Advice Request [Solved] KIS 2018's broken firewall - blocking allowed programs

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
hi, I want to report my finding with KIS 2018's firewall

1/ I want to lockdown my browser (slimjet) so I set up some rules for it
- these are some screenshots
- 1st rule and 4th rule. The 2nd and the 3rd don't affect the result
- I enabled "log events" to diagnose the problem
1.PNG 2.PNG 3.PNG

2/ I use Acestream to watch livestreams. I get links from slimjet and after clicking the links, acestream will be automatically triggered and play. I don't touch the default firewall rule of acestream. Even if I make a rule to allow all the connections, it will still get blocked
ace.PNG

3/ when I click on an acestream link somewhere on the internet, acestream cannot be played. I receive tons of block messages from kaspersky's firewall log
block.PNG

4/ Solution:
- delete the 4th rule "Block all others"

Conclusion
- KIS firewall rule of 1 program can affect another program if they have a connection with each other (open a link from your browser and the browser opens another program). Although the second program is allowed to do everything but the rule from the first program can still block it
- In my case, I think KIS treated acestream as a child process of slimjet
- I consider it a bug

EDIT: NEW SOLUTION - definite solution
- Tick "Do not inherit restrictions from the (application’s) parent process" in Acestream
Capture.PNG
 
Last edited:
5

509322

hi, I want to report my finding with KIS 2018's firewall

1/ I want to lockdown my browser (slimjet) so I set up some rules for it
- these are some screenshots
- 1st rule and 4th rule. The 2nd and the 3rd don't affect the result
- I enabled "log events" to diagnose the problem

2/ I use Acestream to watch livestreams. I get links from slimjet and after clicking the links, acestream will be automatically triggered and play. I don't touch the default firewall rule of acestream. Even if I make a rule to allow all the connections, it will still get blocked

3/ when I click on an acestream link somewhere on the internet, acestream cannot be played. I receive tons of block messages from kaspersky's firewall log

4/ Solution:
- delete the 4th rule "Block all others"

Conclusion
- KIS firewall rule of 1 program can affect another program if they have a connection with each other (open a link from your browser and the browser opens another program). Although the second program is allowed to do everything but the rule from the first program can still block it
- In my case, I think KIS treated acestream as a child process of slimjet
- I consider it a bug

EDIT: NEW SOLUTION - definite solution
- Tick "Do not inherit restrictions from the (application’s) parent process" in Acestream
View attachment 176943

The behavior is expected behavior. It is not a bug. KIS uses the concept of inheritance where a parent passes its restrictions onto any child processes - even when the user wants the child process to be fully allowed without any restriction whatsoever. A lot of people consider the default (inheritance) unexpected\unwanted behavior. If you report it as a bug, Kaspersky will reply "expected\desired behavior" and disregard your report.

Inheritance causes a lot of angst.

Ask @harlan4096

You solved it using the "Do not inherit" optional setting.
 
Last edited by a moderator:

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
I just already saw this thread yesterday night before going to bed, and the solution found by @Evjl's Rain was just the proposal I was going to give this morning :)

In KIS/KTS FireWall and Application Control are intimately connected, that We almost may say are the same module...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top