Xzz123

upgrade to version 21.13 you still have this tool?

Hello sir I found some vendors may use hardware virtualization to enhance HIPS and proactive defense. Is it possible that K product also use hardware virtualization to block more R0 level dangerous actions? for example, direct syscall. thx

VisHash Offline based on Locality-Sensitive Hashing(LSH), kind of mechine learning detection

My practice is to use tool like Geek Unintaller. you can use geek to start the uninstallation and the tool will try find some real leftover. You can also use Autoruns form microsoft itself to search for unwanted logon object/scheduled taks/services/drivers.....

you better not wish that happened because Kaspersky and other big vendor all use windows installer service to initiate an Microsoft windows standard installation or an uninstallation process. all files and changes is recorded in a *.msi (located in C:\Windows\Installer, for my K Standard 21,13 it is a 15MB msi file), using standard windows recommended practice, you can uninstall using the msi package. that means there will be no additional and un-recorded program files or drivers introduced in your hard driver, in the whole life cycle of K product in your PC. in normal cases it is enough to use windows control panel to clean all kaspersky program files-as I said the msi package got full record of the installation and there will be no new app function added without windows standard installer service/ in sepcial cases you may need a removal tool because the msi package is damaged. the tool also got the info of what files are written in your disk, it perform remove accordingly. It is never a good idea for a official tool to serach all the disk and register for any traces of there once being a kaspersky product. There will be a possibility the tool mistakenly delete critical system files or precious user data, you would not wish to encounter that catastrophe. ? I am NOT a Kaspersky employee or forum administrator, and I DO NOT represent Kaspersky Lab or the forum. If there is any mistakes above, I am happy that a real speciallist can correct me.

these files are not created by K but by windows system. dont worry, it has no impact to your os operation.

If a legit but Vulnerable driver is used to evade AV and help the malware enter R0, nowadays with latest windows system installed, AV is no match for the malware. it is nearly impossible for AV to block any Dangerous actions. Not to mention loading a malicious rootkit or bootkit driver via ZERO DAY~~~once the malicious driver is successfully loaded, removal is nearly impossible. The best way is to performance scan under PE environment.

always having internet makes your AV always connect to cloud server which helps fight virus

If you do not have wifi and mostly use 4g/5g data I recommend you leave data on because Kaspersky now use light weight definitions and need KSN connected all time. You dont have every 2 hours a new definitions update. Old days never come back......?

using an online insatller of build 21.13, your product will activate as Kaspersky Standard. much better than 21.3

I mainly use HIPS to block application in low and high restricted group to perform following: inject code into another process read memory of another process access to windows acount settings shutdown windows access to camera and microphone. Kaspersky's behavior detection do not block single risky actions, it is different from some vendor like EMSISOFT. currently there is no way to make HIPS module or System watcher to bolck single risky behavior without your own rules. sadly. just like many big vendor, such fully automatic behavior detection is the trend now in 2020s year. bitdefender&norton&trendmicro&AVG etc. If I remember correctly 12+years ago, K's first generation of behavior detecion, named as proactive defense, has such single step detection and block fuction. But unfortunately the product made too many false positive and got many complains in those old days. now with System Watcher - the second generation(at least in base folder it is called sw2) of proactive defense user will get more accurate detections and very much low false positive ratio.

maybe you could claim an installer of newer kasperskyversion, like build 21.13, from tech support

Kaspersky has no semi-automatic mode. I myself use auto mode+custom made Deny rules

how to make HIPS ask you what to do 1. unselect auto mode and set hips rule as ASK 2. if you set camera protecion rules as ask, than it always ignore auto or interactive mode. it will always pop up notification. If you select auto mode→ ASK settings in hips rule do not apply and it always allow actions→ ASK = Allow in auto mode and Deny = Deny in auto mode. allow =allow in auto mode. except for camera protection and advanced disinfection pop up

no way to go back to old win7 style unless you use win7 or use kaspersky endpoint protection which hard to get a genuine one.

my personal view: You will never find out the answer. it is too complicated that i believe only a senior developper can tell you that. but I dont think you need to worry about it, HIPS rules was born to be changed as you wish

mostlikely file antivirus will detect the malware first system watcher the second HIPS only apply rules you created. HIPS itself can not detect anything but request other module's result.

大小姐 这得看天意

do not worry K has sophisticated muti-layer defense just never try shutdown K after persuaded by social-engineering and phishing attacks

I use 970evo SSD and dont feel any delay

if the bad guy is running in background and you do not access to the file, it is highly likely will be detected in memory

for file av low level scan is recommend. It will make K not to unpack the file so deep that will slow down your pc when the file is not started. actually when you run the file, the setting is useless. it will be no disguise when application is started.

below is only personal experience gained by being many years of kaspersky user and do notrepresent K‘s official statement: Whatever your FileAV settings are,the moment the file is launched, K will recheck its reputattion and scan the file also system watcher keep monitor watching the file behaviors. the overall result is: you dont need to worry The scan only new or changed files setting only apply before you launche the file.

你是不是动过通知设置？

不可能查不到购买凭证了 就算你真的找不到那个邮件了，你也不可能忘记三年之内怎么购买的。 比如你在kaba365购买的，至少是留下了电话号码或邮箱的，否则不可能接收到激活码。而且kaba365买的码是要在他的网站上转换成卡巴激活码的、询问kaba365客服可以帮助你。 网店购买的 订单是有记录的、