What does Kaspersky's default deny/zero trust mode do and how to set it properly?

[kK574outrider]

What does Kaspersky's default deny/zero trust mode do (in Intrusion Prevention settings)? In a few articles here it mentioned that if you set intrusion prevention to default deny (untrusted), it will basically block the execution of all applications that are not in the Kaspersky Security Network list of trusted applications. Is this true?

What I'm trying to achieve here is if someone in my family uses my computer and accidentally uses it to download and install, let's say, adware or a PUP (not necessarily malware but still untrustworthy), will Kaspersky outright block the installation because it's not in Kaspersky's list of trusted applications? I also made Kaspersky password protected so others can't modify any settings.

In short I'm trying to avoid the following scenario:

My little brother Timmy (I don't have anyone named Timmy) figured out my computer password and installed a cracked game during a day when I was not home, and I got to see a potentially harmful program installed on my computer the next day when I came home. Even if this crack were to be free of malware, I don't want this to happen.

Is this the right way to set Kaspersky Premium into default deny/zero trust mode?

Please see the image.

I'm grateful for any assistance.

 

 

[Berny]

@kK574outrider

7 minutes ago, kK574outrider said:

… adware or a PUP … if crack

In a lot of cases Kaspersky will flag and report the detection as not-a-virus

[harlan4096]

To implement Default Deny, go to Intrusion Prevention settings, also called in the past Application Control, and set it like this:

 

 

Still We could go even stronger, un ticking Trust digitally signed applications option, but this can cause that some legit apps will be blocked while installing/running, if not signed or not signed properly, but You could move them manually to Trusted group.

[AlexeyK]

35 минут назад, kK574outrider сказал:

Please see the image.

These settings are too aggressive. Untrusted is a group for malicious files with all restrictions: all actions are denied, including launching. Many safe files can be placed by the product in the Low Restricted group by default, where allowed almost all actions. Such setting will interfere more than help: can cause errors while installing, updating and launching some safe applications.

With the default produst settings, when PUP is detected, there will be a Windows Security and GUI notification, adware will be automatically removed.

It is better to try to prevent "Timmy" from figuring out your computer password. This is the best option. 🙂

[Flood and Flood's wife]

1 hour ago, kK574outrider said:

In short I'm trying to avoid the following scenario: My little brother 'Timmy' figured out my computer password  (I don't have anyone named Timmy)

 

Hello @kK574outrider,

1. Also, use Windows Hello Face ID & OR Fingerprint authentication to protect the computer.
2. Password-protect Kaspersky Premium, read: How to password-protect access to the application management functions                                                   

Thank you🙏
Flood🐳+🐋

[AlexeyK]

2 часа назад, harlan4096 сказал:

un ticking Trust digitally signed applications option, but this can cause that some legit apps will be blocked while installing/running, if not signed or not signed properly

This installer (screenshot) is signed properly, Trusted (digital signature). But installation fails. Because now it's Untrusted installer. 

What if the unsigned file is new and just unknown in KSN? It will be blocked even with enabled trusting digitally signed apps. And the product will not report this, there will simply be an installation/update/launch error.

There is also apps Trusted (digital signature without confirmation). These apps will be blocked instead of running normally in the Low Restricted group. So, there can be a lot of problems with these settings. 

Спойлер

[harlan4096]

Certainly un ticking that option, as I posted, may cause issues, a digitally signed app can be blocked, if the cert is not approved, also if not enough reputation in KSN, also if the files spawned during installation are not signed and approved and known by KSN, of course the installation will break.

 

But that's Default Deny / Anti-Exe, I use that strong config in my KES, but it is not for standard users... nor in a system of constant new app installations.

[AlexeyK]

19 минут назад, harlan4096 сказал:

I use that strong config in my KES, but it is not for standard users... nor in a system of constant new app installations.

Yes, it's not very suitable for home users. Only for advanced users who want to forbid everything that is not in the "green zone".) Almost like whitelists, which were removed from the products a long time ago. And even then, some additional tuning will be required for the further use.