Jump to content

Hi, Is there a way to use firewall with interactive mode?


Go to solution Solved by Schulte,

Recommended Posts

Posted (edited)

Hi everyone, first I want to mention about,

I used to use Kaspersky Internet Security decades ago. I've been using Bitdefender Total Security for years, but this year, I've decided to switch to Kaspersky. I've subscribed to Kaspersky Plus after using Kaspersky Antivirus Free.

  1. As a first impression, The settings of the app are frustrating. I'm getting confused about some settings. And sometimes UI gets unresponsive and cannot connect to kaspersky services. I've sent a crash report for this.
  2. I am using English for Computer Technical Stuff but I can't find a way to change interface language settings. And also because of this, the things I will mention below may not be accurate for the English Software, I will try to translate, Sorry for that.

PS. I think the documentation is not very useful. And all third-party videos and articles refer to the old version of Kaspersky.

  1. I was using COMODO Firewall before I decided to subscribe Kaspersky. And that was awesome for a firewall.
  2. For Kaspersky, I've noticed that the setting is not a firewall setting only. These settings also can block applications for accessing folders, editing the registry, and even can block running.
  • The firewall should be separated from them. Why are all of these in the same place? It is too hard to manage this way. This app requires a good clean firewall separated, like Bitdefender.

Is there a way to configure the firewall to ask me if an app tries to connect internet?

What have I done before:

  1. I have tried to change Trusted Group to Ask user, but then everything stopped working and I had to rescue my computer after hours of work.
  2. Then yesterday I sat and added all required apps to the rules into a sub-group under Trusted Group. But today the sub-group was in the settings but there weren't any rules in the sub-group. All were gone.
  3. Today Instead of creating a sub-group, I've added the apps to the Trusted group and set internet access manually. The Trusted Group network tab is set to Inherit but some of the apps in this group are set to Block Access. Does this work that way?

This is what I want to do:

I want to stay the app settings for the firewall the way they are until now, then any new app tries to connect internet I want Kaspersky to ask me what to do with it only for internet access.

That was really easy in Bitdefender and COMODO Firewall.

 

Sorry for the long post.

Thank you

 

OS: Windows 11 Pro x64 22H2 22621.1413 - Windows Feature Experience Pack 1000.22639.1000.0

PRODUCT: Kaspersky Plus

 

 

Edited by mstytn
Flood and Flood's wife
Posted (edited)

Hello @mstytn

Welcome back!

  1. Firstly, to change the app language, it's necessary to uninstall & download the installer from (your) regional site, with language localization configured. 
  2. The Kaspersky app has - Perform recommended actions automatically - but, this applies to: File Anti-Virus, Safe Browsing, Mail Anti-Virus, System Watcher, and Intrusion Prevention, not Firewall
  3. After reading thru (your) problem history, a tip that may help, after making changes, EXPORT (Backup) the app Settings, that way, if (you) find something is missing, you can IMPORT the configuration you've made & go from there - refer: Managing application settings
  4. Apps that are not known to Kaspersky will take their 'rules' according to what's defined in: Intrusion Prevention settings
  5. We recommend you log a request with Kaspersky Support, so a dedicated resource can be allocated to look at it. On the support page: https://support.kaspersky.com/b2c#contacts, select either Chat or Email, then fill in Application malfunction, Other template; please include any exclusions screen images & a detailed history. Support may request logs, traces & other data; they will guide you. 

Please share the outcome with the Community, when it's available? 

Thank you?
Flood?+?

Resource:About Intrusion Prevention

Edited by Flood and Flood's wife
added resource
Posted (edited)

Thank you for the reply, but the answer is not covering my biggest question.

9 hours ago, Flood and Flood's wife said:

Firstly, to change the app language, it's necessary to uninstall & download the installer from (your) regional site, with language localization configured. 

I don't want my regional Language, I want International English Language.

In the year 2023, an application doesn't use a  "string table" for translation although it is freshly published. This is sad. But this is a developing policy or the way Kaspersky prefers.

