72pzXCa

Yes, that’s correct. The Spotify issue seems to be resolved more or less, it’s stopped bombing me with these firewall requests for that at least. I’m not even sure what resolved it. The problem extends beyond that though. I still get alerts for applications in the Trusted group even if I select options to apply always. I may just reinstall Kaspersky.

Much easier to just copy a line from the Firewall section of the report: Today, 12/4/2021 5:51:48 PM;Network activity blocked;Spotify;TCP;Outbound;Blocked;216.239.34.21;443;10.40.139.5;50613;Public network;NT AUTHORITY\SYSTEM;System user;Severity;;;Spotify is currently in the trusted applications list. It shouldn’t be subject to firewall rules at all. I don’t really want it to be there, but I get so many alerts for connections that should be allowed if I take it out it’s distracting. These alerts say that “a process may be using this trusted process to gain access” or something like that. I think this may be a different kind of alert than the normal firewall one, but I can’t remember if all firewall alerts say that or not. I reset the rules for Spotify, and those entries went away. I have no idea what was causing them because I don’t know what the Severity rule means. However, now I get these: Once again, there are not any rules blocking any Spotify connections. It isn’t in the trusted application list since I reset the rules, but it is in the Trusted group. I’d like to avoid putting third-party apps like this in that list. Why are these coming up? Perhaps another rule related to application control is affecting it, but Spotify has no parent processes, and the only child processes are additional Spotify processes it creates. So I don’t know where this could be coming from. Maybe the fact that it is a UWP app is causing an issue? I don’t use very many. In addition, when I get alerts for scvhost.exe and try to create rules from the alert, no window shows up to create the rule. Nothing happens. If I choose “Apply/Block always” I don’t know what happens there either, because no rules that I can find are created for always allowing/blocking these connections. How am I supposed to keep track of what I have allowed and blocked “always” if there’s no record of it? How is this any different from creating a rule, and so why does it exist as a different option? The questions abound. It would be nice if there were a centralized list of all created application rules for troubleshooting purposes, similar to the packet rules menu, as opposed to having to dig around separate menus for each application. Or at least an XML file or some such for power users to view/edit these rules. And of course, an explanation for these hidden rules like Severity and KPublic. At least KPublic hints that it has something to do with blocking the Public zone, but Severity tells me nothing. Should I create different forum threads about the issues I have, or address them all in one? I have a support ticket that was escalated, but I have to run a system info tool and wait for them to respond back. I forgot to ask the agent in the chat about those hidden firewall rules. I appreciate the excellent features in this software, but from a configuration and usability perspective it’s been a nightmare. I’m sure it works fine when running on mostly default settings, but my network setup is a bit more specialized than an average user, and I am concerned with privacy more than most (they should be). For that reason I’m concerned with filtering my outgoing traffic as well as incoming, and I don’t automatically trust Windows processes like svchost. To me it is safer to block undesired service connections with the firewall rather than go and deactivate a bunch of a services that might be needed for something. Of course some can’t be deactivated at all, but function just fine without internet access. The ability to create rules by service is a big missing feature in Kaspersky. Instead I have to do it by ports and by giving IP rules to svchost.exe for services that don’t have an executable I can block, which is inefficient and only protects against IPs I’ve already encountered. It makes no sense to allow me to create rules manually for this process, but not allow me to create them more easily from the alerts. It’s really not my fault that Windows leaks like a sieve. All I can do is try to address it. I’d really like to keep the software, but I need explanations for these cryptic rules and unexpected behavior. As of now I’ve finally managed to get Spotify working again without putting it into the Trusted applications list, but these strange alerts are still popping up every now and then. When I log Spotify, the Application Control report shows AC being triggered for it, but these are all allowed, no warnings or blocks. They are local actions as well, not network. Something must be affecting it that I can’t catch in logs. Any help is appreciated. Thanks for taking the time to read all this.

