Jump to content

Not enough privacy protection in Application Control component, legit software scanning user’s Chrome history.

Recommended Posts

Recently, there has been reports about some legit software scanning user’s Chrome history (or any browser installed) and save it to their own SQLite database for query.


I have been an Anti-Virus user for years but due to the event, I decided to upgrade to Internet Security to see if the Application Control could help me fight this kind of breach in my privacy. I tried to put the application in Low Restricted group, it did not detect the behavior, for High Restricted group, the application cannot connect to the Internet, making it unusable.


I also tried to set up custom rules in Application Control, but I find no option to do so.


Here is the Process Monitor log for the said privacy breach behavior from a legit software (with valid certificate and millions of users): * username is censored


20:19:50.9845654    TIM.exe    5036    QuerySecurityFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Information: Attribute
20:19:50.9853745    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 0, Length: 1,048,576
20:19:50.9864900    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 1,048,576, Length: 1,048,576
20:19:51.0030329    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 25,165,824, Length: 196,608
20:19:51.0034535    TIM.exe    5036    CloseFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    

Link to comment
Share on other sites

Hi @Elasticrouter , 

Please submit a ticket to technical support via my.kaspersky.com, include traces with reproduction of the Chrome folder scan: how to collect traces

  • enable traces
  • restart PC
  • reproduce the Chrome folder scan
  • stop traces


Hi @Igor Kurzin,


I have attached my traces with reproduction to a technical request, do I need to provide you with the request ID?



Link to comment
Share on other sites

Hi @Wesly.Zhang 


Thank you for your follow-up, as I stated in my post,


I also tried to set up custom rules in Application Control, but I find no option to do so.


that’s why my intend is to propose Chrome history to be protected by Kaspersky by default, in Low Restricted group possibly. (Not that I have set up custom rule, but Kaspersky weren’t doing its job, sorry for the confusion)

After studying your screenshots, I have found the ‘Add’ button on my settings (as it is only shown after I click on any resources), and will be setting up my own rule forward.


For @Igor Kurzin ‘s SQLite issue, it is like what @Wesly.Zhang had said, I saw that on some report that other person posted, and I only tested the file query part using Process Monitor. Sorry for the misleading information.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Create New...