Feature Request: Processes as Resources | Process Protection | HIPS [MOVED]

[Turing]

First of all, hello community. This is my very first post and I am excited to get to know the community.

 

I spend a lot of hours in the last weeks and days to completely understand all mechanics and options of KIS. For me, as a power user the customized protection through targeted configuration to the system circumstances is the highest of feelings. Security Software which have the ability of a very high customization with many options and complex rule management are really rare because the basic user usually does not want to worry about any configuration. At this point I must congratulate the product. It is obviously that the designers' goal was to combine a highly customizable and flexible security framework with ease of use and without scaring away the basic user.

I especially like the realization of the management of resources and the comfortable way to configure new resources and their protection.

 

There's only one thing I really miss: To define processes as resources and to restrict the access to these processes. Or in other words: The ability to protect specific critical processes like password manager or banking applications.

 

First possible way:

New option In the configuration menu “Manage resources” to define process related restrictions. In addition to the existing access types (read, write, create and delete) which only refer to file access, new process related access types could be added (e.g. access to the process memory, Event Hooks, Windows Messages, ...).

 

Another possible way:

New register “Protection” in the application rules window (manage application → “Details and rules” of a specific application). This new register/tab could allow to define process protection. For example you can define that untrusted, low and high restricted applications are not allowed to access the process memory of this application.

 

It would be great if this feature could be introduced in the future because it would be a great contribution to the protection against specialized spyware and injection attacks.

Or is it already implemented and I've missed it?

 

Thanks for consideration and any feedback!

 

[nexon]

Hi,

Process (resources) did you mean this? (see screenshot)

Also HIPS is already implementet : https://www.kaspersky.com/enterprise-security/wiki-section/products/application-control-and-hips

https://media.kaspersky.com/pdf/Kaspersky_Lab_Whitepaper_HIPS_ENG.pdf

 

And functions in Kaspersky 

 

 

[Turing]

I already know these pages and Im also aware of the existing HIPS abilities of KIS. But these features refer only to file access restrictions and not to process related restrictions like accessing other process memory.

With the existing functionality it is only possible to define the “rights” (manage application → “Details and rules” of a specific application) to e.g. access other processes memory in general.

However it is not possible to restrict the access to the process memory of specific processes.

 

For example:

How I can prevent, that a trusted application can access the process memory of my password manager?

[harlan4096]

Do You mean something like this:

 

 

You can control specifically all of these rights for every application controlled by Application Control… or for the whole trusting group…

 

Update: to request a feature Your best bet is to contact and suggest to Kaspersky Support via https://center.kaspersky.com/

[Turing]

Thanks for your fast replies and trying to help ☺

I also know this screen. But with that functionality you cannot serve my mentioned example.

In this screen you can define that a specific application or a group of applications have the “rights” to access other process memory in general.

 

Trying to use this feature to serve my use case:

If you want to prevent trusted applications to access the process memory of a specific application (e.g. password manager), you have to take the complete right to access other processes memory and this will lead to crashes because many applications need to access the process memory of e.g. other processes of the same application.

[harlan4096]

That’s a very specific setting, probably not in so many security solutions…

 

As already said, to request a feature Your best bet is to contact and suggest to Kaspersky Support via https://center.kaspersky.com/

[Turing]

Yes, that is true. It is very specific but also a very powerful feature and not far away when I view the already existing HIPS features (which are really great and already much more powerful than the HIPS features of many other security solutions).

However, thank you very much for discussing and pointing me out to the support page.