What to do if your antivirus blocks the Internet. Firewall Kaspersky Internet Security, understanding the default settings
The first step to safe travel through the vast expanses of various networks is, of course, installing a reliable means of protection. One of the few such tools is the comprehensive product Kaspersky Internet Security.
The first step to safe travel through the vast expanses of various networks is, of course, installing a reliable means of protection. One of the few such tools is the comprehensive product Kaspersky Internet Security. Despite the fact that the KIS product is quite complex, immediately after installation it is ready to perform all the duties assigned to it. The need for additional settings is extremely rare, and this is a very big plus for developers. But it is necessary to understand that this opportunity is based on the sharp edge of compromise solutions. Let's look at what they are using the example of a firewall.
Firewall settings consist of two parts: program rules and package rules. Application rules can be used to allow or block specific programs or groups of programs from sending or receiving packets or establishing network connections. Packet rules allow or deny the establishment of incoming or outgoing connections, and the transmission or reception of packets.
Let's see what the rules for programs are.
All programs have four categories:
- Trusted - they are allowed to do everything without exception.
- Weak restrictions - the “action request” rule has been established, allowing the user to independently make a decision about the advisability of network communication between programs of this group.
- Strong restrictions - in terms of permission to work with the network, the same as weak ones.
- Not trusted - by default, these programs are prohibited from any network communication (from a human standpoint, I feel very sorry for them).
By default, all programs from Microsoft, KIS itself and other programs from well-known manufacturers are placed in the “trusted” group by default. For the default settings, the choice is good, but personally I would not trust all programs, even from famous manufacturers, so completely.
How do programs fall into one group or another? It's not that simple here. The decision to place a particular program into one of four groups is made based on several criteria:
- Availability of information about the program in KSN (Kaspersky Security Network).
- The program has a digital signature (already tested).
- Heuristic analysis for unknown programs (something like fortune telling).
- Automatically place a program in a group pre-selected by the user.
All these options are located in the “Application Control” settings. By default, the first three options are installed, the use of which leads to a large number of “trusted” programs. The fourth option can be selected independently as an alternative to the first three.
Let's conduct an experiment. Let’s put some program (for example, the “Opera” browser) in the list of programs with weak restrictions and see how the “action request” rule works. For program rules to take effect, you must close and reopen the program for which the rules have been changed. If you now try to go to any website, no action request will occur, and the program will calmly establish a network connection. As it turns out, the “action request” rule only works if the “Select action automatically” option is unchecked in the main protection settings.
Another surprise awaits users of network utilities such as ping, tracert (if the “action request” rule is extended to trusted programs), putty (ssh client) and, possibly, the like. For them, KIS stubbornly refuses to display the action request screen. There can only be one way out - to set permissions for a specific program manually.
Before moving on to package rules, let me give you one piece of advice: create your own subgroups for each group of programs. For example: “Network utilities”, “Office programs”, “Internet programs”, etc. Firstly, you will always be able to quickly find the program you need, and secondly, you will be able to set rules for specific groups, instead of setting rules for individual programs.
Batch rules.
Packet rules define individual characteristics of packets: protocol, direction, local or remote port, network address. Batch rules can act as “allowing”, “denying” and “according to program rules”. The rules are scanned from top to bottom until an allowing or prohibiting rule based on a set of characteristics is found. If a rule for a package is not found, the default rule (the latest one) is applied. Usually in firewalls the last rule is to prohibit the reception and transmission of any packets, but for KIS this rule is permissive.
The action “according to a program rule” is by its nature a “window” for the actual actions of the program rules. This is convenient because you can determine the order in which rules are executed. For example, the program tries to send a packet to port 53 of the DNS server. If there is a packet rule with an action “according to program rules”, direction “outgoing”, remote port 53 (or not defined), and an allowing rule is set for the program to send a packet to port 53, then the packet will be sent if the program is prohibited from sending packets to port 53, then this packet will not be sent.
The scope of the rules covers a certain area: “any address” (all addresses), “subnet address” - here you can select the type of subnet “trusted”, “local” or “public”, and “addresses from the list” - specify IP addresses or domain names manually. The relationship of a specific subnet to “trusted,” “local,” or “public” is set in the general firewall settings.