This didn't work also.

13 hours ago, mstytn said:

Today Instead of creating a sub-group, I've added the apps to the Trusted group and set internet access manually. The Trusted Group network tab is set to Inherit but some of the apps in this group are set to Block Access. Does this work that way?

All my settings are gone again. Already launched apps stay on the list but not the apps I've manually added. All are gone. And I am really bored spending so much time to achieve the simplest setting.

9 hours ago, Flood and Flood's wife said:

After reading thru (your) problem history, a tip that may help, after making changes, EXPORT (Backup) the app Settings, that way, if (you) find something is missing, you can IMPORT the configuration you've made & go from there - refer: Managing application settings

Even if I do that, All user rules are getting deleted after relaunch. It won't work. Kaspersky eliminates (deletes) all the settings which are has a user icon in the Restrictions column if added by the user. And also doesn't save the column layout of the list which I've edited.

Today I've noticed that, Even if I manually add the application to the list, Kaspersky overrides my settings after I restart the application/computer.

That is really annoying. I am creating a rule and saving it. Kaspersky deletes my settings. This behavior is the only one I've ever faced over any other security software. That makes no sense. I've really missed Bitdefender already.

9 hours ago, Flood and Flood's wife said:

Apps that are not known to Kaspersky will take their 'rules' according to what's defined in: Intrusion Prevention settings

➡️I want to override the default behavior for an app that is already known to Kaspersky.

This feature is really cool. Kaspersky has a database of applications and inform you about this. I really liked that feature. But in some cases, I want to use my setting instead of Its own.

How can I create my own app rules before running the application? Please help me.

And the interface for adding an application rule is incredibly terrible. Get top of the list, click add the app to the group, then find the app in the list, and then get back to the top add another and find it again. After all that effort, Kaspersky overrides my rules on which I've spent hours.

I will try something, but if I do something wrong, Kaspersky stops windows running and then I lose hours fixing it.

ℹ️I have an app I need to prevent upgrading there is no setting in the app to disable auto-update. Because of this stupid issue, the app has been updated. Now I need to uninstall this app and reinstall it and reconfigure it. Even if I do that I can't be sure it won't happen again.

That is all. The easiest thing in any other security application.

ℹ️ I have really good knowledge about firewalls even with server CLI, including IP masking, domain masking, port forwarding, reverse proxy, etc...

All I want is incredibly simple. Just prevent an application from accessing the internet before it launches. Easy as it is.

Even Windows built-in firewall is much easier to configure.
 

9 hours ago, Flood and Flood's wife said:

We recommend you log a request with Kaspersky Support, so a dedicated resource can be allocated to look at it. On the support page: https://support.kaspersky.com/b2c#contacts, select either Chat or Email, then fill in Application malfunction, Other template; please include any exclusions screen images & a detailed history. Support may request logs, traces & other data; they will guide you.

This link sends me to the Turkish (regional) page. And wants me to write in Turkish. Probably I couldn't get a proper answer from this page. I couldn't find an International English contact page. I can't reach International English Support.

My impressions about Kaspersky Plus are:

  1. DOCS are not clear. Not easy to understand.
  2. Valuable third-party how-to blogs and videos are outdated.
  3. It is hard to reach International English support.

How can I block an application from accessing the internet before it launches?

Someone, please help me!

I just want a doc page, how-to video, etc... about creating firewall rules.

Thank you...

Edited by mstytn
Posted

Yes, Today I've spent all my time to find a solution on the net. On the official FAQ page, this forum, youtube, some blogs, etc...

I think there is no way to create a custom firewall rule. Nobody mentions it.

To set a custom rule, an application has to be started at least once. If you can catch it before it connects to the internet - so you must be lightning-fast which is not possible - then you can block the app.

So this is useless and makes no sense.

Kaspersky Plus has no feature called a firewall. Sad ?

I think it is time to request a refund and search for another security solution.

Maybe I will get back to Bitdefender.

