Kaspersky
Solved

Vendor submission of application for whitelisting?


I'm a software developer working for [removed] .
We are in the process of white-listing our Windows, Mac, Linux, iPhone and Android apps with antivirus software vendors.

Could you provide information on your application whitelisting process for software vendors? Alternately, we can add exceptions at install time from our (digitally signed/trusted) installer, if you have such an API.

Best regards,

Scott Smith
 

icon

Best answer by Flood and Flood's wife 1 May 2021, 09:00

Hello @ImmersedVR, Scott Smith
Welcome!
ALLOWLIST PROGRAM

Thank you:pray_tone3:
Flood:whale: +:whale2:

View original

7 replies

Userlevel 7
Badge +9

Hello @ImmersedVR, Scott Smith
Welcome!
ALLOWLIST PROGRAM

Thank you:pray_tone3:
Flood:whale: +:whale2:

Thank you!

Actually, I’d like to ask a follow-up question to clarify something.

 

Normally, I would run VirusTotal and then contact each vendor that flagged our app and apply to be whitelisted. However, it turns out that while none of them (including Kaspersky) actually flag any of our executable files, many of them block incoming connections on ports we use by default.

This leads to frequent user support incidents where we have to determine which security software they have installed and then walk them through the process of creating firewall exceptions.

Our (signed) installer automatically adds the necessary exceptions to Windows Defender Firewall, but for third-party security software with firewall functionality like Kaspersky, it’s not clear whether there’s a whitelist for firewall ports, or some kind of configuration API that a signed installer can access, or …?

Userlevel 7
Badge +9

Hello @ImmersedVR

The query is not clear, is the question, what process & or criteria do Kaspersky use? 

When & if Kaspersky blocks or causes detections with your software, use Kaspersky’s Threat Intelligence Portal, scan the software & select Submit to re-analyze, send an email, add comments, i.e. explain the problem, to the Kaspersky Virus Lab. 

Thank you:pray_tone3:
Flood:whale: +:whale2:

> is the question, what criteria do Kaspersky use?
No. Sorry, I’ll try to explain better.

 

Our product involves a Windows 10 app and an Android app that runs on a Virtual Reality headset (e.g. Oculus Quest). Both devices are on the same LAN (behind the firewall).

Kaspersky doesn’t identify our installed files on Windows as malware/PUPs, but it does prevent incoming connections to our app from the VR headset.

There is an API that allows our signed/trusted setup program to create exception rules for Windows Defender Firewall to allow the specific (unregistered) ports we use.

My question is:

How can we stop this connection blocking behavior in Kaspersky software? Is that included in vendor application whitelisting, or do we need to do something else?

 

Thanks

Userlevel 7
Badge +9

Hello @ImmersedVR

Thank you for the clarification:ok_hand_tone3:

  1. It’s not possible to give a generic answer, there’s various Kaspersky Firewall rules that can be tweaked, depending on what Kaspersky is blocking. 
  2. In the KAV reports, are there any events that match “Kaspersky preventing incoming connections to the app from the VR headset” ? If “yes”, save the Report as a text file & attach:paperclip: to your reply please? 
  3.  Alternatively, if you have a Kaspersky software license, log a request with Kaspersky Technical Support.

Thank you:pray_tone3:
Flood:whale: +:whale2:

OK, thanks for the quick responses  :-)

Reply