KIS packet rules, unlike most firewalls, are overloaded with a large number of directions: “inbound”, “inbound (stream)”, “outbound”, “outbound (stream)”, and “inbound/outbound”. Moreover, rules with some combinations of protocol and direction do not work. For example, an ICMP deny rule in combination with stream directions will not work, i.e. prohibited packets will pass through. For some reason, stream directions are applied to UDP packets, although the UDP protocol by its nature does not create a “stream” as such, unlike TCP.
Another, not entirely pleasant, point is that the packet rules do not have the ability to specify a reaction to blocking an incoming packet: prohibit receiving the packet with a notification to the party that sent it, or simply discard the packet. This is the so-called “invisibility” mode, which was previously present in the firewall.
Now let's turn to the rules themselves.
Rules 1 and 2 allow, according to program rules, to send DNS requests via TCP and UDP protocols. Of course, both rules are useful, but generally network programs such as email and browsers request website addresses through the system DNS service, for which the “svchost.exe” system program is responsible. In turn, the service itself uses very specific DNS server addresses, specified manually or via DHCP. DNS server addresses rarely change, so allowing DNS queries for the “svchost.exe” system service to be sent to fixed domain name servers would be sufficient.
Rule 3 allows programs to send email via TCP. Here, as well as for the first two rules, it would be enough to create a rule for a specific email program, indicating which port and server to send to.
Rule 4 allows any network activity for trusted networks. Be very careful when enabling this rule, do not accidentally confuse the network type. This rule effectively disables firewall functionality on trusted networks.
Rule 5 allows any network activity according to the rules of programs for local networks. Although this rule does not completely disable the firewall, it significantly weakens its control functions. According to the logic of rules 4 and 5, rules would need to be placed at the very top to prevent packets from being processed by rules 1 - 3 when the computer is on a trusted or local network.
Rule 6 prohibits remote control of a computer via the RDP protocol. Although the scope of the rule is “all addresses,” it actually only applies to “public networks.”
Rules 7 and 8 prohibit access from the network to the computer’s network services via the TCP and UDP protocols. In fact, the rule only applies to “public networks.”
Rules 9 and 10 allow everyone, without exception, to connect to a computer from any network, of course excluding services prohibited by rules 6 - 8. The rule applies only to programs with permitted network activity. But be very careful, network activity is allowed by default to almost all programs except untrusted ones.
Rules 11 - 13 allow the reception of incoming ICMP packets for all programs. These rules make no more sense than 1 - 3, because ICMP in the vast majority of cases is used by the ping and tracert programs.
Rule 14 prohibits the reception of all types of ICMP packets, of course, with the exception of those allowed by rules 11 - 13.
Rule 16 prohibits incoming ICMP v6 echo request. ICMP v6 is not needed in the vast majority of cases. It would be possible to ban it completely.
Rule 17 allows everything that is not expressly permitted or prohibited by the previous rules. Although this rule is not displayed on the screen, it is absolutely necessary to remember its existence.
The default KIS firewall settings are certainly good and are suitable for most home computer users, which is what this product is aimed at. But the flexibility and undemandingness of additional settings, which was mentioned at the beginning of the article, unfortunately is achieved at the expense of the security of the users themselves, making this very security very dependent on the human factor: the knowledge and error-free actions of the user himself.
Hello dear readers of the blog site I decided to write a short article in which I will try to talk in detail about what to do if an antivirus is blocking the Internet. Very often in my work I came across a situation where, after installing an antivirus, a client complained about an Internet outage and began calling the provider’s technical support asking why the Internet had disappeared.
After a remote scan, the reason associated with the blocking by the antivirus program is usually not identified and a specialist visit is required to fix the problem. As you understand, the visit of the master is paid, and who wants to pay extra money and waste their own time if everything can be done independently.
Before calling technical support, be sure to check all the settings and check the installation instructions to see if you did everything correctly. If you are connecting via , Then also first check whether access to the network is blocked on any other device (tablet, phone, laptop).
I want to say right away that you won’t have to delete anything; everything can be solved quite simply by changing the settings of the computer and the antivirus itself. If you have uninstalled the security program and don’t know, then I advise you to read the article on this topic.
