, just like Trusted mode but without extra resource usage.

 

The difference between Trusted applications mode and the settings BoerenkoolMetWorst mentioned is that Trusted applications mode can block libraries and modules from loading in memory which otherwise wouldn't be blocked just via Application Control settings. For example, TAM can block Firefox from loading a 3rd party .dll in its memory, but Application control wouldn't because it can only control the module if it executes via it's native host application: rundll32.exe (cmd.exe for bat scripts, wscript for .vbs etc.). Those additional checks are what probably causes slowdowns in some cases.

For those who still remember KIS v7, TAM is similar to Application Integrity Control feature in v7 PDM, but this time it's more automated and user friendly (and still can cause slowdowns just like in v7).

 

Thanks for the clarification

 

Just curious to know, would Norton IS 2014 also have something a bit similar to trusted applications?
Does KIS Trusted Applications Mode result in better performance?
If so, wonder why it is disabled by default.
=

 

No, NIS does not have a similar mode, however it will block anything it does not trust. Not the same and not as effective though.
As for KIS I have seen reports of worse performance with it enabled and not better. However, in my personal experience I have not really seen a noticeable difference either way.
It is likely not enabled by default due to compatibility issues with some applications.

 

Right now, I have both NIS 2014 and KIS 2014 (of course, not on the same machine). To be honest, I can't make my mind up.
Both are good products. The support of NIS is way, way better than that of KIS : my experience with Kaspersky: absolutely no support outside the forum.
NIS helped me out on a number of occassions through chat sessions, false positives, etc. Their support is really very good. The forum of KIS well, generally it is okay, but once it a little complicated, you need to submit reports - but often there is no solutions then/it stops.
NIS forum folks are doing an extra step.
Likely Norton feels that, considering both products being almost equal quality- and pricewise, they should do some 'extra steps' on the point of support.

I installed KIS, then after a while installed NIS again.

Main reason for uninstalling NIS is that it simply deletes a suspected file. Period. No recall possible. No questions asked. However, files can be legitimate, but because NIS suspects the file(s) it deletes them. You have a problem when you donot have a backup and it is a file you created yourself (for example), i.e. one cannot obtain the file from Internet, although once downloaded, NIS will immy delete it again, so you may even have no chance to report it as false positive.

One outstanding thread explaining this is
Norton is loosing loyal customers, because automatic deleting of threats! 05-11-2011 03:36 PM
http://community.norton.com/t5/Nort...deleting-of/td-p/579268/highlight/true/page/2
How to whitelist a file 03-05-2012 07:12 AM

But there are many more.

For me this was the main reason for removing NIS.

Maybe they have changed the policy, to at least put files in quarantine, but not delete them.
Users should be able to recall them when it is 100% correct and whilst doing so, this should be reported to NIS with a statement of false positive.

I admit, it is off-topic, for which I am sorry. It is a response on the 'block anything it does not trust'-part of your reply though.

=

 

Same here and I agree with your entire post. My computing life seems to revolve around the switching out of both products, never being 100% happy with either.