Jump to content

Recommended Posts

This was a very helpful video, harlan, thank you. You seem to be an expert on Kaspersky Internet Security.

Sorry, I'm new to this and I got a question for you.
As I understand when we uncheck this box "Perform recommended actions automatically" in General settings under Interactive Protection, then are prompted on action.
I unchecked it and followed you tips in firewall section on networks.

Now every time I start my VPN aaplication Kaspersky pops up with this" New PPP connection detecetd.. with the name of my VPN app etc and gives me 3 options. Restrict, allow with shared access and trust. What option should I choose?

Another thing. Should I classify my ISP as public and my VPN as trusted, or both trusted?

I really appreciate your help.

 

Share this post


Link to post

And also, is it normal that Windows CryptSvc Cryptographic Service sometimes can make connections not only to Microsoft but also to Google LLC  (US) 216.58.211.14 - Hostname muc03s13-in-f14.1e100.net ?I noticed in Kaspesrky network monitor  CryptSvc making connection to MSI Communications Verizon. I'v heard about the alliance between Microsoft and MSI Communications but not between Google nad Microsoft.

Share this post


Link to post

harlan4096,richbuff please help.


 This was a very helpful video, harlan, thank you. You seem to be an expert on Kaspersky Internet Security. (In thread "KIS 2019 scan settings questions video https://cloud.qainfo.ru/s/PE0sE0YUlbvmetT)

Sorry, I'm new to this and I got a questiion.
As I understand when we uncheck this box "Perform recommended actions automatically" in General settings under Interactive Protection, then are prompted on action.
I unchecked it and followed you tips in firewall section on networks.

Now every time I start my VPN aaplication Kaspersky pops up with this" New PPP connection detecetd.. with the name of my VPN app etc and gives me 3 options. Restrict, allow with shared access and trust. What option should I choose?

Another thing. Should I classify my ISP as public and my VPN as trusted, or both trusted?

I really appreciate your help, guys.

 

Share this post


Link to post

@KIS_52: sorry I just found this thread... and in addition
 

Quote

 

Sorry, I'm new to this and I got a question for you.
As I understand when we uncheck this box "Perform recommended actions automatically" in General settings under Interactive Protection, then are prompted on action.
I unchecked it and followed you tips in firewall section on networks.

Now every time I start my VPN aaplication Kaspersky pops up with this" New PPP connection detecetd.. with the name of my VPN app etc and gives me 3 options. Restrict, allow with shared access and trust. What option should I choose?

 

Here I would say Restrict... if it does not work -> Allow...

Quote

Another thing. Should I classify my ISP as public and my VPN as trusted, or both trusted?

In FireWall settings -> NetWorks:

Your network device / Home -> Trusted

Your VPN device -> Public

 

Quote

And also, is it normal that Windows CryptSvc Cryptographic Service sometimes can make connections not only to Microsoft but also to Google LLC  (US) 216.58.211.14 - Hostname muc03s13-in-f14.1e100.net ?I noticed in Kaspesrky network monitor  CryptSvc making connection to MSI Communications Verizon. I'v heard about the alliance between Microsoft and MSI Communications but not between Google nad Microsoft.

Follow richbuff steps...

Share this post


Link to post

Thank you harlan,

This pop-up about new PPP connection by Kaspersky is actually happening only after I uncheck this box "Perform recommended actions automatically" in General settings under Interactive Protection. I was just wondering why Kaspersky calssified it as PPP connection.

When this box is checked by default, there's no pop-up. In both cases the connection is smooth and there's no problem with it.

Thanks again for your help.

Share this post


Link to post

Yes, I understand, but my VPN uses the storngest encryption available with protocols  like IKEv2 or OpenVPN and it doesn't use PPP as far as I know and PPP is basic encryption.

Mybe I just don't get it and this is the way Kaspesrky should classify new connections.

Edited by KIS_52

Share this post


Link to post

ok, I guess it doesn't matter what VPN you got, Nord Express, Windscribe, Express you name it,  it's always going to be  tagged  as new PPP connection by Kaspersky, obviously if we cleared this box "Perform recommended actions automatically" in General settings

Edited by KIS_52

Share this post


Link to post

Yes, I've installed Windscribe Free to check and I also got that PPP warning...

Share this post


Link to post

Thanks for the info. As a matter of fact, Windscribe VPN uses IKEv2 protocol by default over port 500 in the automatic connection mode but you can change it to manual one  selecting UDP or TCP and these  both actually mean you're on OpenVPN protocol

Windscribe has this strange way of naming OpenVPN. Oh these Canadians:)

 

p.s. I've just been thhinking ... for paranoid freaks , not that I am the one, just the opposite, for educational purposes you know... Wouldn't it be "safer" to tag your home network ( your ISP I mean) as publis as well?

but it's probably overkill right?

Edited by KIS_52

Share this post


Link to post
14 hours ago, KIS_52 said:

Thanks for the info. As a matter of fact, Windscribe VPN uses IKEv2 protocol by default over port 500 in the automatic connection mode but you can change it to manual one  selecting UDP or TCP and these  both actually mean you're on OpenVPN protocol

Windscribe has this strange way of naming OpenVPN. Oh these Canadians:)

 

p.s. I've just been thhinking ... for paranoid freaks , not that I am the one, just the opposite, for educational purposes you know... Wouldn't it be "safer" to tag your home network ( your ISP I mean) as publis as well?

but it's probably overkill right?

Not necessarily. I used to have Norton on my machines, and they always suggested to set networks as Public, as that gave the most protection.