So, let's look at several options for solving the problem associated with network blocking by an antivirus.
Disabling the antivirus filter that blocks the Internet
After installing the security program, an additional parameter “Network Filter” is automatically added to the properties of your network connection. , which, if configured incorrectly, turns off the Internet. To remove such a filter, you need to go to the Network and Sharing Center and select “Change adapter settings” in the left column. .
You will be redirected to the “Network Connections” section , where we will continue to make further changes. On the shortcut of the connection through which we access the Internet, right-click and select “Properties” from the menu that opens ».
After the completed operations, the connection properties window will open, where you will need to uncheck the box next to the filtering component, which is what blocks the network.
Then click OK and for the new settings to take full effect, reboot the computer. Most often, this method helps to remove the blocking of access to the Internet associated with the operation of the antivirus. But a situation happens when this method does not help and you need to go into the security program settings and unblock connections manually.
Now I will try to briefly talk about what settings need to be changed in the antivirus program itself. As an example, I chose the most popular Kaspersky antivirus.
If the Internet turns off after installation, then just change some parameters. The first thing you need to do is go to Kaspersky settings. To do this, right-click on the antivirus icon in the lower right corner of the monitor and select “Settings” ».
A window will appear in front of you in which you need to select a tab Settings and In the “Workplace Control” item, select the “Web Control” component ». If your network is blocked, then first uncheck the box next to “Turn off Web Control” and check if the connection is working. If everything is fine, you can try deleting access rules and re-enabling Web Control. In my opinion, this parameter is not particularly important when working on the Internet and can be safely disabled, as it was done on my computer.
Actually, this is where I would like to end my story about what to do if an antivirus blocks access to the Internet. There are many antiviruses that can disable the Internet connection, and if I talk about the settings of each of them, I simply won’t have enough time and nerves. I hope that after reading the article there are no questions left, but if there are any, then feel free to leave them in the comments.
I decided to write a short article about my favorite specialist-ru Mr. Kaspersky and his invention of the century - an antivirus - it is impossible to fit it into any framework! Or do you need to put...
The fact is that now they are doing very well. There are a lot of questions from newcomers regarding the operation of this wonderful program: they ask what would this mean?? — after installing Kaspersky antivirus (for example, a trial version), do my favorite sites stop opening? — gives a warning error, saying that the site you want to visit is “dangerous”, simply “your connection is not protected” such as the https protocol? Especially often, Kaspersky blocks the Firefox browser: that is, it is impossible to visit many previously visited sites.
In general, yes, this is a problem! Especially for the non-advanced PC user! Let's solve this problem:
how to disable scanning of encrypted connections - Kaspersky Internet Security
Yes, this defender brings a lot of grief to an inexperienced user)) and with it to the owner of the site, which visitors cannot access because of its touching protection.
1 - Once upon a time... this defender Casper put a virtual code into the generated website page - in my opinion, a meaningless code (I don’t know how things are now)...
2 - once (again, I don’t know how it is now...) I marked, and completely without evidence, some sites, warning their visitors about a possible danger... and that, supposedly, the K* laboratory did not check the site!
A logical question arises: why the hell then warn about an imaginary danger (simply scare the user) since there was no check and no dangers were identified?
I consider this to be absolute disgusting behavior of Mr. Kaspersky and Co. towards the average user! and the site owner. Well, okay, blog/website owners will sort it out. But beginners, that is, not technically savvy, are in disaster! and all because of the initial antivirus settings.
In my opinion - !! Do not set dubious settings by default!!- and Mr. Kasper exhibits, contrary to logic))
OK! To hell with this laboratory!
Let's get straight to the current topic and find out how...
disable secure connection checking
After all, it is in the “default” settings of Kaspersky anti-virus that the problem with the current topic is hidden! — prohibition of visiting websites: in other words, — scanning of a secure network connection is enabled at the request of Kaspersky Internet Security protection components. Therefore, when viewing sites in the Firefox browser, a warning appears “your connection is not secure” using the https protocol!!
This is the check we need to disable.
...it’s a strange thing, how is it possible that sites using the https protocol may not have a secure connection?? and why does the iron Casper doubt??
Okay, this is a different topic - another article concerning the muddy water of the now fashionable ssl - I think that these mutual doubts about legitimacy competing campaigns will continue for a long time, because it is difficult to come to a common denominator - a global standard.
But how can you disable this secure connection check? Just!
Let’s go to the “settings” of the antivirus “gear” is like this... You can find it either in the tray by clicking on the icon... or in the program window.
As soon as the settings window opens, you need to click on “Advanced” (screen below).
Please note (next picture): you will have the “Check secure connections at the request of security components” option active by default!..
You need to select “Do not check encrypted connections”!!
I won’t spoil too much with screenshots, because it’s already clear.
As soon as you start changing the “settings”, a warning window will appear in front of you, in which there will be something like “Do you want to disable the security check? “The level of protection will decrease” - you agree!! You definitely have to agree! because it's all bullshit!
Knowledge for read the text in the warning box: funny! a play on the words of marketers and nothing more... ...and, God forbid, if something happens to us, in any case we will remain guilty! but not a laboratory. So…
...well, for example this:“Parental controls will be disabled”!
So what? we ask. Children will fit in anywhere anyway, because they most often “rummage” more than their parents.
...or this: “secure payments will be disabled”!
What kind of figurine is this?? ... precisely following the path of modernity, site owners are switching to the https protocol, in which a secure encrypted connection is provided even without K* - that is, it is safe to make some purchases: enter your data: email, etc., etc. ...
However, a paradox! like a friend of a genius)) it is sites with an encrypted connection (i.e. secure https) that Casper blocks!
In general, all these quirks are understandable, however, all that in-depth knowledge is of no use to the average user: we won’t talk about them today. And therefore, wrapping up...
Please forgive me for the lyrics..!
That's all!
After changing the settings, you can visit your favorite sites again.
Nothing bad will happen...
I don’t use Kaspersky for ethical reasons (it’s easier on my nerves), so I would be grateful if any of the readers would share information about how things are going in the paid version of the antivirus. ??
And of course, read the articles on the site and subscribe:
I share my bitter experience - some knowledge, for your sweet well-being))
It often happens that Kaspersky Anti-Virus, which is supposed to ensure the security of the local network, on the contrary, in every possible way interferes with access to network resources.
Therefore, here we will look at what to do if Kaspersky blocks the local network, and what settings are necessary if access to the computer is limited.
Before you begin diagnosing the problem, make sure that
- - you have the latest version of the antivirus installed;
- - The driver for the network card has been updated on the computer.
What to do if Kaspersky blocks the local network?
To check, you should temporarily disable the protection. To do this, right-click on the antivirus icon in the system tray and select “pause protection.”
It is also necessary to disable the Windows firewall - Kaspersky itself will perform the firewall task, assign statuses and monitor the network connection. If you leave the firewall enabled, the antivirus will periodically shut down the network.
You must immediately remember the name of the network and .
To do this, go to “Start” - “Control Panel” - “Network and Internet” - “Network and Sharing Center” - “Changing adapter settings” - “Local Area Connection” (default local network name - network card model: Realtek RTL8102E…, Atheros and others).
Setting up Kaspersky for local network:
1) open the main antivirus window;
2) at the bottom left click the settings sign (gear);
3) in the left column, click “protection”;
4) then in the right window - “firewall”; 
5) at the bottom - the “network” button;
6) select your network (the name of which you remembered earlier)
Double-click to open network properties and select the “trusted network” network type. 
Then, if necessary, you can disable the NDIS filter driver (network speed will increase significantly). It is disabled in the local network settings and cannot be configured.
It is necessary to turn on and restart the computer with the local network turned on and the cable connected to the computer’s network card, because Kaspersky begins to conflict with the Computer Browser service.
You can also prohibit or restrict certain programs from accessing the local network. To do this, follow steps one through four and select “Configure application rules.” 
There are four groups to choose from: trusted, weakly constrained, strongly constrained, and untrusted. Using the right mouse button, select the appropriate priority for the programs to run, then add new groups and programs. To do this, select:
1) details and rules
2) network rules
3) restrictions
4) reset parameters
5)remove from the list
6) open the program folder
By default, program rules are “inherited” from the installed program, but they can be changed to the necessary ones. To do this, right-click the desired program (or subgroup) and select the appropriate item in the menu.