Posted (edited)

Hi @mstytn

Creating rule for disable network for program : 

Settings > Firewall > Application rules > and there are programs (green mark allowed network, red disabled network)


image.thumb.png.e6cb4ee5018618115bc69e3ec032c439.png

Next method :

Settings > Application control > manage applications in right is network (green marks) simply change marks to red.

image.thumb.png.94a43ca33383ba9ec5dd44d64d3baa67.png

Edited by nexon
Posted
42 minutes ago, nexon said:

Hi @mstytn

Creating rule for disable network for program : 

Settings > Firewall > Application rules > and there are programs (green mark allowed network, red disabled network)


image.thumb.png.e6cb4ee5018618115bc69e3ec032c439.png

Next method :

Settings > Application control > manage applications in right is network (green marks) simply change marks to red.

image.thumb.png.94a43ca33383ba9ec5dd44d64d3baa67.png

Yes, That is for the apps already launched and recognized by Kaspersky.

What I want to do is, manually add an app and block internet access before the app launches.

Posted

@mstytn manually (right click with mouse on TRUSTED) add .exe program to the for example trusted zone. Then will be added and simply change green icon (network to red).

image.thumb.png.90046317923b8de462ccd975f2b111b8.png

Posted

I've found a dummy solution.

That is instead not a solution but some kind of hack:

  1. Go to Security > Network Monitor > Block All Network Traffic
  2. Then launch the desired app
  3. Wait for the app to spawn on the Firewall > Manage Apps list
  4. Then Set the desired settings in the network column like Deny Access.
  5. Then unblock Network Traffic with Security > Network Monitor > Block All Network Traffic

Which is not applicable in most cases.

Requires a proper solution.

Sorry I am not confident about the setting titles mentioned above, because my Kaspersky is not in English which I expect Kaspersky to at least ask me the language preference when installing.

Posted

Hi @mstytn,

@nexon has already addressed the best way.

in the 'manage applications' window you can add programs that have not been started yet and change their rights before the first start.
Open 'Settings->Security settings->Intrusion prevention'.
Click on 'Manage applications'.
In the next window you can right-click to add programs to the selected group, then change their permissions and/or move them to another group.

Spoiler

image.thumb.png.e4530e043a1e12916ad5e81666001be5.png

 

  • Like 1
Posted
2 minutes ago, nexon said:

@mstytn manually (right click with mouse on TRUSTED) add .exe program to the for example trusted zone. Then will be added and simply change green icon (network to red).

image.thumb.png.90046317923b8de462ccd975f2b111b8.png

Nope, Kaspersky removes the settings for manually added applications to the list.

Probably because of security concerns.

Or maybe the reason is completely different, a bug or something.

I don't know why.

Posted
2 minutes ago, Schulte said:

Hi @mstytn,

@nexon has already addressed the best way.

in the 'manage applications' window you can add programs that have not been started yet and change their rights before the first start.
Open 'Settings->Security settings->Intrusion prevention'.
Click on 'Manage applications'.
In the next window you can right-click to add programs to the selected group, then change their permissions and/or move them to another group.

  Hide contents

image.thumb.png.e4530e043a1e12916ad5e81666001be5.png

 

Does it work?

Did you try it?

If so, there is a bug with the new Kaspersky.

Because my Kaspersky Plus interface is completely different from yours.

Actually different than you all on this topic.

k1.jpg

k2.jpg

Posted (edited)

Yes it works! You have only interface changed (newer version). I have application control but you intrusion prevention...Also on your sceond screen right click and select program exe block it thats all easy.

EDIT: Simply add into UNTRUSTED it will block network AUTOMATICALLY.

image.png

Edited by nexon
Posted
1 minute ago, nexon said:

Yes it works! You have only interface changed (newer version). I have application control but you intrusion prevention...Also on your sceond screen right click and select program exe block it thats all easy.
 

image.png

When I do that, after restarting my computer, Kaspersky deletes the manually added entries.

To disable access permanently, The application must be already on the list.

