Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by waking

  1. Thanks for that. It sounds reasonable. If true. that's rather disconcerting since it appears to mean that with KAV (and not KIS) I will have little or no outbound firewall protection. I have found a short thread in the Kaspersky forums with posts from two users who discovered the same problem using Windows firewall. When any one (or more) of the protection components for email, IM, or Web shield is (are) enabled KAV intercepts outgoing Net traffic. After satisfying itself that it's OK it passes it through to the firewall - *but* under its own program name (avp.exe). So any non-Kaspersky firewall will never see the name of the actual program that's accessing the Net and can't control it. The firewall only sees that KAV wants to send something to the Net and of course that's allowed as KAV is a Trusted (or excluded) program. Also, there remains an apparent inconsistency. As i mentioned in my earlier pots, OA *does* (has) popped up a warning about a program trying to access the Internet *with* KAV 2012 protection enabled. For example, when clicking on a link to check for updates. e.g. - Adobe Reader which uses another process (AdobeARM.exe) to access the Internet. With *no* Firewall rule set for AdobeARM.exe, OA will pop up the dialog asking if I want to Allow or Block this Internet access. It appears that in some cases a particular program may not get filtered by KAV in the way described above. In any event, it's apparently not an OA problem so thanks for the feedback. If Kaspersky is unresponsive, unwilling or unable to change this behavior. I'll have to consider my options. Use KIS rather than KAV. or try another anti-virus program and see which one(s) respect the role of 3rd-party firewalls and lets them do their job.
  2. Hardly. (Well, actually it did after I turned KAV off.) >In a real-world situation, would you have clicked 'Allow' for an unknown application that seemed suspicious? I would - and often have - clicked "Allow" and "Remember ,,,: for applications. This allows them to run, but with the "Ask" setting for all activities which are being monitored. I have run applications for some time like this, and then when one does something that requires access to the Net - such as checking for updates - OA informs me that the program wants to access the Net and gives me the choice to Allow it or Block it. As I said at the end of my last post, with Kaspersky Antivirus protection off, that is exactly how OA handles LeakTest. It asks me if I want to let it *run* (Program Guard), and I Allow it. Then when I click the button to start the test, OA informs me that LeakTest wants to connect with the Internet (Firewall), and I Block it. With KAV protection enabled, OA fails to alert me that LeakTest is trying to access the Internet. (Note that this is with Kaspersky *Antivirus*, not Internet Security.) Even if I manually set a Program Rule for LeakTest in the Firewall to Block it always. the setting is ignored - and the log file shows no indication that LeakTest ever went through the Firewall. If I understand the implications of your question correctly, if we: (a) Allow a program to run, then it automatically has access to the Net, (Which isn't true - unless we make it Trusted.) (b) Block the program so it doesn't run - in which case it can't access the Net or do anything else. Nowhere in those two scenarios is there any suggestion of a role for the *firewall*. But in the "real world" there is, and it comes after we "Allow" a program to *run*, but *don't* mark it as Trusted - and when the Firewall has a setting of "Ask" for the program. Amendment: Since the Firewall doesn't have an "Ask" setting in the Programs list, my last comment should have read "when the Firewall doesn't have an "Allowed" setting for the program, or has no entry at all for it."
  3. I thought LeakTest did some clever impersonation tricks to fool the firewall into thinking it's a trusted program. But after re-reading the description it looks like that has to be a manual task by the user. So if that's not what it's doing, why doesn't OA catch it? The name "LeakTest" doesn't appear in the firewall's list of programs, nor does it appear in a log file made during the tests. If I set OA to block all network traffic, LeakTest will fail. So it appears to be actually going out to the Net. Something else which is very bizarre. Since LeakTest didn't appear in the Firewall's Programs list, I manually added it and then set it to "Blocked". I then reran LeakTest - with the exact same result! I was prompted to allow it to run or not. I allowed it (not Trusted) and when the program dialog appeared I clicked the button to run the test: "Firewall Penetrated!" It seems to be bypassing the firewall's protection altogether (except when all traffic is blocked). ---------------------------- Update: Well this is a fine kettle of fish! If I turn *off* all KAV protection, LeakTest gets blocked by OA! Also, when I removed the entry in the firewall's Programs list which I had manually entered I get the expected popup from OA telling me that LeakTest wants to access the internet and should I allow it. When I turned KAV protection back on - LeakTest again slips through without OA seeing it. I also tested by turning off individual protection components in KAV - Web Anti-Virus, IM Anti-Virus, Mail Anti-Virus, and even File Anti-Virus. LeakTest still slipped through - only turning KAV off completely allowed OA to detect LeakTest's activity.
  4. Using OA Firewall Free Windows XP (Media Center) 32-bit SP3 Kaspersky Antivirus 2012 I have a similar issue with LeakTest. I get the Program Guard popup asking if I want to let it run. I reply "Allow" (it's *not* trusted) and the program starts. When I click on the "Test For Leaks" I get *no* popup from the Firewall, and the Leak Test says: "Firewall Penetrated". I have had the popup asking if I want to allow Internet access from *other* programs, so I know that it works generally. But as LeakTest masquerades as a program which is probably already trusted for Internat access it doesn't appear (under the name of LeakTest) in the Firewall's list of programs. (Nor probably in a log file either.) How can I get it blocked?
  • Create New...