Timur Born

23 e-mail threads/chains for 4 INC requests:

@Wesly.ZhangThank you. Being just provided with pure IP number by the KIS Firewall is one limitation that makes me think twice about using KIS. The E product is more useful in this regard, plus it lists destination ports in its Firewall rules list view (no need to click a rule just to see those). PS: Still comparing firewall CPU load and performance of both.

What I do not like about Kaspersky e-mail support is that replies from Kaspersky are always new e-mail threads instead of replying to the old strang. This fills my inbox with new mail threads instead of them being sorted by conversation. And as @Flood and Flood's wife already wrote, there is no mention of what an INC is about in Kaspersky’s answer. So I found myself searching for the INC number my inbox several times, just to see what INC Kaspersky support is answering to. You may wonder why I don’t know these things without search? Because I had multiple INCs open. ;)

Is the new W11 inspired UI the main change? Anything else noteworthy?

Yes, a product starting with E offers it for both its firewall popups and for network monitoring (can be enabled/disabled). With KIS I need to use an extra network/DNS monitoring app to see where my applications try to connect to, because pure IP numbers don’t tell me anything.

I looked through various settings, but there does not seem to be a way for KIS to resolve IP numbers to human readable names, even when the original application used a URL and corresponding DNS query. The same seems to be true for the network monitor. So instead of displaying “Application X tried an outgoing TCP connection to api.ipyfy.org” KIS only displays the nondescript 50.19.104.22. And since this IP number tells us nothing about the destination we users cannot make informed decisions. Too bad, especially since other products handle this more properly.

I assume that the new UI is trying to mimic Windows 11. Unfortunately it also adopts one of the main problems where option buttons are concerned: Windows 11 options buttons: Button size: 1148 x 81 px Clickable area: 34 x 47 px !!! Empty background pixels: >95% User experience: awful

I tested a competing product which displays URLs instead of just IP numbers when the same connection is established by the same application. So the application (unsurprisingly) uses URLs to establish the connection, thus Kaspersky should be able to display the URL instead of the non-descriptive IP number. Is there any option to switch that?

It’s a bad trend to turn GUIs into mostly empty space while having to scroll multiple pages to find things that could fit into the original window to begin with. Just have a look at the new Windows 11 settings UI. No one can tell me that having over 97% of the window filled with nothing but empty space is good UI/UX design.

Hello. Is it possible to have KIS display the URL of a destination instead of just the IP when the interactive Firewall popup is used (not automated)? For example, one of my applications connects to api.ipify.org at start. But KIS only displays the IP and a reverse DNS lookup only tells me IP.static.webnx.com and WHOIS only tells me about an Amazon AWS service. So KIS does not seem to give me enough information to know where that connection is really going?!

Answer by Kaspersky support concerning sub-domain masks in the Trusted Addresses dialog: A little clarification, we consider something a bug, when the product does not work to some requirement. For Kaspersky Internet Security, there was no such a requirement (to be able to exclude by masks), that's why we initiated a new requirement to be implemented in future versions of Kaspersky Internet Security, so that excluding by masks is possible. Regarding the example.com being given as a proper example, we agree, it may be misleading, as usually websites include the www. part and there can be sub domains as well. We added this information in the requirement, so that in the future the example part is more clear and up to the point.

Excuse me? I am switching these buttons to document and reproduce an issue that happened while I properly used the product (and reproduced another issue), not to “play a gaming console”. Throwing dirt in my direction sure is no way to acknowledge that effort. And a company advertising to “safeguard your data & privacy” should not ask for full system disclosures just to handle a GUI issue. They may ask for specifics once they are unable to reproduce this in their own lab, but repeatedly asking for GetSystemInfo reports for every small issue does instill confidence in them being privacy conscience. I just wrote the same answer to Bitdefender when they ask for full system disclosure to handle a GUI/exception issue that was clearly documented in screenshots, just as this one here is document in the animated GIF. You have no time and motivation to help reproduce this, fine by me. I am not even a Kaspersky customer at this time, but a trial user. So both the company and community can take the information provided and do what they please with it. “You’re holding it wrong” (TM Steve Jobs) answers generally rub me the wrong way, though.

You can try to run several other antivirus solutions for a single scan of your computer. These can be used without having to do a full installation. Several AV solutions offer “online scanners”, which is a single executable file that downloads everything needed for a single scan of your computer instead of installing a whole suite. Furthermore you can still run Windows Defender’s on-demand scans even with Kaspersky installed. So you always have a “second opinion” available.

Since no one reproduced this here I am going to let the ticket run out. I’m not willing to strip my computer half-naked via GetSystemInfo just to report a GUI bug. Kaspersky can try to reproduce this themselves or just live with that it doesn’t happen easily/often.

Do not prompt for confirmation during the next: “30 Minutes”.

I already reported this to support. Now I am hoping for some other people being able to reproduce this to make the conversation with support easier. Windows 10 21H1, KIS 21.3.10.391.

the main idea is to exclude all subdomains of: fp.measure.office.com from WebAV scan. The exclusion by this mask: *.fp.measure.office.com must exclude all addressed like d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com from WevAV traffic check.

Hello. Could some of you please try to reproduce the following freeze bug. When you switch the “Trusted Addresses” entries on/off often enough the KIS UI freezes at full CPU load on one core. It doesn’t happen every time, it doesn’t happen immediately, but it does happen at one point. See the following animated GIF for a demonstration: Thanks in advance!

Are you sure that *.abc will include the main domain abc without the subdomain “.”?

Well, it does make sense, because it is the alternative to shutting the computer down after a long unattended scan. But keeping the computer awake during a scan should also be the default.

I noticed that this exclusion list does not seem to work as expected. Adding “askmrrobot.com” in the list does *not* exclude “www.askmrrobot.com”, so “fp.measure.office.com” might not work for you because of the same issue. If it does not then I am curious how completely disabling encrypted scanning works for your problem?!

You can use a trick to keep KIS from injecting its script from *specific* sites. When the site is accessed via HTTPS (encrypted) then you can add the site to “Network Settings → Trusted Addresses”. You need to restart the browser and reload the page afterwards for the setting to take effect. Unfortunately this exception list doesn’t work quite the way I would expect it to work. E.g. it will *not* disable script injection for “askmrrobot.com”, but it *will* disable script injection for “www.askmrrobot.com”. Looks like a bug to me, especially since I could make KIS hang with full CPU load using this dialog once (and even kill the KIS task then).

Frankly, the community here gave better answers than the support and did not ask me to submit a collection of personalized data first. 😉 Are the Russian developers more likely to understand English or German? Because then it makes more sense to use that language of a support to make sure less information gets lost in translation with support.

Interesting. I just did a UEFI update and got the popup right afterwards. And yes, it only offers a “remind me later” button.

Thanks. So there is no known (default) encrypted channel that these things are handled over, I assume?