- Sep 7, 2016
- 76
update video
video 3 low restriced freegate
norton-eset-emsisoft and comodo no problem
kis===>> bypass
Bypass Firewall kaspersky 2017
- Thread starter aliali
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
update video
video 3 low restriced freegate
norton-eset-emsisoft and comodo no problem
kis===>> bypass
- May 14, 2016
- 1,597
Last video is set to "private"update video
video 3 low restriced freegate
norton-eset-emsisoft and comodo no problem
kis===>> bypass
- Aug 31, 2016
- 578
working for me so looks like it's fixed.
- May 14, 2016
- 1,597
- Apr 28, 2015
- 8,915
The problem here is that if You are not in Interactive Mode (by default KIS/KTS are in Auto Mode) any of the sets "Prompt for action" will work, and it seems Kaspersky just lets the access to network... try the same, but in Interactive Mode, and You will get prompts...
I have just tried it with ZAM Portable: in Auto Mode but and Low Restricted it could access to network, but in Interactive Mode I got many warnings, some of them because trying to access to sensible system areas and also 1 from FireWall...
I'm not sure this is by design or not (I guess that is), but this is how it works, settings of "Prompts" in Auto Mode don't work and Kaspersky does not deny...
I have just tried it with ZAM Portable: in Auto Mode but and Low Restricted it could access to network, but in Interactive Mode I got many warnings, some of them because trying to access to sensible system areas and also 1 from FireWall...
I'm not sure this is by design or not (I guess that is), but this is how it works, settings of "Prompts" in Auto Mode don't work and Kaspersky does not deny...
- Jan 14, 2016
- 601
So true, @harlan4096
Kaspersky HIPS setting in auto mode (Perform Actions Automatically) is Allow = Prompt
So IMO, these kinds of things should be done in default & interactive (for users of both worlds). And it is only a true bypass if it is successful in interactive mode otherwise it SHOULD be mentioned in the title about default settings/auto mode.
All these things aside, this should be taken care of. Thanks for these videos.
Regards.
Kaspersky HIPS setting in auto mode (Perform Actions Automatically) is Allow = Prompt
So IMO, these kinds of things should be done in default & interactive (for users of both worlds). And it is only a true bypass if it is successful in interactive mode otherwise it SHOULD be mentioned in the title about default settings/auto mode.
All these things aside, this should be taken care of. Thanks for these videos.
Regards.
- Sep 7, 2016
- 76
- May 14, 2016
- 1,597
Last edited:
Haha he always forgets about the private setting haha!Thanks for you last video
It is set to "private"
@aliali Can you let me know when you fixed the video from the private setting?
- Sep 7, 2016
- 76
in conclusion, KIS firewall was bypassed. no excuse here
also this is why I really really hate the interactive mode which asks the same thing again and again, you can notice it in the video. When I was installing a program, it was asking endlessly. I couldn't stand within 10 minutes -> enabled automode
this should be reported to kaspersky and hopefully they will fix it
edit: I noticed the proxy program uses localhost ip address 127.0.0.1. I don't know if KIS is able to monitor localhost or not by default sttings
also this is why I really really hate the interactive mode which asks the same thing again and again, you can notice it in the video. When I was installing a program, it was asking endlessly. I couldn't stand within 10 minutes -> enabled automode
this should be reported to kaspersky and hopefully they will fix it
edit: I noticed the proxy program uses localhost ip address 127.0.0.1. I don't know if KIS is able to monitor localhost or not by default sttings
That's exactely what i meant posting before: if loopback interface is trusted then all traffic to that interface is trusted by default and if proxy program is allowed all traffic flows through... aliali can you check it?
- Sep 7, 2016
- 76
@aliali - report your valid bug finding...
Loopback isn't used for network transmission.
(2) Loopback is a communication channel with only one endpoint. TCP/IP networks specify a loopback that allows client software to communicate with server software on the same computer. users can specify an IP address, usually 127.0.0.1, which will point back to the computer's TCP/IP network configuration.
