Timur Born
-
Posts
73 -
Joined
-
Last visited
Never
Posts posted by Timur Born
-
-
Kaspersky does scale with Windows’ scaling, both below (XP) and above (W10) 120%.
Fortunately it also allows to resize several of its settings windows, but some are fixed in size. The former is a welcome change from all the current AV UI craze, the latter still follows said craze of largely empty space with lots of scrolling and too small text.
-
I also wonder if there is a list of file extensions scanned by KIS? I noticed that even .log files are checked, which I find somewhat odd given their close nature to .txt files (which is the example given by Kaspersky for files not necessary to scan).
-
Hello.
I noticed that KIS scans Lua files when the option to scan by “file extension” is enabled.
Is this due to malware like “Linux.LuaBot” or “ProjectSauron” or does it scan for things like Roblox malware scripts?
-
I am using the Kaspersky Internet Security trial and was only asked to login once at the end of the installation. This step could then be skipped and I was not asked again since then.
There is no corresponding message in the notification center either, not even a ignored one. There *is* a notification that my trial is active and when I click Details and then click Manage it asks me to sign in. But that can again be cancelled.
The notification settings listed by @Flood and Flood's wife are all enabled here, still no popup yet.
Maybe this is limited to the free version? I had that installed earlier, but don’t remember if I had to sign in to use it. Will test again and report back.
On a side note: I find it ironical that the very first time I actively noticed a popup over a full-screen application / game was when Kaspersky informed me that its game-mode would protect me from popups. :P
-
In that case Kaspersky should offer an option/default to keep the computer awake during an active scan. ;)
-
VGAglory just explained that other antivirus applications have no problem keeping his computer awake. There are also backup applications that can do the same. If all these programs manage to keep Windows awake, some of which on VGAglory’s computer according to his report, then the problem might very well be with KTS.
Asking him to change his power-plan when KTS specifically offers an option to keep the computer awake also seems rather counterproductive. That would be exactly what VGAglory does *not* want.
-
Here is a more recent test done by AV-Comparatives:
https://www.av-comparatives.org/tests/enhanced-real-world-test-2020-consumer/
-
@harlan4096 Thanks for the link, it’s well appreciated!
-
Sorry, but no, I still don’t know if fileless protection (Powershell, WMI, etc.) is part of the Kaspersky consumer products? The Kaspersky Wiki entry I linked to is specifically meant for Enterprise products.
For example, with xxxxxxxxx you only get this kind of protection for their higher tier enterprise products (it’s even not included in the lowest tier enterprise products) and their consumer products don’t even mention it.
Same with xxxxxxxxxx, fileless protection is specifically listed for its Enterprise Defender, but not for its consumer (free) one.
-
It’s well possible that limiting the number of threads is intended by KIS, as kind of compromise between performance and load demands. Thus my original question about the “intention” of the current implementation.
I would argue that an on-demand scan should be more balanced towards scan performance, though.
And I also have to test how this affects real-time scans when many small files are accessed for the first time (and consequently checked for changes regularly).
-
I know about settings to only scan changed files and make use of Kaspersky’s own cache (which other solutions use, too). In fact KIS’ cache is aggressive enough to keep its state over computer restarts. (Is the timeout 8h?)
This is about performance of an original scan on modern hardware, not about how various programs try avoid repeated scans of “known” files (KIS does good there). The context-menu scan serves as a fair comparison basis.
And I did not even mention how all (!) antivirus solutions (including KIS) only use a single thread to uncompress and test archives.
-
For comparison, this is what the fastest software is peaking at during a context-menu scan on my setup (12 core CPU + M.2 SSD):
-
-
Thanks @Flood and Flood's wife ,
knowing now that animated GIFs are welcome here I will make use of that.
-
Hi @Igor Kurzin ,
thanks for the explanation. I only saw the traffic once for a very short time and it does not seem to happen with a simple Firefox (extensions) restart.
So I created a firewall rule to block the traffic and enabled logging. This should hopefully tell me which process is trying a connection when it happens again.
According to Kaspersky’s help-page IP addresses should be used for the firewall rule, but I did some tests to make sure that the firewall also accepts URLs.
PS: I noticed that changing a browser (Firefox) based firewall rule to “block” while the browser is running does *not* apply unless the browser is restarted or the URL is refreshed via SHIFT (!) + reload. Before that no the “block” rule does not apply.
-
Correct, for reports (and some other parts) you have to click the small arrow, which is so small that you have to aim for it.
In other parts (custom scan dialog) like you can just double-click anywhere on the line to do the same thing. This is much easier.
-
-
Does the (consumer software) KIS protect against fileless attacks or do only enterprise products do so?
-
It’s also worth mentioning that KIS seems to use a file access pattern that slows down its own read performance on my M.2 SSD. As a consequence throughput is rather slow while the drive is reported as fully utilized. So a higher thread count might not even improve performance.
-
Hello.
Is it intended that KIS only uses about 4 concurrent CPU cores/threads for on-demand scans (e.g. context-menu scan)? There are 12 physical / 24 logical cores on my CPU and KIS only uses a small part of that. As a consequence KIS is relatively slow for on-demand scans.
Here are some comparison numbers for my C drive (496298 files, including installers and archives):
xxxxxxxxxxxx : 4 min 16 sec, 1101467 files
xxxxxxxxxxxx : 5 min 4 sec, 1451487 files
xxxxxxxxxxxx (single thread!) :11 min 58 sec, 812339 files
Kaspersky: 12 min 47 sec, 938712 files
Thanks and regards.
-
Hello.
There are several parts (e.g. Reports) of the UI were you can only expand lists via clicking on the tiny arrow on the left side.
Curiously there are other parts where double-clicking does work (e.g. select folder in Selective Scan).
Please make this UI experience consistent and allow double-clicks to expand lists everywhere.
Thanks and regards.
-
Hello.
I noticed that KIS’ AVP.exe (realtime scanner) connected to poneytelecom.eu for a short time, a site seemingly known for malicious content/attacks?
What is this connection used for?
Thanks and regards.
Encrypted channel for GetSystemInfo
in Kaspersky Internet Security
Posted
Sometimes support asks customers to run GetSystemInfo even for easy questions (like why does AVP.exe connect to site xy). I noticed that this is done via an unencrypted zip over an unencrypted e-mail exchange. Is there no encrypted channel to upload this sensitive data?
Among other things the zip includes the name of my computer, Firefox computer name, all IPv6 addresses of my computer (ipconfig) and KIS settings (what is enabled/disabled). It also includes information about what bank offered me how much money over what periods of time. This is because these are encrypted PDF files that include this information as names that are listed in KIS log files as not being scanned due to encryption.
So given how easily and often AV developers ask for these personalized information I really do wonder if there is no encrypted channel prepared to upload these files instead of using insecure means?