Some quick thoughts on Kasperskys 2011 & Pure

[G1LLY]

I've used KIS for about 2 years now (Got it through my Bank also), been pretty happy with it so far, haven't really had any major problems with it.

Looked at getting Pure, but I have other programs that do similar stuff like file shredding etc.

Anyway, overall I'm a happy KIS user.

 

[OEM]

OK I have a little time on my hands and have just tried to run the program after placing it in the trusted group and it seems to be running ok Good news.

I wanted to ask about my "Utorrent" program as I am having the same problems with that, I want KIS 2011 to scan it when it is in use but I also want to be able to use it what group should that be placed in ?


Steve

I would try and place it in the "restricted" group, first try high, but if having problems, then try low. Here's a description of what each group does:



Firewall analyzes the activity of each application running on your computer. Depending on the threat rating, every application is included to one of the following groups:

• Trusted. Trusted applications are applications with digital signatures of trusted vendors and applications signatures of those are included to the trusted applications database. Activities of such applications are monitored by Proactive Defense and File Anti-Virus.

Applications of that group are allowed to perform any network activity irrespectively of the network status.

​

• Low Restricted. Low restricted applications are applications which are without digital signatures of trusted vendors and which are not included to the trusted applications database. Nevertheless, the low risk rating is assigned to such applications.

Applications of that group are allowed to perform any network activity in non-interactive mode. If you are using the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection, or create an application rule using the Wizard.

​

• High Restricted. High restricted applications are applications without digital signatures and which are not included to the trusted applications database. The high risk rating is assigned to such applications.

Applications of that group are not allowed to perform network activity in non-interactive mode. If you are using the interactive mode, a notification will be displayed on the screen using which you can allow or block a connection, or create an application rule using the Wizard.

​

• Untrusted. Untrusted applications are applications without digital signatures and which are not included to the trusted applications database. Very high risk rating is assigned to such applications.

Any network activity is prohibited for the applications of that group.
​

Source:
Changing rule for groups of applications in Kaspersky Internet Security 2010

As with most anti-virus software, they are continually scanning network traffic including downloads. This is known as "real-time protection". When a file has completed its download, you might notice a delay in the dl window closing, and thats b/c KIS/KAV is scanning that file while its still in the cache and before it places it where you chose to download it to. Having said that, it's not a perfect world and malware can still slip by, so be careful when downloading anything, specially from torrent sites. Do your best in researching the source owner of the file and his/her history of uploads.

Good Luck, -OEM

Edit/Added:

After some thought and as it says about the high restrictive group, the programs in this group will only have access to network activity if your using kis in interactive mode. Interactive mode is when you have to decide whether or not to allow a program access each time it looks reach out on the network via an automatic pop-up from KIS when the program looks to access the network. I doubt your using interactive mode, so I would try the low restrictive group. Sorry about that, forgot about that tidbit, but important fact.

 

[steve-pressman]

Ok after a little tinkering I have finally got it in the low Restricted group they don't make thins easy do they Anyway so far, it is working as it should now I am also getting this a lot now " see Image" although I never got it in KIS 2010 was really annoying until I found out how to turn notification off.


Steve

 

[OEM]

Ok after a little tinkering I have finally got it in the low Restricted group they don't make thins easy do they Anyway so far, it is working as it should now I am also getting this a lot now " see Image" although I never got it in KIS 2010 was really annoying until I found out how to turn notification off.


Steve

That appears to be a warning that a PC is trying to gain access to yours illegally. Its OK that you've choose to stop the notification, but look into whether or not a PC has gained access to your system. It has provided that PC's ip address, so you could do an IP address lookup and find out some info on where and maybe who is trying to access your system. Look under reports / detailed reports / network attacks. That will show you who how many times someone is has or is trying to gain access to your PC. Also look at the reports from firewall, and application control. Be sure that all the symbols in the upper right corner are selected and also you can change the display to group actions.

If you like more info to be kept, go to settings, select the far right icon that looks to be a box on the left and chose reports and storage. Check the box, log non critical events. This shouldn't be necessary to see any malware or computer attacks, but you might want to see all of what KIS can keep track of. It can be overwelming at times so get used to selecting group by result option.

Keep an eye on the info in that pop-up and that your PC isn't allowing other PC's access. Do you have high speed internet and if so, is a router in use?

Edit/Added: I checked that IP, its a PC from China. Be Careful!!!

Hostname:124.135.228.30ISP:China Unicom Shandong province networkOrganization:China Unicom Shandong province networkProxy:None detectedType:BroadbandAssignment:Static IP

 

[steve-pressman]

Yes to the High Speed Internet and yes to the Router.


