Xzz123
-
Posts
208 -
Joined
-
Last visited
Posts posted by Xzz123
-
-
10 minutes ago, Yury Parshin said:
It is impossible to block generically all vulnerable drivers in advance because we are working on the same access level. But is is possible to block known drivers, rules for blocking are updated regularly
Hello sir
I found some vendors may use hardware virtualization to enhance HIPS and proactive defense. Is it possible that K product also use hardware virtualization to block more R0 level dangerous actions? for example, direct syscall.
thx
-
VisHash Offline
based on Locality-Sensitive Hashing(LSH), kind of mechine learning detection
-
1
-
-
My practice is to use tool like Geek Unintaller. you can use geek to start the uninstallation and the tool will try find some real leftover.
You can also use Autoruns form microsoft itself to search for unwanted logon object/scheduled taks/services/drivers.....
-
3 hours ago, total said:
I know it is no impact on OS operation, but expectation is , from a dedicated removal tool , to remove all items generated upon install of that program
you better not wish that happened
because Kaspersky and other big vendor all use windows installer service to initiate an Microsoft windows standard installation or an uninstallation process. all files and changes is recorded in a *.msi (located in C:\Windows\Installer, for my K Standard 21,13 it is a 15MB msi file), using standard windows recommended practice, you can uninstall using the msi package.
that means there will be no additional and un-recorded program files or drivers introduced in your hard driver, in the whole life cycle of K product in your PC.
in normal cases it is enough to use windows control panel to clean all kaspersky program files-as I said the msi package got full record of the installation and there will be no new app function added without windows standard installer service/
in sepcial cases you may need a removal tool because the msi package is damaged. the tool also got the info of what files are written in your disk, it perform remove accordingly.
It is never a good idea for a official tool to serach all the disk and register for any traces of there once being a kaspersky product. There will be a possibility the tool mistakenly delete critical system files or precious user data, you would not wish to encounter that catastrophe.
?
I am NOT a Kaspersky employee or forum administrator, and I DO NOT represent Kaspersky Lab or the forum.
If there is any mistakes above, I am happy that a real speciallist can correct me.
-
these files are not created by K
but by windows system.
dont worry, it has no impact to your os operation.
-
If a legit but Vulnerable driver is used to evade AV and help the malware enter R0,
nowadays with latest windows system installed, AV is no match for the malware.
it is nearly impossible for AV to block any Dangerous actions.
Not to mention loading a malicious rootkit or bootkit driver via ZERO DAY~~~once the malicious driver is successfully loaded, removal is nearly impossible. The best way is to performance scan under PE environment.
-
1
-
-
22 hours ago, always_working said:
Doesn't it introduce new security risks,
always having internet makes your AV always connect to cloud server which helps fight virus
-
1
-
-
If you do not have wifi and mostly use 4g/5g data
I recommend you leave data on
because Kaspersky now use light weight definitions and need KSN connected all time. You dont have every 2 hours a new definitions update. Old days never come back......?
-
using an online insatller of build 21.13, your product will activate as Kaspersky Standard.
much better than 21.3
-
1
-
-
On 6/24/2023 at 9:29 AM, Xeno2ig said:
what is your current setup
I mainly use HIPS to block application in low and high restricted group to perform following:
inject code into another process
read memory of another process
access to windows acount settings
shutdown windows
access to camera and microphone.
Kaspersky's behavior detection do not block single risky actions, it is different from some vendor like EMSISOFT.
currently there is no way to make HIPS module or System watcher to bolck single risky behavior without your own rules. sadly.
just like many big vendor, such fully automatic behavior detection is the trend now in 2020s year. bitdefender&norton&trendmicro&AVG etc.
On 6/24/2023 at 9:29 AM, Xeno2ig said:Firstly, what is your current setup
Secondly, any way I could suggest a feature to make automode use AI or other things to block suspicious behavior?If I remember correctly
12+years ago, K's first generation of behavior detecion, named as proactive defense, has such single step detection and block fuction. But unfortunately the product made too many false positive and got many complains in those old days.
now with System Watcher - the second generation(at least in base folder it is called sw2) of proactive defense user will get more accurate detections and very much low false positive ratio.
-
1
-
-
maybe you could claim an installer of newer kasperskyversion, like build 21.13, from tech support
-
14 hours ago, Xeno2ig said:
Is there any way for it to do everything for me? Like make the decisions for me and make smart decisions, not just yes?
Kaspersky has no semi-automatic mode.
I myself use auto mode+custom made Deny rules
-
how to make HIPS ask you what to do
1. unselect auto mode and set hips rule as ASK
2. if you set camera protecion rules as ask, than it always ignore auto or interactive mode. it will always pop up notification.
If you select auto mode→
ASK settings in hips rule do not apply and it always allow actions→
ASK = Allow in auto mode
and Deny = Deny in auto mode. allow =allow in auto mode.
except for camera protection and advanced disinfection pop up
-
1
-
-
no way to go back to old win7 style
unless you use win7
or use kaspersky endpoint protection which hard to get a genuine one.
-
1
-
-
6 hours ago, Xeno2ig said:
Well what if lets say a stealer tries to access browser passwords, and HIPS denies the access because I have it set to deny,. Would System Watcher pick up on that action, or no? I might just leave it on default if there is any interference
my personal view: You will never find out the answer.
it is too complicated that i believe only a senior developper can tell you that.
but I dont think you need to worry about it, HIPS rules was born to be changed as you wish
-
mostlikely file antivirus will detect the malware first
system watcher the second
HIPS only apply rules you created. HIPS itself can not detect anything but request other module's result.
-
大小姐
这得看天意
-
10 hours ago, Xeno2ig said:
At least I hope.
do not worry
K has sophisticated muti-layer defense
just never try shutdown K after persuaded by social-engineering and phishing attacks
-
2
-
-
10 hours ago, Xeno2ig said:
affect preformance
I use 970evo SSD and dont feel any delay
-
if the bad guy is running in background and you do not access to the file, it is highly likely will be detected in memory
-
for file av
low level scan is recommend. It will make K not to unpack the file so deep that will slow down your pc when the file is not started.
actually when you run the file, the setting is useless. it will be no disguise when application is started.
-
below is only personal experience gained by being many years of kaspersky user and do notrepresent K‘s official statement:
Whatever your FileAV settings are,the moment the file is launched, K will recheck its reputattion and scan the file
also system watcher keep monitor watching the file behaviors. the overall result is: you dont need to worry
The scan only new or changed files setting only apply before you launche the file.
-
你是不是动过通知设置?
-
1
-
-
11 hours ago, phoenixhow said:
我也是重装了几次电脑,再激活就提示次数过多无法激活,
09年开始使用的卡巴斯基,后续一直是续订的,这么长的时间,除了激活码外根本没法提供当时的购买凭证了,就没有别的方式重新激活了么?
客服电话也是这打不通,那不在工作时间的,
感觉卡巴斯基的售后真的不怎么样,难怪不错的软件在中国的市场越来越小
不可能查不到购买凭证了
就算你真的找不到那个邮件了,你也不可能忘记三年之内怎么购买的。
比如你在kaba365购买的,至少是留下了电话号码或邮箱的,否则不可能接收到激活码。而且kaba365买的码是要在他的网站上转换成卡巴激活码的、询问kaba365客服可以帮助你。
网店购买的 订单是有记录的、
Archaic "tools"
in Kaspersky Anti-Virus
Posted
upgrade to version 21.13
you still have this tool?