Can someone explain this Intrusion Prevention behaviour?

[templar]

Greetings,

I recently uninstalled Kaspersky Internet Security to update to the latest iteration of its respective tier - Kaspersky Standard v. 21.8.5.452

It has always been my policy to uncheck Trust digitally signed applications, however I've noticed in reports that analysed files are still being sent to Trusted on the basis of them having digital signatures.  It says in the report:  Reason: Signed by the digital signature of trusted vendors

Can someone please explain this behaviour?  I always thought it defaulted to KSN if Trust digitally signed applications was unchecked. 

Edited November 28, 2022 by templar

[Flood and Flood's wife]

Hello @templar, 

Welcome back! 

According to Intrusion Prevention settings doco:

Trust digitally signed applications: 

If this check box is selected, Intrusion Prevention classifies digitally signed applications as trusted. Intrusion Prevention moves these applications to the Trusted group and does not scan their activity.

If this check box is cleared, Intrusion Prevention does not classify digitally signed applications as trusted and scans their activities. Intrusion Prevention classifies applications of trusted software vendors (for example, Microsoft) as trusted regardless of whether the check box is selected.

Load rules for applications from Kaspersky Security Network (KSN):

If this check box is selected, Intrusion Prevention sends a request to the Kaspersky Security Network database in order to define the application group.

If this check box is cleared, Intrusion Prevention does not search for information in the Kaspersky Security Network database in order to determine the application's trust group.

1. Are the Kaspersky Reports showing events contrary to the documentation, please post full screen images of the reports, we need to see what you see please? 

Thank you?
Flood?+?

Edited November 28, 2022 by Flood and Flood's wife

[templar]

53 minutes ago, Flood and Flood's wife said:

Hello @templar, 

Welcome back! 

According to Intrusion Prevention settings doco:

Trust digitally signed applications: 

If this check box is selected, Intrusion Prevention classifies digitally signed applications as trusted. Intrusion Prevention moves these applications to the Trusted group and does not scan their activity.

If this check box is cleared, Intrusion Prevention does not classify digitally signed applications as trusted and scans their activities. Intrusion Prevention classifies applications of trusted software vendors (for example, Microsoft) as trusted regardless of whether the check box is selected.

Load rules for applications from Kaspersky Security Network (KSN):

If this check box is selected, Intrusion Prevention sends a request to the Kaspersky Security Network database in order to define the application group.

If this check box is cleared, Intrusion Prevention does not search for information in the Kaspersky Security Network database in order to determine the application's trust group.

1. Are the Kaspersky Reports showing events contrary to the documentation, please post full screen images of the reports, we need to see what you see please? 

Thank you?
Flood?+?

@Flood and Flood's wifeDammit, how did I not see that!

Digressing, I like the new GUI.  I've been using Kaspersky since the days of Personal Pro 5.0 in 2004 and it just keeps getting better.

Thanks for the clarification. ?

Edited November 28, 2022 by templar
tagged

[Flood and Flood's wife]

9 minutes ago, templar said:

@Flood and Flood's wifeDammit, how did I not see that! Digressing, I like the new GUI.  I've been using Kaspersky since the days of Personal Pro 5.0 in 2004 and it just keeps getting better. Thanks for the clarification. ?

Hello @templar, 

LOL! You can't see everything?️‍♂️ & you're most welcome!

• A little tip, whether it's old or new Kaspersky software, in any GUI window, top right-hand-corner, the ❔represents HELP, selecting ❔will open Kaspersky's Online Help resource, for that specific GUI window. 
• Kaspersky will be delighted to read you think the software 'just keeps getting better', thank you for the positive feedback?

Flood?+?