Jump to content
Kaspersky Support Forum

Not enough privacy protection in Application Control component, legit software scanning user’s Chrome history.

Elasticrouter
 Share

Recommended Posts

Elasticrouter

Elasticrouter

Posted
  • Author
Posted

Recently, there has been reports about some legit software scanning user’s Chrome history (or any browser installed) and save it to their own SQLite database for query.

 

I have been an Anti-Virus user for years but due to the event, I decided to upgrade to Internet Security to see if the Application Control could help me fight this kind of breach in my privacy. I tried to put the application in Low Restricted group, it did not detect the behavior, for High Restricted group, the application cannot connect to the Internet, making it unusable.

 

I also tried to set up custom rules in Application Control, but I find no option to do so.

 

Here is the Process Monitor log for the said privacy breach behavior from a legit software (with valid certificate and millions of users): * username is censored

 

20:19:50.9845654    TIM.exe    5036    QuerySecurityFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Information: Attribute
20:19:50.9853745    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 0, Length: 1,048,576
20:19:50.9864900    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 1,048,576, Length: 1,048,576
...
20:19:51.0030329    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 25,165,824, Length: 196,608
20:19:51.0034535    TIM.exe    5036    CloseFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    
 

Link to comment
Share on other sites
Elasticrouter

Elasticrouter

Posted
  • Author
Posted

Hi @Elasticrouter , 

Please submit a ticket to technical support via my.kaspersky.com, include traces with reproduction of the Chrome folder scan: how to collect traces

  • enable traces
  • restart PC
  • reproduce the Chrome folder scan
  • stop traces

 

Hi @Igor Kurzin,

 

I have attached my traces with reproduction to a technical request, do I need to provide you with the request ID?

 

Thanks.

Link to comment
Share on other sites
Elasticrouter

Elasticrouter

Posted
  • Author
Posted

Hi @Wesly.Zhang 

 

Thank you for your follow-up, as I stated in my post,

 

I also tried to set up custom rules in Application Control, but I find no option to do so.

 

that’s why my intend is to propose Chrome history to be protected by Kaspersky by default, in Low Restricted group possibly. (Not that I have set up custom rule, but Kaspersky weren’t doing its job, sorry for the confusion)

After studying your screenshots, I have found the ‘Add’ button on my settings (as it is only shown after I click on any resources), and will be setting up my own rule forward.

 

For @Igor Kurzin ‘s SQLite issue, it is like what @Wesly.Zhang had said, I saw that on some report that other person posted, and I only tested the file query part using Process Monitor. Sorry for the misleading information.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing


×
×
  • Create New...