harlan4096

Level 62
Verified
Staff member
Malware Hunter
Yeah, but as I already said several times in this forum, probably and due to the W10 1903 delay, They had to deliver also Patch B, who is being delivered already but very slowly as I don't have it yet :)
 

harlan4096

Level 62
Verified
Staff member
Malware Hunter
Yes: (x) Deny

Update: I have just tried to block Chrome in my KTS2021beta and it worked, Chrome could not access to InterNet... usually You have to close the application while creating the rule if it was running...
 

shmu26

Level 82
Verified
Trusted
Content Creator
I had to restore a system image, because my legacy program connected to the internet and became disabled...
In application control, at the right end of the line, there is the network column. I set it to block, and it showed a red X. That is supposed to block internet, correct?
I am having the exact same problem with KIS 20. In the screenshot you can see that Babylon is denied internet, but it is showing a high network traffic, and the program window is displaying results from Wikipedia, which is an online resource.

I made the rule, rebooted, waited a few minutes to make sure KIS was fully active, and then I opened Babylon.
The only explanation I have is that Babylon is inheriting the network setting of the Trusted category, to which it belongs, and this is overriding the specific deny rule.

The behavior is as follows: Babylon launches with no internet. Then after a minute it freezes. After a forced termination of the process, and relaunch, it gains network access. This seems to indicate that it is governed by two conflicting rules. It looks to me like a bug in Kaspersky HIPS.

Windows Firewall has no problem blocking Babylon.

Annotation 2019-06-12 101746.png
 
Last edited:

harlan4096

Level 62
Verified
Staff member
Malware Hunter
Can you tell the installer of that Babylon, I will try to install and reproduce the issue, and collect traces to send a report to KL, thanks.
 
  • Like
Reactions: stefanos

shmu26

Level 82
Verified
Trusted
Content Creator
Thanks! FF blocked the download (malicious), I have to manually allow it :)
Google Chrome, too, has decided that it is a malicious download, and blocks it, but I was able to download it in MS Edge, and it has a valid digital sig from the vendor. The link is from the official Babylon translation website, it is not third-party.

The file gets 2 hits on virustotal, that's not bad:
 
  • Like
Reactions: harlan4096

harlan4096

Level 62
Verified
Staff member
Malware Hunter
@shmu26:

Hum... it seems I can't reproduce Your issue here (KTS2021beta)... check the rules I created:


The traffic in Babylon services/executables remains static, except that reflected there -> I ran a try to translate one or 2 words online without any blocking rule 1st...

After applying the rules, I constantly "Get to translate offline?..." and the traffic does not change in any Babylon service, I closed Babylon and re ran several times to repeat the test, the same result, no access to network :emoji_thinking:
 
Last edited:

shmu26

Level 82
Verified
Trusted
Content Creator
@shmu26:

Hum... it seems I can't reproduce Your issue here (KTS2021beta)... check the rules I created:


The traffic in Babylon services/executables remains static, except that reflected there -> I ran a try to translate one or 2 words online without any blocking rule 1st...

After applying the rules, I constantly "Get to translate offline?..." and the traffic does not change in any Babylon service, I closed Babylon and re ran several times to repeat the test, the same result, no access to network :emoji_thinking:
So it's working right for you. If you have any ideas what I am doing wrong, let me know...
 
  • Like
Reactions: harlan4096

harlan4096

Level 62
Verified
Staff member
Malware Hunter
Did you block the 3 networks as in my rule? also, did You block the access to all Babylon services in both groups in AC?
 

shmu26

Level 82
Verified
Trusted
Content Creator
Did you block the 3 networks as in my rule? also, did You block the access to all Babylon services in both groups in AC?
I did not block the 3 networks. I simply opened application control, and clicked on the network button at the right end of the line, setting it to block.

I did block all babyon services in both groups.
 

ZeroDay

Level 28
Verified
Malware Tester
Is the KIS 2021 Beta pretty stable? Well as stable as a Beta can be? I'm thinking about installing it and helping to find any bugs etc. Thanks for all the info you've provided in this thread @harlan4096