Otherwise, if I click "Add Application to group" and add the application to the list. After reboot, Kaspersky cleans the rules I have manually added.

Now I am getting pretty sure It is a bug.

Posted

Hmm.

Okay you can test it in Firewall settings... set it move to untrusted restart pc and give me feedback.

image.thumb.png.2f3d6446bc12dd90d90480e0d65a37dc.png

  • Solution
Posted
46 minutes ago, mstytn said:

Sorry I am not confident about the setting titles mentioned above, because my Kaspersky is not in English...

Hi @,
a little tip by the way:
many versions can be switched to english by pressing <Shift><F12>. To go back, press <Shift><F5> or restart the program.
Please try if this works with your turkish version.

17 minutes ago, mstytn said:

Otherwise, if I click "Add Application to group" and add the application to the list. After reboot, Kaspersky cleans the rules I have manually added.

Is your Plus running in automatic mode?
Maybe that makes the difference.
Settings->Performance settings->PC resource consumption'.
For testing, uncheck the option 'Perform recommended actions automatically'.

Spoiler

image.thumb.png.3ff32da962db040678c4117e37c90211.png

 

  • Like 2
Posted

Thank you...

24 minutes ago, Schulte said:

Hi @,
a little tip by the way:
many versions can be switched to english by pressing <Shift><F12>. To go back, press <Shift><F5> or restart the program.
Please try if this works with your turkish version.

That worked. ?

-----------------------------------

25 minutes ago, Schulte said:

Is your Plus running in automatic mode?
Maybe that makes the difference.
Settings->Performance settings->PC resource consumption'.
For testing, uncheck the option 'Perform recommended actions automatically'.

That worked.

Also asks me about protection choices. But I can live with that.

 

Marking as a solution.

Thank you again.

Posted (edited)

Quick update:

@mstytn - you wrote about Bitdefender etc. Each AV have similar settings, each AV can block program etc... I saw Bitdefender settings. Are similar like kaspersky but kaspersky needs more click by mouse to set it up.

I tried add (.exe program) to the UNTRUSTED zone by intrusion prevention and did restart. All was ok program was still there in Untrusted zone.
Also i add into second method add program via firewall and rules into Untrusted zone and restart PC. All okay program was there.
I did it on 2 versions of Kaspersky : 21.9.6.465 which is newest commercial released version. And also i did it on 21.13.5.452 which is not commercial released version.


@Schulte - I assumed that he knows because he used kaspersky in the past (Tip for change language). I use it also like you because my primary language is not english and your primary language is maybe german?
 

Edited by nexon
Posted
2 minutes ago, nexon said:

you wrote about Bitdefender etc. Each AV have similiar settings, each AV can block program etc... I saw Bitdefender settings. Are similliar like kaspersky but kaspersky needs more click by mouse to set it up.

Nope, Bitdefender has a setting for only Firewall Internet/Ethernet Access and can be used as interactive. Firewall is a separate module and doesn't have any effect on Intrusion Prevention.

By the way, I am not a big fan of Bitdefender. I had problems with it. This is why I was looking for another solution. And this is why I've subscribed to Kaspersky. And with this solution, I'm going to be using Kaspersky. I was pretty happy with COMODO Firewall but it is not an antivirus, also has an antivirus solution but not quite good.

4 minutes ago, nexon said:

I tried add (.exe program) to the UNTRUSTED zone by intrusion prevention and did restart. All was ok program was still there in Untrusted zone.

k3.thumb.jpg.cd86dc765475ec435db68f71773237bc.jpgk4.thumb.jpg.7355763622b655f6b0139b9877b3bf6d.jpg

Adding an application to UNTRUSTED zone also restricts the application to run or reach hardware/os resources. Which is not good. I only want to disable internet access.

This is where the confusion starts for me. The application is Trusted but needs to be blocked from Internet Access.

 

Thank you all again.

Posted

I dont care about bitdefender and any other av. I dislike bitdefender main GUI interface. 

You have solution. 

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...