Jump to content
i9cripple

KIS 2017 - Custom Application Control settings being deleted

Recommended Posts

Did you follow up with KL tech support on this issue? KSN cloud protection indeed re-calculates threat level of apps and moves them around. This is by design.

 

Hi, first of all, very thank you for your reply.

 

I opened a ticket , talking about that , but they didn't reply me yet ;(

 

I would agree with you, that it could be by design, but as someone tells ... it doesn´t happen in KIS 2016. Only if it is a new design (KIS 2017).

I think it is a bug. Why ? Because it checked SKYPE and applied a new rule, but the skype didn´t change its checksum in my machine and as the log says, it didn´t change the rate score in KSN.

 

If I trust in an application, KIS should check if that checksum changed, if not, it should respect my setting. (my modest opinion)

 

Imagine an update in that application, KIS should asked all those things, because for KIS is a new application (different checksum) ... then I would agree with KIS.

Share this post


Link to post

Post exact step by step scenario to reproduce this problem. Although I do believe that in "Auto" mode the classification of the application can be changed by design.

Share this post


Link to post
Post exact step by step scenario to reproduce this problem. Although I do believe that in "Auto" mode the classification of the application can be changed by design.

 

Windows 7 64 bits (all windows updates)

KIS 2017

 

configuration:

 

general

perform recomended actions automaticaly (disabled)

protection

application control (enabled)

trust digitally signed applications (enabled)

load rules for applications from KSN (enabled)

additional protection tools settings

ksn (enabled)

 

tools

trusted applications mode (enabled)

 

All other stuffs in default mode

 

I opened all my applications trusted (skype etc) and not trusted with invalid certification or without a certification(popcorn, etc)

After that I opened application control and I moved all applicatons to trusted group.

 

 

Randomly some rules are moved to another group.

I check the reports (detailed reports) for popcorn for example and I saw that it was moved again without my interaction.

In application control, I check popcorn details .. I can see that it was moved by KSN or by a calculation, in history I can see that it was moved several times.

 

Why does it disturbe me ? Because when I run popcorn (example), it takes time to run because KIS will check KSN and move the application again and sometimes I have to answer a prompt to decide what I wanna do with that application.

 

I moved to KIS 2016, so far so good.

Edited by romanek

Share this post


Link to post

trust digitally signed applications (enabled)

load rules for applications from KSN (enabled)

trusted applications mode (enabled)

ksn (enabled) -- might have to disable it, but please test.

 

--- If you disable those options you should be good to go. The default mode is provided specifically for end users who will are unable / ignorant / can not be bothered to answer security related questions from KIS (as it should just sit quietly on the background and do its job and NOT nag the end user). This behavior is indeed by design. KSN is a cloud protection that can re-classify the application threat level based on amount of people participating in it and having this application file on their computers.

 

Simply changing "perform recomended actions automaticaly (disabled)" is not enough.

Edited by Whizard

Share this post


Link to post

I have to chime in on what Whizard said and clarify the issue.

KSN reclassification/HIPS rescan shouldn't happen on applications that the user has already manually moved to a group/subgroup (denoted by "added by user") or created a specific rule for. KIS will only reclassify an application for which a new KSN rule is found in the cloud on rescan if it's in the default, non-user-modified group it has been assigned by KSN on previous execution.

 

The issue described here with the deletion of custom rules on HIPS rescan has happened on occasion in previous versions and was fixed in the next release, but as seen it still crops up from time to time. KIS should never delete rules set by users.

For what it's worth, I can't reproduce the issue on W7 64 VM with 17.0.0.611, although I haven't tested it extensively. The issue can be tricky to reproduce.

Share this post


Link to post
trust digitally signed applications (enabled)

load rules for applications from KSN (enabled)

trusted applications mode (enabled)

ksn (enabled) -- might have to disable it, but please test.

 

--- If you disable those options you should be good to go. The default mode is provided specifically for end users who will are unable / ignorant / can not be bothered to answer security related questions from KIS (as it should just sit quietly on the background and do its job and NOT nag the end user). This behavior is indeed by design. KSN is a cloud protection that can re-classify the application threat level based on amount of people participating in it and having this application file on their computers.

 

Simply changing "perform recomended actions automaticaly (disabled)" is not enough.