Much easier to just copy a line from the Firewall section of the report: Today, 12/4/2021 5:51:48 PM;Network activity blocked;Spotify;TCP;Outbound;Blocked;216.239.34.21;443;10.40.139.5;50613;Public network;NT AUTHORITY\SYSTEM;System user;Severity;;;Spotify is currently in the trusted applications list. It shouldn’t be subject to firewall rules at all. I don’t really want it to be there, but I get so many alerts for connections that should be allowed if I take it out it’s distracting. These alerts say that “a process may be using this trusted process to gain access” or something like that. I think this may be a different kind of alert than the normal firewall one, but I can’t remember if all firewall alerts say that or not. I reset the rules for Spotify, and those entries went away. I have no idea what was causing them because I don’t know what the Severity rule means. However, now I get these: Once again, there are not any rules blocking any Spotify connections. It isn’t in the trusted application list since I reset the rules, but it is in the Trusted group. I’d like to avoid putting third-party apps like this in that list. Why are these coming up? Perhaps another rule related to application control is affecting it, but Spotify has no parent processes, and the only child processes are additional Spotify processes it creates. So I don’t know where this could be coming from. Maybe the fact that it is a UWP app is causing an issue? I don’t use very many. In addition, when I get alerts for scvhost.exe and try to create rules from the alert, no window shows up to create the rule. Nothing happens. If I choose “Apply/Block always” I don’t know what happens there either, because no rules that I can find are created for always allowing/blocking these connections. How am I supposed to keep track of what I have allowed and blocked “always” if there’s no record of it? How is this any different from creating a rule, and so why does it exist as a different option? The questions abound. It would be nice if there were a centralized list of all created application rules for troubleshooting purposes, similar to the packet rules menu, as opposed to having to dig around separate menus for each application. Or at least an XML file or some such for power users to view/edit these rules. And of course, an explanation for these hidden rules like Severity and KPublic. At least KPublic hints that it has something to do with blocking the Public zone, but Severity tells me nothing. Should I create different forum threads about the issues I have, or address them all in one? I have a support ticket that was escalated, but I have to run a system info tool and wait for them to respond back. I forgot to ask the agent in the chat about those hidden firewall rules. I appreciate the excellent features in this software, but from a configuration and usability perspective it’s been a nightmare. I’m sure it works fine when running on mostly default settings, but my network setup is a bit more specialized than an average user, and I am concerned with privacy more than most (they should be). For that reason I’m concerned with filtering my outgoing traffic as well as incoming, and I don’t automatically trust Windows processes like svchost. To me it is safer to block undesired service connections with the firewall rather than go and deactivate a bunch of a services that might be needed for something. Of course some can’t be deactivated at all, but function just fine without internet access. The ability to create rules by service is a big missing feature in Kaspersky. Instead I have to do it by ports and by giving IP rules to svchost.exe for services that don’t have an executable I can block, which is inefficient and only protects against IPs I’ve already encountered. It makes no sense to allow me to create rules manually for this process, but not allow me to create them more easily from the alerts. It’s really not my fault that Windows leaks like a sieve. All I can do is try to address it. I’d really like to keep the software, but I need explanations for these cryptic rules and unexpected behavior. As of now I’ve finally managed to get Spotify working again without putting it into the Trusted applications list, but these strange alerts are still popping up every now and then. When I log Spotify, the Application Control report shows AC being triggered for it, but these are all allowed, no warnings or blocks. They are local actions as well, not network. Something must be affecting it that I can’t catch in logs. Any help is appreciated. Thanks for taking the time to read all this.

I can’t find enough documentation for how the firewall works. Things keep being blocked with these rules and I don’t know why. It’s frustrating. I’m having to trust applications I really don’t want to put in the trust list because I can’t figure out these rules. Any help would be appreciated.

The freezing has not happened in a while, possibly because I turned off the encryption scanning. I assume this doesn’t affect any malware, antivirus or firewall capability and is just for privacy features, which I already have covered. The issue may be resolved. Thanks for the assistance. The only other concern I have with the software is the system protection. I am unsure whether it is a good idea to be stopping processes in the middle of operations on other processes or registry access. Seems like it could lead to problems. Other than that, things are okay.

I will try changing settings with Adguard off. The problem is intermittent so it may take a little while to verify. I hope the problem can be mitigated with the right settings, though. Also, I keep getting these “it’s possible this trusted application is being used to perform a privileged operation...” notifications for network requests I already have rules for. They keep coming back. I’m not sure if they are separate from the regular firewall alerts and I don’t know how to address them.

When I change the trust level for something in the application control settings, or reset the rules for one, the UI will freeze for awhile and eventually recover. But sometimes 5-10 minutes. I use the Adguard Windows program for ad blocking and DNS filtering, and it also scans HTTPS connections, so maybe a conflict there. I changed the setting for HTTPS scanning to “upon request from components” maybe that will help. I could try disabling encryption scanning for the Adguard service, but then the Safe Money won’t work as I understand. That’s the only guess I have as to the problem.

Program version: 21.3.10.391(g) Windows version: 11 21H2 build 22000.348 I installed the application recently and it hangs when changing firewall settings for certain programs.