Evjl's Rain

Level 39
Content Creator
AV-Tester
Verified
Joined
Apr 18, 2016
Messages
2,800
Operating System
Windows 8.1
Antivirus
Avast
#1
hi, I want to report my finding with KIS 2018's firewall

1/ I want to lockdown my browser (slimjet) so I set up some rules for it
- these are some screenshots
- 1st rule and 4th rule. The 2nd and the 3rd don't affect the result
- I enabled "log events" to diagnose the problem
1.PNG 2.PNG 3.PNG

2/ I use Acestream to watch livestreams. I get links from slimjet and after clicking the links, acestream will be automatically triggered and play. I don't touch the default firewall rule of acestream. Even if I make a rule to allow all the connections, it will still get blocked
ace.PNG

3/ when I click on an acestream link somewhere on the internet, acestream cannot be played. I receive tons of block messages from kaspersky's firewall log
block.PNG

4/ Solution:
- delete the 4th rule "Block all others"

Conclusion
- KIS firewall rule of 1 program can affect another program if they have a connection with each other (open a link from your browser and the browser opens another program). Although the second program is allowed to do everything but the rule from the first program can still block it
- In my case, I think KIS treated acestream as a child process of slimjet
- I consider it a bug

EDIT: NEW SOLUTION - definite solution
- Tick "Do not inherit restrictions from the (application’s) parent process" in Acestream
Capture.PNG
 
Last edited:

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
4,345
#2
hi, I want to report my finding with KIS 2018's firewall

1/ I want to lockdown my browser (slimjet) so I set up some rules for it
- these are some screenshots
- 1st rule and 4th rule. The 2nd and the 3rd don't affect the result
- I enabled "log events" to diagnose the problem

2/ I use Acestream to watch livestreams. I get links from slimjet and after clicking the links, acestream will be automatically triggered and play. I don't touch the default firewall rule of acestream. Even if I make a rule to allow all the connections, it will still get blocked

3/ when I click on an acestream link somewhere on the internet, acestream cannot be played. I receive tons of block messages from kaspersky's firewall log

4/ Solution:
- delete the 4th rule "Block all others"

Conclusion
- KIS firewall rule of 1 program can affect another program if they have a connection with each other (open a link from your browser and the browser opens another program). Although the second program is allowed to do everything but the rule from the first program can still block it
- In my case, I think KIS treated acestream as a child process of slimjet
- I consider it a bug

EDIT: NEW SOLUTION - definite solution
- Tick "Do not inherit restrictions from the (application’s) parent process" in Acestream
View attachment 176943
The behavior is expected behavior. It is not a bug. KIS uses the concept of inheritance where a parent passes its restrictions onto any child processes - even when the user wants the child process to be fully allowed without any restriction whatsoever. A lot of people consider the default (inheritance) unexpected\unwanted behavior. If you report it as a bug, Kaspersky will reply "expected\desired behavior" and disregard your report.

Inheritance causes a lot of angst.

Ask @harlan4096

You solved it using the "Do not inherit" optional setting.
 
Last edited:

harlan4096

Moderator
MalwareTips Team
AV-Tester
Verified
Joined
Apr 28, 2015
Messages
3,974
Operating System
Windows 10
Antivirus
Kaspersky
#3
I just already saw this thread yesterday night before going to bed, and the solution found by @Evjl's Rain was just the proposal I was going to give this morning :)

In KIS/KTS FireWall and Application Control are intimately connected, that We almost may say are the same module...