The purpose of the loopback range is testing of the TCP/IP protocol implementation on a host.
27.0.0.0 to 127.255.255.255. IP datagrams sent by a host to a 127.x.x.x loopback address are not passed down to the data link layer for transmission. Instead, they “loop back” to the source device at the IP level. In essence, this represents a “short-circuiting” of the normal protocol stack; data is sent by a device's layer three IP implementation and then immediately received by it.
The TCP/IP Guide - IP Reserved, Loopback and Private Addresses
- Jan 14, 2016
- 601
Either this is by design, i mean the proxy software is allowed access to network so when the traffic is routed through it, chrome can make internet connections (I am not an expert, just taking my novice approach to understand this) Or this is a true bypass of the firewall & should be fixed in the upcoming version (through patch in existing versions).
Kaspersky 2018 beta testing is running, maybe we'll get an answer for this, i.e., is it by design? or a bug?
Kaspersky 2018 beta testing is running, maybe we'll get an answer for this, i.e., is it by design? or a bug?
Last edited:
That's not completely true because you can do ipc using tcp and 127.0.0.1. Infact a local proxy/anonymizer, like the one used in the video i saw, works that way: it put itself listening for connection on a specific port and then get the web page you request back on the same tcp channel.
An interface is seen as a network device. The loopback interface is not a real device, you can think of it like a software device with 127.0.0.1 as ip address. I'm not sure if kaspersky has this or not.. but i think you should give it a try. Beside, I don't think that installing a local proxy/anonymizer can be seen as an excape/circumvent firewall way because you sits in front of the pc when you install it and already have full access to the pc itself. So, just check firewall application menu for loopback existence and if it's a trusted zone (loopback it' local so it may be trusted). Maybe someone using kaspersky, or someone from kaspersky, can be of more help than me..
If any public switch, router, or gateway receives a packet addressed to the loopback IP address, it is required to drop the packet without logging the information. As a result, if a data packet is delivered outside of the localhost, by design it will not accidently arrive at a computer which will try to answer it. This aspect of the loopback helps ensure network security is maintained, since most computers will answer packets addressed to their respective loopback address which may also unexpectedly activate other services on a machine by responding to a stray data packet.
The proxy\anonymizer is violating the basic security protocol and Kaspersky is missing it. It's a bypass...
Malware can use the exact same method.
Since he reported it as far back as 2014, perhaps Kaspersky knows about it and has decided not to pursue a fix for whatever reason(s).
The proxy\anonymizer is violating the basic security protocol and Kaspersky is missing it. It's a bypass...
Malware can use the exact same method.
Since he reported it as far back as 2014, perhaps Kaspersky knows about it and has decided not to pursue a fix for whatever reason(s).
Last edited by a moderator:
Ok. I remembered i've a friend of mine with kaspersky. It's the italian version but it's easy to understand.
1. there's no loopback interface and kaspersky does not monitor traffic incoming and outgoing from that interface, i suppose by design;
2. you can create a firewall rule to block traffic on loopback addresses.
Try this way while keeping in mind that if you do this you'll end up cutting off all traffic on 127.0.0.1, don't do it if you're not sure what you do
1. there's no loopback interface and kaspersky does not monitor traffic incoming and outgoing from that interface, i suppose by design;
2. you can create a firewall rule to block traffic on loopback addresses.
Try this way while keeping in mind that if you do this you'll end up cutting off all traffic on 127.0.0.1, don't do it if you're not sure what you do
- Sep 7, 2016
- 76
Ok. I remembered i've a friend of mine with kaspersky. It's the italian version but it's easy to understand.
1. there's no loopback interface and kaspersky does not monitor traffic incoming and outgoing from that interface, i suppose by design;
2. you can create a firewall rule to block traffic on loopback addresses.
Try this way while keeping in mind that if you do this you'll end up cutting off all traffic on 127.0.0.1, don't do it if you're not sure what you do
update video
loopback test(bypass kaspersky firewall)
Last edited:
