Jump to content

Not enough privacy protection in Application Control component, legit software scanning user’s Chrome history.


Recommended Posts

Elasticrouter
Posted

Recently, there has been reports about some legit software scanning user’s Chrome history (or any browser installed) and save it to their own SQLite database for query.

 

I have been an Anti-Virus user for years but due to the event, I decided to upgrade to Internet Security to see if the Application Control could help me fight this kind of breach in my privacy. I tried to put the application in Low Restricted group, it did not detect the behavior, for High Restricted group, the application cannot connect to the Internet, making it unusable.

 

I also tried to set up custom rules in Application Control, but I find no option to do so.

 

Here is the Process Monitor log for the said privacy breach behavior from a legit software (with valid certificate and millions of users): * username is censored

 

20:19:50.9845654    TIM.exe    5036    QuerySecurityFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Information: Attribute
20:19:50.9853745    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 0, Length: 1,048,576
20:19:50.9864900    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 1,048,576, Length: 1,048,576
...
20:19:51.0030329    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 25,165,824, Length: 196,608
20:19:51.0034535    TIM.exe    5036    CloseFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    
 

Posted

Hi @Elasticrouter , 

Please submit a ticket to technical support via my.kaspersky.com, include traces with reproduction of the Chrome folder scan: how to collect traces

  • enable traces
  • restart PC
  • reproduce the Chrome folder scan
  • stop traces

 

Elasticrouter
Posted

Hi @Elasticrouter , 

Please submit a ticket to technical support via my.kaspersky.com, include traces with reproduction of the Chrome folder scan: how to collect traces

  • enable traces
  • restart PC
  • reproduce the Chrome folder scan
  • stop traces

 

Hi @Igor Kurzin,

 

I have attached my traces with reproduction to a technical request, do I need to provide you with the request ID?

 

Thanks.

Elasticrouter
Posted

Hi @Elasticrouter , yes, please. Thank you. 

Hi Igor,

 

Here is the request ID - INC000012350967, thanks.

Posted

Hello @Elasticrouter 

Do you set a right application rule for tim.exe? I use notepad as a target process to check the behavior of application control. It is normal.

Regards.

Posted

Hi @Elasticrouter , 

Do you have any confirmation that the applicvation

save it to their own SQLite database for query

?

Elasticrouter
Posted

Hi @Wesly.Zhang 

 

Thank you for your follow-up, as I stated in my post,

 

I also tried to set up custom rules in Application Control, but I find no option to do so.

 

that’s why my intend is to propose Chrome history to be protected by Kaspersky by default, in Low Restricted group possibly. (Not that I have set up custom rule, but Kaspersky weren’t doing its job, sorry for the confusion)

After studying your screenshots, I have found the ‘Add’ button on my settings (as it is only shown after I click on any resources), and will be setting up my own rule forward.

 

For @Igor Kurzin ‘s SQLite issue, it is like what @Wesly.Zhang had said, I saw that on some report that other person posted, and I only tested the file query part using Process Monitor. Sorry for the misleading information.

Guest
This topic is now closed to further replies.


×
×
  • Create New...