Kaspersky
Question

How to block all ports outside the local network on Windows Server 2019 and Windows updates to keep working?

  • 15 June 2021
  • 2 replies
  • 43 views

Hello, I have the following question. I would like to blocks connections to any IP addresses on all ports outside the local network of Windows Server 2019 by installing kaspersky endpoint security -11.4.0.233, but to leave the option Windows Аutomatically update  work. With workstations, this is not a problem - I have a solution for that. The problem is with the server version of Kaspersky. I do the following: I set as exclusion processes that I think are responsible for the update, so that the firewall settings do not apply to them, but without success. These are processes that they have put as an exclusion :
 
c:\Windows\System32\services.exe
C:\Windows\System32\wuauclt.exe
C:\Windows​\ImmersiveControlPanel\SystemSettings.exe
C:\windows\system32\svchost.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
 
The problem is that in Firewall Settings - => Network Packer Rules I can't add this list:
 

http://windowsupdate.microsoft.com
http: //*.windowsupdate.microsoft.com
https: //*.windowsupdate.microsoft.com
http: //*.update.microsoft.com
https: //*.update.microsoft.com
http: //*.windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
http: //*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://stats.microsoft.com
https://stats.microsoft.com
, because KES adds each address by checking its current DNS record, and they change very dynamically and after a few days the IP address is different and the updates stop. This is what the log looks like:
 
15.6.2021 г. 16:49:10    Unknown    TCP    Blocked    20.83.81.160    443    192.168.0.80    54914    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:10    Unknown    TCP    Blocked    52.249.36.200    443    192.168.0.80    54915    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:10    Unknown    TCP    Blocked    52.238.248.1    443    192.168.0.80    54916    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:10    Unknown    TCP    Blocked    20.83.81.160    443    192.168.0.80    54917    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:10    Unknown    TCP    Blocked    52.249.36.200    443    192.168.0.80    54918    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:10    Unknown    TCP    Blocked    52.238.248.1    443    192.168.0.80    54919    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:12    Unknown    TCP    Blocked    20.83.81.160    443    192.168.0.80    54920    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:12    Unknown    TCP    Blocked    52.249.36.200    443    192.168.0.80    54921    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:12    Unknown    TCP    Blocked    52.238.248.1    443    192.168.0.80    54922    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:13    Unknown    TCP    Blocked    81.19.104.212    443    192.168.0.80    54925    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:13    Unknown    TCP    Blocked    130.117.190.213    443    192.168.0.80    54926    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:13    Unknown    TCP    Blocked    195.122.177.184    443    192.168.0.80    54927    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:13    Unknown    TCP    Blocked    81.19.104.214    443    192.168.0.80    54928    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    130.117.190.148    443    192.168.0.80    54929    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    52.12.8.165    443    192.168.0.80    54930    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    130.117.190.156    443    192.168.0.80    54931    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    130.117.190.158    443    192.168.0.80    54932    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    62.67.238.138    443    192.168.0.80    54933    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    62.67.238.148    443    192.168.0.80    54934    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    130.117.190.217    443    192.168.0.80    54935    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    81.19.104.18    443    192.168.0.80    54936    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    130.117.190.225    443    192.168.0.80    54937    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    81.19.104.212    443    192.168.0.80    54938    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    130.117.190.213    443    192.168.0.80    54939    All networks    ADSRV\Administrator    BLOCK_ALL  
15.6.2021 г. 16:49:14    Unknown    TCP    Blocked    20.83.81.160    443    192.168.0.80    54940    All networks    ADSRV\Administrator    BLOCK_ALL  
 
Can anyone help with an idea?

2 replies

Userlevel 2
Badge +1

Greetings vladop,

First, I would recommend upgrading KES to version 11.6:

https://support.kaspersky.com/kes11#downloads

Second, you can add DNS names on the network packet rules if you go on the policy properties->Remote addresses->Drop down->Adresses from the list, you can type an IP but also a domain name:

https://support.kaspersky.com/KESWin/11.6.0/en-US/123452.htm

If upgrading and adding the DNS names to the network packet rule doesn't work then, please contact Kaspersky technical support by opening a support case at companyaccount.kaspersky.com or call 781.503.1880 option 3 with GetSystemInfo Report from KSC Host: (https://support.kaspersky.com/common/diagnostics/3632#block)

To protect you as our customer, Kaspersky Lab requires any person contacting support to be registered in CompanyAccount. When registering, each person is required to enter a valid company name and contact information.

To register for CompanyAccount, click on the link below:
https://companyaccount.kaspersky.com/account/create

Once at this site:
• Enter First name, Last name, Company Name, E-mail address.
• Upload a key file (.key) or enter your 20 digit activation code.
• Enter the CAPTCHA code
• Accept the “terms of Privacy Statement.”
• Click "Create now."
Once completed, you will receive an email with instructions on how to access Kaspersky Lab support.

For more details, click on the link below:http://support.kaspersky.com/faq/companyaccount_help.

Best Regards,

It still doesn't work after install KES 11.6 I was able to add only : windowsupdate.microsoft.com,update.microsoft.com,download.windowsupdate.com,download.microsoft.com,ntservicepack.microsoft.com,stats.microsoft.com but it`s not enough.  I will open a case with Kaspersky technical support and write about the result. Thanks for the advice. BTW, in version 11.6 the process "c: \ Windows \ System32 \ services.exe" cannot be specified as an exception and I don't know why, KES says that such a file does not exist. Whether it's a bug or not I didn't understand.

Reply