 

Thank you, but in KIS 2016 (same settings) it doesn't happen (testing for two days so far) .... I can think in 2 options: KIS 2017 changed the design or it is a bug ... only the developer knows that. If someone from Kasperky says that they changed the behavior and now it is a new change from KIS 2016, I will change my settings according to those ones you wrote. Until that, I can only " to presume".

 

I will wait for KIS 2017 next update to see the behavior.

 

Thank you for your time in this topic

 

Share this post


Link to post
I have to chime in on what Whizard said and clarify the issue.

KSN reclassification/HIPS rescan shouldn't happen on applications that the user has already manually moved to a group/subgroup (denoted by "added by user") or created a specific rule for. KIS will only reclassify an application for which a new KSN rule is found in the cloud on rescan if it's in the default, non-user-modified group it has been assigned by KSN on previous execution.

 

The issue described here with the deletion of custom rules on HIPS rescan has happened on occasion in previous versions and was fixed in the next release, but as seen it still crops up from time to time. KIS should never delete rules set by users.

For what it's worth, I can't reproduce the issue on W7 64 VM with 17.0.0.611, although I haven't tested it extensively. The issue can be tricky to reproduce.

 

 

I agree with you, if I changed a rule, so keep the rule KIS and it is very difficult to reproduce the issue. I just caught that because I was dealing with a penetration test for a paper.

Share this post


Link to post

The reclassification of applications is only part of the problem. Also, on my computer, it only happened once (I was testing KIS 2017 for a few hours and I must have rebooted about 15 times trying to figure out what happens). In addition to the reclassification of applications, custom rules for the protection of resources (under application control) get deleted. Again, that did not happen with every reboot...those were deleted about half of the times I rebooted. Also, regardless of application classification, custom firewall rules get deleted on most reboots. in other words, an application designated as "trusted" remains in the "trusted" group but its custom rules get deleted. I had "trust digitally signed apps" enabled but "load rules from KSN, "Trusted apps mode," and KSN disabled. If it will help to disable "trusted digitally signed apps" too, I am willing to try it next time I have a couple of hours available (probably in a couple of weeks). However, the problem is not only the classification. Rules get deleted even if the app category does not change. For now, as I mentioned previously, I went back to KIS 2016 and it's working without any of those problems.... To me it looks like a bug with KIS 2017.

 

 

 

Share this post


Link to post

You also need to do this as well: "perform recomended actions automaticaly (disabled)"

 

Now, without a step by step case to reproduce this issue, its a needle in the haystack.

Whoever, can reproduce this on v2017 that would be great!

Edited by Whizard

Share this post


Link to post
You also need to do this as well: "perform recomended actions automaticaly (disabled)"

 

Now, without a step by step case to reproduce this issue, its a needle in the haystack.

Whoever, can reproduce this on v2017 that would be great!

 

Yes, I always disable "perform recommended actions automatically." As for reproducing the problem, here is what I did (at least one of the times when I tried KIS 2017):

 

1. Unistalled previous version (tried it both through windows and using the tool). Installed KIS 2017, activated license, updated databases.

2. 'Trust digitally signed apps" set to enabled. "Load rules from KSN" disabled. "Trusted apps mode" disabled. KSN disabled. "Perform recomm. actions automatically disabled.

3. Under "Application control/manage resources" I added several directories\files in the "Personal data/user files" category.

4. I added custom application firewall rules for some apps (e.g., specified ports firefox can use, blocked another app from using a public network, set my email program to only connect to the email server IP address, etc.)

5. Under "packet rules" I set "Any network activity (Trusted)," "Any network activity (local)," Any incoming TCP," and "Any incoming UDP" to "By Rules." I do not remember which ones but the default for two of these was "Allow." Setting them to "by rules" after rules have been defined is more secure (or at least, that's how it should work).

6. Moved a few apps that had been classified as "Low Restricted" to "Trusted."

7. Used the computer for about 10-15 min, running the apps that had custom firewall rules. Everything seemed ok.

8. Reboot. The following problems did not happen with every reboot but I was able to reproduce all of them after rebooting 3-4 times.

9. The rules for the directories/files added in step #3 above were deleted except for one of them. Nothing special about the one that was retained.

10. At least some of the custom firewall rules were deleted (#4).

11. #5 was not affected.

