Kaspersky KSC12 - Network Packet Rules help

[Simon Reach]

Hi everyone, just need a little assistance with configuring the network packet rules as trying to fine tune them to be a little more locked down and secure.

 

In Network Packet Rules, i’ve got Allows at the top and then Deny underneath them, so anything not explicitly allowed will be blocked off.

I’ve set a rule up to allow RDP for Trusted Networks with Inbound connections on Port 3389 being allowed for a particular machine, at the bottom of the list i’ve got a rule that blocks inbound port 3389 from any address.  This doesn’t work though, i can rdp from both Trusted Networks and non-Trusted Networks.

 

I’ve also setup an allow for incoming ICMP stream coming from Trusted Networks and then Blocks Incoming ICMP stream from any address at the bottom.  This works absolutely fine, so i can ping the machine from a trusted network and ping responses fail from non-trusted networks.

 

Once i get these working and tested, i’m going to remove the explicit blocks and just put a block everything at the bottom so all traffic not specifically allow from any network is blocked, i can’t do that though when i’m not understanding why the Allow/Block with the RDP is acting differently than the Allow/Block with the incoming ICMP stream when the settings all appear to be the same.

 

edit:  Just as a quick test, i put in a Block for everything from any address and it seemed to do that, ignoring all of the explicit allows so had to kill off Kaspersky on the machine to reconnect to it.

KSC 12.0.0.7734

KES 11.4.0.233

[intellihost]

im having the same issue as you are!, were you able to find anything that helps, allowing DRP connection from certain I.P addresses and block the rest which are not on the allow list.