KAV\KIS\KTS\KFA\KS\KSOS: 21.0.7.318 beta

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Yeah, but as I already said several times in this forum, probably and due to the W10 1903 delay, They had to deliver also Patch B, who is being delivered already but very slowly as I don't have it yet :)
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Screen-Shot of the rule
I had to restore a system image, because my legacy program connected to the internet and became disabled...
In application control, at the right end of the line, there is the network column. I set it to block, and it showed a red X. That is supposed to block internet, correct?
 

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Yes: (x) Deny

Update: I have just tried to block Chrome in my KTS2021beta and it worked, Chrome could not access to InterNet... usually You have to close the application while creating the rule if it was running...
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I had to restore a system image, because my legacy program connected to the internet and became disabled...
In application control, at the right end of the line, there is the network column. I set it to block, and it showed a red X. That is supposed to block internet, correct?
I am having the exact same problem with KIS 20. In the screenshot you can see that Babylon is denied internet, but it is showing a high network traffic, and the program window is displaying results from Wikipedia, which is an online resource.

I made the rule, rebooted, waited a few minutes to make sure KIS was fully active, and then I opened Babylon.
The only explanation I have is that Babylon is inheriting the network setting of the Trusted category, to which it belongs, and this is overriding the specific deny rule.

The behavior is as follows: Babylon launches with no internet. Then after a minute it freezes. After a forced termination of the process, and relaunch, it gains network access. This seems to indicate that it is governed by two conflicting rules. It looks to me like a bug in Kaspersky HIPS.

Windows Firewall has no problem blocking Babylon.

Annotation 2019-06-12 101746.png
 
Last edited:

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
@shmu26: do You get the same behavior/issue with other applications or only with Babylon? :unsure:
 

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Can you tell the installer of that Babylon, I will try to install and reproduce the issue, and collect traces to send a report to KL, thanks.
 
  • Like
Reactions: stefanos

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Thanks! FF blocked the download (malicious), I have to manually allow it :)
 
  • Like
Reactions: shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Thanks! FF blocked the download (malicious), I have to manually allow it :)
Google Chrome, too, has decided that it is a malicious download, and blocks it, but I was able to download it in MS Edge, and it has a valid digital sig from the vendor. The link is from the official Babylon translation website, it is not third-party.

The file gets 2 hits on virustotal, that's not bad:
 
  • Like
Reactions: harlan4096

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
@shmu26:

Hum... it seems I can't reproduce Your issue here (KTS2021beta)... check the rules I created:



The traffic in Babylon services/executables remains static, except that reflected there -> I ran a try to translate one or 2 words online without any blocking rule 1st...

After applying the rules, I constantly "Get to translate offline?..." and the traffic does not change in any Babylon service, I closed Babylon and re ran several times to repeat the test, the same result, no access to network :unsure:
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@shmu26:

Hum... it seems I can't reproduce Your issue here (KTS2021beta)... check the rules I created:



The traffic in Babylon services/executables remains static, except that reflected there -> I ran a try to translate one or 2 words online without any blocking rule 1st...

After applying the rules, I constantly "Get to translate offline?..." and the traffic does not change in any Babylon service, I closed Babylon and re ran several times to repeat the test, the same result, no access to network :unsure:

So it's working right for you. If you have any ideas what I am doing wrong, let me know...
 
  • Like
Reactions: harlan4096

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Did you block the 3 networks as in my rule? also, did You block the access to all Babylon services in both groups in AC?
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Did you block the 3 networks as in my rule? also, did You block the access to all Babylon services in both groups in AC?
I did not block the 3 networks. I simply opened application control, and clicked on the network button at the right end of the line, setting it to block.

I did block all babyon services in both groups.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
Is the KIS 2021 Beta pretty stable? Well as stable as a Beta can be? I'm thinking about installing it and helping to find any bugs etc. Thanks for all the info you've provided in this thread @harlan4096
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top