12. One time, several apps were moved to "low restricted" from "trusted." That only happened once.

 

I'm using KIS 2016 now and I don't have time to keep on testing 2017. If technical support has any additional suggestions, I will probably try them at some point in the future. I will probably wait for the next release and try again then. I usually avoid first releases because almost always there are bugs. Kaspersky usually releases a new major version at around this time of the year and it is possible that developers rushed to get it out because of pressure from management (they might have wanted a new version out soon for competition purposes...it happens all the time).

 

 

 

Share this post


Link to post

Have all these issues (disappearing of custom rules and application settings) now been resolved with Patch B?

 

I get the impression that there are still issues since I noticed that some programs that I moved from Low Restricted to Trusted still went back to Low Restricted after a reboot.

 

My settings are:

Perform recomm. actions autom. = disabled

Trust digitally signed app. = enabled

Load rules for app. from KSN = enabled

 

Do I have to change any of these settings in order for KIS2017 to respect my settings as long as the programs checksum does not change and make KIS2017 stop interfering with my settings?

 

If this all still is an issue even after Patch B I should perhalps better go back to KIS2016?

Share this post


Link to post

Well after quite some testing with KIS2017( B ) I can conclude there are still strange things going on with Application control.

Even when I set all "auto settings" to disabled, after every reboot KIS2017 puts applications that I have put in the Trusted group back into the Low Restricted group.

This is not workable and not normal behavior I think. KIS2017 is not respecting the settings of the user.

So unfortunately this forces me to go back to KIS2016, which is working without any problem.

Edited by renehoss

Share this post


Link to post

Hi,

 

please submit your INCs to Tech Support: my.kaspersky.com

And tell me the INC number.

 

Thanks.

Share this post


Link to post

Any progress on that issue? I have already spent a lot of time installing KIS 2017 (and then going back to KIS 2016) just to test if this problem has been corrected. In many ways I like KIS 2017 better than 2016 but this problem is not acceptable. What is the purpose of having a security product that allows customization if custom rules get deleted? The last time I checked was about 2 weeks ago and the problem was still happening. Has anyone tried it more recently? (It would be nice if there was a list of fixed bugs so that we do not keep on testing the new version....)

Share this post


Link to post
Any progress on that issue? I have already spent a lot of time installing KIS 2017 (and then going back to KIS 2016) just to test if this problem has been corrected. In many ways I like KIS 2017 better than 2016 but this problem is not acceptable. What is the purpose of having a security product that allows customization if custom rules get deleted? The last time I checked was about 2 weeks ago and the problem was still happening. Has anyone tried it more recently? (It would be nice if there was a list of fixed bugs so that we do not keep on testing the new version....)

 

Hi,

 

please submit your INC to Tech Support: my.kaspersky.com

And tell me the INC number.

 

Thanks.

Share this post


Link to post

I spent an infuriating 3 hours struggling with the exact same problem today. If I can't set custom permissions for my applications in application control and be absolutely guaranteed that they won't get deleted or changed when I’ve turned off all the listed settings, then Kaspersky Internet Security 2017 isn't going to be for me. I have unsigned/usually low restricted applications that need to be set as trusted for low level disk/registry access but absolutely must not have access through the firewall because they're old and insecure or because they'll update/deactivate to versions with restricted/different features if they get on to the net.

Share this post


Link to post
Hi,

 

please submit your INC to Tech Support: my.kaspersky.com

And tell me the INC number.

 

Thanks.

 

This has been reported before, as mentioned in this thread, and the number was INC000006516066. However, judging from recent comments, nothing was done about it. I have been a customer of Kaspersky for over 10 years and during that time there were some bugs and limitations just like with all software. However, this one is completely unacceptable. What is the point of having a security program that allows one to create custom settings if these settings get deleted? I'm using KIS 2016 now and it works fine. I'm not going to try to install KIS 2017 again until I hear that this problem was fixed. And, of course, this will be my last year of using KIS if it does not get fixed.

Share this post


Link to post
This has been reported before, as mentioned in this thread, and the number was INC000006516066. However, judging from recent comments, nothing was done about it. I have been a customer of Kaspersky for over 10 years and during that time there were some bugs and limitations just like with all software. However, this one is completely unacceptable. What is the point of having a security program that allows one to create custom settings if these settings get deleted? I'm using KIS 2016 now and it works fine. I'm not going to try to install KIS 2017 again until I hear that this problem was fixed. And, of course, this will be my last year of using KIS if it does not get fixed.