Whether the same applies to Kaspersky, I don't know, but I suspect it does. Fwiw, I have mine set to public, anyway.

Share this post


Link to post

Thanks for your input. I didn't notice any difference in speed  after I added my ISP to trusted. I got 1 GB Mbps and before  the installation of Kaspersky I usually had 910-940 Mbps.  Our Russian friend slowed me down to 400-500 but I can live with that:)

Better safe and slow than sorry, so to speak

Share this post


Link to post

Kasperski has this interesting network monitor. I'm cusrious why it uses port 80 for some connections. I thought py default, HTTP uses port 80 and HTTPS uses port 443
I'm not much of a network traffic analyst. Maybe that's the way the application works. Any thoughts?

Share this post


Link to post

How do I block a particular port in Kaspersky? I go to network under additional, right. Then select network, then 'monitor selected ports only' and select add, give a name, set a port number and set it inactive and I'm done.

But it is still showing both in Kaspesrky monitor in open ports as open and in cmd with netstat -na like listening

I wanted to block port 445

Share this post


Link to post
4 hours ago, KIS_52 said:

How do I block a particular port in Kaspersky? I go to network under additional, right. Then select network, then 'monitor selected ports only' and select add, give a name, set a port number and set it inactive and I'm done.

But it is still showing both in Kaspesrky monitor in open ports as open and in cmd with netstat -na like listening

I wanted to block port 445

Some while ago, I read that Kaspersky didn't consider in necessary to block ports, because particularly if you go to Settings > Additional > Network Settings and set it to Monitor ALL ports, then Kaspersky will block any unusual activity.

If I'm wrong on this, one of the Kaspersky experts here will correct me, I'm sure !  :D

Share this post


Link to post
6 hours ago, Fenderman1 said:

Some while ago, I read that Kaspersky didn't consider in necessary to block ports, because particularly if you go to Settings > Additional > Network Settings and set it to Monitor ALL ports, then Kaspersky will block any unusual activity.

If I'm wrong on this, one of the Kaspersky experts here will correct me, I'm sure !  :D

Yes, that makes sense. Generally, this monitoring your network traffic is like an addiction, kinda

I'm ditching it and  let NSA worry about that:))

Thanks

Share this post


Link to post
15 hours ago, KIS_52 said:

Yes, that makes sense. Generally, this monitoring your network traffic is like an addiction, kinda

I'm ditching it and  let NSA worry about that:))

Thanks

You're welcome. In addition your router/modem has a hardware firewall, and on mine, I've disabled Respond to ping, and also disabled UpnP.

I let Kaspersy take care of the rest !

Share this post


Link to post
15 hours ago, Fenderman1 said:

You're welcome. In addition your router/modem has a hardware firewall, and on mine, I've disabled Respond to ping, and also disabled UpnP.

I let Kaspersy take care of the rest !

Yeah, of course I meant the same thing. Otherwise I woudna have it installed. On router yes, absouletly, disabled as long ago  as I can remeber but also as for UPnP Device Host, if we mean Windows Services, I disabled it right after I got my first PC. And the other bunch of services including all those remote and Hyper V  ncluding but not limited to SSDP and SNMP Trap.  My browser has a very aggresive TLS setting, it doesn't even allow TLS 1.1 only 1.2 and obviously 1.3, not even one weak cypher suite all with forward secrecy. It breaks some websites obviously but onlt those poorly secured. I did an experimen once, I disabled TLS 1.2 in firefox and had only TLS 1.3 enabled. Not many servers support that but there are few that do. TLS 1.3  is the future. You can check if your browser is vulnerable to logjam, freak or poodle attacks along with other stuff on www.ssllabs.com

But  for those in the know, if someone becomes a target, it's only the question of when, not if. Even if that someone will never be manipulated by some targeted spearphishing and will be aware of  malicious inline scripts, they could bypass all of that by 'serving' him an exploit in his  router firmware and no AV could help him.

But this is all spy *hit:)). Thanks for tips

I forgot to add something. I noticed that in Kaspersky instance of safe browser there's  ALWAYS a bunch  of concurrent connections to amazon bots IPs .... us-west-2.compute.amazonaws.com  starting with 52,  54 ... or 34

No matter what site you're visiting and they don't go away.  I realize how browser works. It always makes a lot of connections even if you visit just one site. But than I comared my primary firefox and noticed that after a while the connections dropped, which is a very healthy behavior.

But these are godamn bots, they're just spying on us to get us more ads..

Share this post


Link to post
9 hours ago, harlan4096 said:

Here is an example on how to block 445 port in KFW:

https://imgur.com/a/MBv5kej

Put the new rule in the 1st place of the list.

 

I thought it would be here to block a particular port. I was wrong.

445 PORT BLOCKED.jpg

Share this post


Link to post

No, there You manage the Monitoring of ports, but note the blocking:

Quote
Monitor all network ports

In this port monitoring mode, Mail Anti-Virus, Anti-Spam, and Web Anti-Virus monitor all open ports of your computer.

Monitor selected ports only

In this port monitoring mode, Mail Anti-Virus, Anti-Spam, and Web Anti-Virus monitor the selected ports of your computer.

A list of ports that are normally used for transmitting email and web traffic is included in the application distribution kit.

Select

Clicking this link opens the Network ports window. In this window, you can create a list of ports to be monitored or a list of applications for which Kaspersky Total Security monitors all ports.

 

Share this post


Link to post

Thanks a bunch for the info. I'm sure its gonna come in handy some day

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.