Q&A [Solved] KIS 2018's broken firewall - blocking allowed programs

Discussion in 'Kaspersky' started by Evjl's Rain, Dec 26, 2017.

  1. Evjl's Rain

    Evjl's Rain Level 28
    Trusted AV Tester

    Apr 18, 2016
    1,797
    13,150
    Vietnam
    Windows 8.1
    Avast
    #1 Evjl's Rain, Dec 26, 2017
    Last edited: Dec 26, 2017
    hi, I want to report my finding with KIS 2018's firewall

    1/ I want to lockdown my browser (slimjet) so I set up some rules for it
    - these are some screenshots
    - 1st rule and 4th rule. The 2nd and the 3rd don't affect the result
    - I enabled "log events" to diagnose the problem
    1.PNG 2.PNG 3.PNG

    2/ I use Acestream to watch livestreams. I get links from slimjet and after clicking the links, acestream will be automatically triggered and play. I don't touch the default firewall rule of acestream. Even if I make a rule to allow all the connections, it will still get blocked
    ace.PNG

    3/ when I click on an acestream link somewhere on the internet, acestream cannot be played. I receive tons of block messages from kaspersky's firewall log
    block.PNG

    4/ Solution:
    - delete the 4th rule "Block all others"

    Conclusion
    - KIS firewall rule of 1 program can affect another program if they have a connection with each other (open a link from your browser and the browser opens another program). Although the second program is allowed to do everything but the rule from the first program can still block it
    - In my case, I think KIS treated acestream as a child process of slimjet
    - I consider it a bug

    EDIT: NEW SOLUTION - definite solution
    - Tick "Do not inherit restrictions from the (application’s) parent process" in Acestream
    Capture.PNG
     
    shmu26, harlan4096 and bribon77 like this.
  2. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,701
    11,829
    AppGuard LLC Virginia, U.S.
    #2 Lockdown, Dec 26, 2017
    Last edited: Dec 26, 2017
    The behavior is expected behavior. It is not a bug. KIS uses the concept of inheritance where a parent passes its restrictions onto any child processes - even when the user wants the child process to be fully allowed without any restriction whatsoever. A lot of people consider the default (inheritance) unexpected\unwanted behavior. If you report it as a bug, Kaspersky will reply "expected\desired behavior" and disregard your report.

    Inheritance causes a lot of angst.

    Ask @harlan4096

    You solved it using the "Do not inherit" optional setting.
     
    shukla44, shmu26, harlan4096 and 2 others like this.
  3. harlan4096

    harlan4096 Moderator
    Staff Member AV Tester

    Apr 28, 2015
    2,621
    20,653
    Almería (Spain)
    Windows 10
    Kaspersky
    I just already saw this thread yesterday night before going to bed, and the solution found by @Evjl's Rain was just the proposal I was going to give this morning :)

    In KIS/KTS FireWall and Application Control are intimately connected, that We almost may say are the same module...
     
    shukla44, shmu26 and Evjl's Rain like this.
Loading...
Similar Threads Forum Date
Q&A [Solved] Active Engines of 360TS 360 (Qihoo) Jan 3, 2017
Q&A [SOLVED]how to take downloaded files out of CIS sandbox Comodo Oct 22, 2016
Q&A [SOLVED] Is Zemana AM portable not free anymore? Zemana Oct 17, 2016