 

Hello!

 

Unfortunately INC000006516066(it was reported by romanek) was closed with a "No Reply from customer" reason (and we did not received common diagnostic info in this INC).

 

There is a bug (1855393) on the subject. Developers are investigating it.

 

Thank you for your attention to this situation!

Share this post


Link to post
Hello!

 

Unfortunately INC000006516066(it was reported by romanek) was closed with a "No Reply from customer" reason (and we did not received common diagnostic info in this INC).

 

There is a bug (1855393) on the subject. Developers are investigating it.

 

Thank you for your attention to this situation!

 

 

Hi all,

 

Any news about this issue. I still have this problem on KIS 2017 / Win10 64 pro and it's so boring. No patch released !

 

Please give some (good) information.

 

Thanks,

Stéphane

Share this post


Link to post
Hi all,

 

Any news about this issue. I still have this problem on KIS 2017 / Win10 64 pro and it's so boring. No patch released !

 

Please give some (good) information.

 

Thanks,

Stéphane

 

Hello Stéphane,

 

Could you please create an INC to Tech support (my.kaspersky.com)? We need some diagnostic info from affected systems.

Please specify your INC here + send it me via Private messages.

 

Thank you!

Share this post


Link to post
Hello Stéphane,

 

Could you please create an INC to Tech support (my.kaspersky.com)? We need some diagnostic info from affected systems.

Please specify your INC here + send it me via Private messages.

 

Thank you!

 

 

Hi Mefodys,

 

thanks for your attention, i sent you the inc number in a private message. please, keep me in touch.

 

BR,

Stéphane

Share this post


Link to post

Just had the same issue as everyone is mentioning here.

 

I have 4 computers running Windows 10 Pro 64 and KIS 2017. This issue happens only in one of them which is the Dell XPS laptop. All the others are Deskpot computers and none is having the issue. With Dell XPS this is the 4th time that happens and it's really annoying since I need to rebuild all the custom folders and permissions for 50-70% of the applications.

 

 

The issue happens not at every reboot but from time to time.

The only settings that changes are the custom folders create under the Application Control meaning that all other settings are not affected at all (at least in my case).

Importing the .cfg settings don't bring me back those custom created folders.

 

INC000007049603 created in My Kaspersky

 

Thanks,

Share this post


Link to post

I upgraded from KIS 2016 to KIS 2017 last week. Before uninstalling 2016 I exported my config settings to a file and then after getting 2017 installed and running I imported the saved config file. All of my 2016 settings imported without any problem and that included all of my application restrictions that had either been automatically created by KIS and not modified by me or had initially been automatically created but had since been changed to include some custom settings by me. Everything was fine for a few days and then I noticed that many of my application restriction settings were gone. I am not sure when that had happened since I only noticed it when I went to make a change on one setting to an applications settings. Since I had exported my configuration before upgrading and I still had the config file, I didn't fret over it and I simply restored the config settings again. There were some changes I had made though so I went ahead and once again made those changes and once that was done I thought I would play it safe and export the configuration again so that I would have an updated config file saved. That was about 3 days ago and there were not any problems until this evening when I noticed that any application where I had made a change to the configuration that was automatically created by KIS, no longer had any application configuration setup for it at all. The applications that still had application configurations setup were those applications that KIS had initially created the configuration forand I had not made any change too. Every application configuration that I had made a custom change to (such as only allow local net and denying Internet access) were once again gone. I went ahead and once again imported the up-to-date configuration file I had exported 3 days before only to discover (much to my horror) that none of the application configuration data for any application that I had made a change to had exported. I know that when I exported the configuration 3 days earlier that those settings did exist in KIS. As early as 11am Saturday morning (2 and a half days after exporting) those config settings were still a part of KIS's configuration. This means that the application configurations that went missing earlier this evening are the very same application configurations that did not export 3 days before even though they did exist in the software's configuration. On the Application Control settings page I have checked the box to trust digitally signed applications but have left the checkbox to load rules for applications from KSN unchecked.I am not running in trusted applications mode nor have I ever used that mode in the past. At this point my faith has been shaken in a product I need to trust. The fact that the export of the configuration (a safe fallback) has also been effected by this makes this a very frustrating and troubling issue. Is Kaspersky doing anything to address this?

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.