Jump to content
Kaspersky Support Forum

[KSC 14.2] Limit the process in the firewall rules

tommylwl

By tommylwl
in Kaspersky Security Center

 Share
Go to solution Solved by ElvinE5,

Recommended Posts

tommylwl

tommylwl

Posted
Posted

I want to limit a process, abc.exe,  for outgoing traffic. Therefore, I open my policy in the KSC, Under Essential Threat Protection, Firewall. In the right pane, Click "settings" of configure applicaiton network rules in the operation system. When I select untrusted, and then "Add", the applicatioin list is empty.

Then, I try at the Host Instruction Prevention, there has a message "To send application startup information to Administration Server, select 'Reports and Stroage'.......". I try to follow the instruction, but there is no such option. 

May I know a correct way to limit the abc.exe outgoing traffic? 

 

add.png

host.png

general.png

Link to comment
Share on other sites
  • Solution
ElvinE5

ElvinE5

Posted
  • Solution
Posted
1 час назад, tommylwl сказал:

"To send application startup information to Administration Server, select 'Reports and Stroage'.......".

this item is here, it is enabled by default ... but check it just in case.

Спойлер

.thumb.png.df81b23fec289ec2268f1cb94c9e4956.png

 

the list is empty because the system does not receive information about running applications on your devices on the network.

This is mainly the responsibility of the "Application Control" component, by default it is disabled in the policy ... and no information is collected, enable it and after a while the system will get the necessary information and you will be able to find yours.

Спойлер

.thumb.png.21b70cfe6bc75ad0a8d2c94c5318cbb3.png

 

1 час назад, tommylwl сказал:

May I know a correct way to limit the abc.exe outgoing traffic?

I'm not sure what you're trying to do exactly.
Could you please describe your task and what you want to get as a result ... in detail?

Link to comment
Share on other sites
Arian.Mohammad

Arian.Mohammad

Posted
Posted

there are several ways to do that, In addition to what @ElvinE5 described, running an inventory task on reference computers can help big time.

after that you can even add your program to less restricted categories but limit some of its connections, for example:

msphoto.exe is a trusted application so naturally it is in the Trusted category , in which all network connection is permitted, but you can add another rule and block port 80 for msphoto.exe like this:

 

and you can find more help here:

https://support.kaspersky.com/KESWin/12.3/en-US/123452.htm

and about the inventory task here:

https://support.kaspersky.com/KESWin/12.3/en-US/130536.htm

firewall outgoing.jpg

Link to comment
Share on other sites
tommylwl

tommylwl

Posted
  • Author
Posted

2 more points.

1. You must have "Endpoint Security for Business Advanced" licnese if you are using Windows Server, otherwise, it won't work for the Application Control. 

https://support.kaspersky.com/KESWin/12.3/en-US/228553.htm

2. I use a windows 10 vm and try to get the list of the running processes. Those processes are successfully listed in the Security Center, and I can block the process in this windows 10 (refer to Arian.Mohammad screen capture). As those serves and this windows 10 are in the same managed device group, I tried those servers but if faill. The process in those servers are not blocked.

These is what i figure out these few days. The license issue waste me 4 hours. = ='

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...