Advice Request Kaspersky Firewall - block internet access for specific apps when on a public network?

[Didie Farhan]

I want to know is there anyway to block internet access from software when using public network. I want to block internet access for certain software when connecting to public network but allow when connected to local network.
Thank you.

 

[v.maroz]

Yes, there is such an opportunity.

settings - protection - firewall - configure application rules - right click on the group application - details & rules - network rules - publik network - action "Deny"

 

[Didie Farhan]

Thank you for your reply.
But when I do that, kaspersky will block the software from accessing the internet even within the local network.

 

[mamamia]

So, no solution my friend?.

 

[Didie Farhan]

Unfortunately there is still no solution. I'm still waiting for answers.

 

[Evjl's Rain]

1/ Settings -> Protection -> Firewall -> Networks -> change "Network type" of your home/local network to Trusted or Local network. Trusted has no restriction while Local has some small restrictions. Leave "Public network" as what they are -> close the window

2/ Go back to Firewall -> Configure application rules -> double click on which programs you want to block -> Network rules -> select "Deny" on Public network, with an X

3/ you may want to select "Log events" if you want to know if the program is blocked when you have a problem with connection
- Main UI -> More tools -> Report -> Detail reports -> select "Firewall" events -> you will see what is blocked if you choose "log event"

 

[Didie Farhan]

Thank you for your reply. But when I do that it will block the app from accessing the internet even connected from local network.

 

[Evjl's Rain]

Thank you for your reply. But when I do that it will block the app from accessing the internet even connected from local network.

did you block the same for "Explorer.exe"? if you do. You should enable this for your browser


after changing any rule in KIS, you should close the program and restart it so the new rule can be applied

 

[Didie Farhan]

No i did not block explorer.exe. I only block google chrome. I did restart google chrome and check do not inherit option but the result still same.

 

[Evjl's Rain]

No i did not block explorer.exe. I only block google chrome.

have you fixed your problem after checking "do not inherit..."? if you can't, check "Log events" -> close chrome -> open it -> show us the Firewall log

 

[Didie Farhan]

Here the screenshot of firewall log

 

[Evjl's Rain]

Here the screenshot of firewall log

go to the app settings -> change the options of Trusted and local networks to "Allow" = the second option (not inherit)

if that doesn't work, change your network type into Trusted
if all don't work, I don't know what happens because I have no access to your PC. Take screenshots of all tabs of chrome in KIS's settings and consider resetting the whole firewall settings

 

[codswollip]

Under Windows Control Panel/Network and Sharing Center... is your LAN connection designated as "Private"? Or "Public"?

 

[Didie Farhan]

go to the app settings -> change the options of Trusted and local networks to "Allow" = the second option (not inherit)

if that doesn't work, change your network type into Trusted
if all don't work, I don't know what happens because I have no access to your PC. Take screenshots of all tabs of chrome in KIS's settings and consider resetting the whole firewall settings

The result still same.
Here screenshots and firewall logs

 

[Didie Farhan]

Under Windows Control Panel/Network and Sharing Center... is your LAN connection designated as "Private"? Or "Public"?

Private network

 

[harlan4096]

I'm getting the same results (KTS2018f) but with wired EtherNet conenction, and just some crazy thoughts came to my mind :

I think the problem here is that InterNet connection is Public (and always will be) in Kaspersky settings, so if You block it You'll never connect to InterNet whether you are on a trusted network or local network... in Your local network You don't have InterNet access unless You get it from outside (Public)...

 

[Evjl's Rain]

so it's a bug and needs to be fixed. Could you please report it to kaspersky?
I tested myself and I got the same result

 

[harlan4096]

I'm still not sure if it's a bug... that settings probably are ok for public VPN connections or Public Wi-Fi connections, but not for a trusted/local connection which gets InterNet connection from outside... just a thought... anyway I'll expose this situation in Kaspersky forum and see how other Kaspersky users will say

 

[Didie Farhan]

I just received an answer from kaspersky support

We've just received a reply from our Escalation Team with the following information.

1) We believe there's been a confusion in understanding the terms and working methodology of the application and its blocking mechanism.

- Home / Local network is referred to as the home environment that is : a router and connected devices on that particular router only.

- Internet connection however by default is considered Public.

If the website or the application resource is located on the same network (For example a website hosted on another laptop or your network or files located on another system that are required by the application as long as its within that network cycle would work, the minute you try to find a resource outside on the internet its considered public automatically and you will encounter the issues, that you are currently facing.

Does that mean there is nothing I can do.

 

[harlan4096]

It's just basically what I said in my posts #16 & 18...