Hi. I have read a few posts in different Kaspersky forms and have done some testing regarding file sharing.

It seems that the zones in the AH (anti hacker) settings will override any of the settings in the rules for packet filtering. I have done some testing and find that this of course holds true ... however, here is my dilemma. I want to more fine control over printer and file sharing and ping requests and respones. I don't want it fully allowed or fully disallowed across our network. However, I cannot remove the zone for my local network and have it stay permanently removed.

Does this have to do with the locks in the administrative kit on the server being unlocked or is that only for policies/settings handling on the administrative server?

It seems I can only allow all file and printer sharing and ICMP or allow no file and printer sharing and ICMP.


I have one other issue I'd like to ask about as soon as this is resolved regarding Iexplore.exe and/or chrome.exe changing messages.

I just had a similar issue. In my case I wanted only two servers to be able to access the workstations. Everything else should be untrusted. Support suggested that I create a zone for each server 192.168.1.2 / 255.255.255.255 and 192.168.1.3 / 255.255.255.255. Move these two zone to the top of the list. This will create NetBIOS and ICMP from those servers, then apply firewall rules to the servers, everything else will be treated as an Internet Zone. The up side is NetBIOS is blocked by default between the workstations on the LAN, the downside is ICMP is also blocked between the workstations. The overall firewall setting is Low. Hopes this helps.

The locks on the AdminKit appear to cascade down to policies below it. If you are showing inheritance for the policies, you will see the at each level of your manage computers the policy that applies to that group of computers. As an example, the Policy Protection - Windows Worksations will appear in the child group unless you copy/paste a customized policy into that child group. In order to change a setting in the child policy, you have to go to the parent and unlock that specific setting. This allows the child policy to make changes to the setting for that group and then enforces the policy on the group. If you want the workstations to be able to change settings, you have to unlock those areas in the CHILD policy. This way, each level can enforce or pass the setting the the child.