Application Control - Extent of checking exe and dll.

[celsurf]

I was wondering to what extent Application Control checks an application before deciding to label it as ‘Trusted’ (or any other) and allowing it to execute/not execute.

 

We all know the ‘exec’ file is analysed by KSN, Digital Signature, etc.

What about all the .dll libraries that are invoked by the Trusted exec ?  

Are they analyzed by Kaspersky ?  If so, at which stage ?

 

My concern is that an application determined as  ‘Trusted’ by Kaspersky has the capability of invoking a malicious .dll 

 

 

 

 

 

[Igor Kurzin]

Hi @celsurf , 

if the application is marked as  trusted, it means it at no point can invoke a malicious .dll, unless it changes its version, but that would be a different application, that would not get to Trusted group.

Anyway, Kaspersky monitors applications with File Anti-Virus, System Watcher, Application Control and an attempt to run a malicious .dll would be intercepted. 

 

 

[celsurf]

Hi @celsurf , 

unless it changes its version 

 

 

And if the version of the exe stayed the same (Trusted) and some virus managed to insert/modify one of its dll’s to make it malicious, which layer would catch this ? (assuming my scenario is a valid one)

Would a more extensive product like Enterprise protection required to detect something like this.