Steve

 

[mickey megabyte]

sorry for butting in, but i've fixed my wei problem.

nothing at all to do with good old kaspersky - instead it is down to the fact that i've got ultimate N, which doesn't bundle windows media player.

downloaded it, and problem gone.

 

[OEM]

Yes to the High Speed Internet and yes to the Router.


Steve

Good to know you have a router with H/S.

Did you check the network attack report?

That pop-up warning was a denial of service- PC blocked, ...turns out that PC is someone in China. He's not using a proxy and has a static ip so he's not trying to hide himself, but none-the-less he did try to gain access to your PC and KIS did right by blocking him.

 

[steve-pressman]

Well done Mickey glad it's fixed

OK I am still having problems with Utorrent

Here is the message I get all the time when trying to download


Ok I think I might have fixed it now I have again moved it to the excluded program but made it a trusted application Hmm kinda contradicts it's self then though I will report back.

Steve

 

[OEM]

Well done Mickey glad it's fixed

OK I am still having problems with Utorrent

Here is the message I get all the time when trying to download


Ok I think I might have fixed it now I have again moved it to the excluded program but made it a trusted application Hmm kinda contradicts it's self then though I will report back.

Steve

If you trying to download something thru u torrent at the time of that pop-up, then it might just be that PC in china is the PC that your trying to download from. ...dunno, I don't torrent, as far as making ut trusted and excluded, you really could be putting your system at risk.

I'm no expert and we've gone a bit off-topic here, but it might be best if you post a thread over on the kaspersky forum. They don't like to hear about people using torrent, but if you ask about placing programs in the exclusion list, they might be better at letting you know if your at risk and to what extent. I know ut doesn't always mean someone is up to no good, but like I said I've seen mods over there close threads on discussions about ut's.

Search for a forum geared to system protection and security as they might be better in helping you with ut and setting kis up the best way to work with it, keeping you as safe as possible. Sorry I can't help you with this, but I'd hate to see you setting yourself up for malware or having your PC taken over.

Good Luck, -OEM

 

[steve-pressman]

Ok Man no worries I will monitor it for a few days and see what happens


Steve

 

[jaypels]

Ok after a little tinkering I have finally got it in the low Restricted group they don't make thins easy do they Anyway so far, it is working as it should now I am also getting this a lot now " see Image" although I never got it in KIS 2010 was really annoying until I found out how to turn notification off.


Steve

i get that popup quite a lot lately too.. i thought i was the only one having that problem but i guess i have someone i can relate to now.. i guess it could not be helped since we installed a p2p software but it really helps that kaspersky blocks them out.. if not for kaspersky, i would not be getting those kind of popups but i would never know if my pc was attacked or hijacked until it is too late and the only thing i could do is to reinstall windows .. if kaspersky is a person here, i would DEFINITELY rep him..

 

[ICIT2LOL]

Other forums

Well done Mickey glad it's fixed

OK I am still having problems with Utorrent

Here is the message I get all the time when trying to download


Ok I think I might have fixed it now I have again moved it to the excluded program but made it a trusted application Hmm kinda contradicts it's self then though I will report back.

Steve

If you trying to download something thru u torrent at the time of that pop-up, then it might just be that PC in china is the PC that your trying to download from. ...dunno, I don't torrent, as far as making ut trusted and excluded, you really could be putting your system at risk.

I'm no expert and we've gone a bit off-topic here, but it might be best if you post a thread over on the kaspersky forum. They don't like to hear about people using torrent, but if you ask about placing programs in the exclusion list, they might be better at letting you know if your at risk and to what extent. I know ut doesn't always mean someone is up to no good, but like I said I've seen mods over there close threads on discussions about ut's.

Search for a forum geared to system protection and security as they might be better in helping you with ut and setting kis up the best way to work with it, keeping you as safe as possible. Sorry I can't help you with this, but I'd hate to see you setting yourself up for malware or having your PC taken over.

Good Luck, -OEM

Yeh you blokes just beware of the K Fan Club and the generic support list have had loads od problems with cookies especially one - yadro.ru that coems with botth. Stick with the K Lab forum. An alternative is www. whirlpool.net.au here in down under - top config by a fellow who's really on the ball - does a lot of testing AV's especially KIS. The wiki is in the KB of the site - top stuff and you can always ad your own tweaks I only set scans on full heuristics as am a little para.

Takes about 30-40mins to complete slower than some but thorough. Plus I use the free MBAM as a secondary backup - but only in the free version and with the Scanner Settings / scan filesystem objects turned off.

OH and current version here id .556(b.c) - better check.