Kaspersky
Question

Internet access for desktop app


Hello,

I’d like to ask you to help me.

We use KSC policy (Web Control) to block the Internet connection. However, we need to allow the Internet access for one application (it’s a chat desktop app). The problem is that it’s impossible to get all IP addresses the application is connecting to because servers are around tho world and there are dozens of them. Even if I specify public IP ranges the application uses and allow the category “Chats, forums, IM” in Web Control, application is not working.

Is there any workaround how to allow this application to have full Internet access?

Thank you for your time.

KES: 11.2.0.2254
NA: 11.0.0.1131
KSC: 11.0.0.1131


18 replies

Userlevel 3
Badge +1

Hello,

Can I ask how you blocked internet using web control component via KSC?

I can suggest allowing internet and then blocking all apps that are not required, and using the only one that you require, using the application control and firewall component.

Can I ask how you blocked internet using web control component via KSC?

Any content - To all addresses - To all users - Block - Always

 

I can suggest allowing internet and then blocking all apps that are not required, and using the only one that you require, using the application control and firewall component.

Please expand this.

This is not about apps. This is about blocking the Internet access for users.

If I allow the Internet access and block specific apps, user will be able to browse the Internet which is undesirable.

 

Userlevel 3
Badge +1

hello,

If you go to Essential Threat Protection, and select Firewall, selecting configure rules for network packets and data stream, you can select and control what a user can do or device as a whole.

For example you can block browse internet webpages, and more alike. Check if that it helps.

 

I haven’t tried it but I know it will not work. In “Browsing web pages“ you block ports 80, 443 that need to be allowed for the application communication. Also, we need to block all Internet access except for one desktop application and approx. 30 webpages (portals, etc.). If I block “Browsing web pages”, they won’t be able to open important webpages. That’s why we use Web Control and it’s working fine. We just need to allow the Internet access for one application.

Userlevel 3
Badge +1

You can try that and check.

It blocks surfing web pages via browser, i hope it will allow using within the app. 

Rest you can try tweaking these settings and firewall plays a key role here.

Before I try it, what about important web pages that users need to browse?

Userlevel 2
Badge

You can put the executable into global exclusions so that traffic of this process does not get scanned...

Can you point me where I find it?

If I understand it correctly, the traffic won’t be scanned... But it will be blocked anyway, won’t it?

Userlevel 2
Badge

You can add that executable to trusted programs exclusions (I don’t know how this is exactly called in the english policy) and tick “do not inspect traffic”. This should allow every traffic of that program (if you want that...).

This setting shoud be in “general setting” → exclusions...

It didn’t work as I expected.

Any other suggestions?

Userlevel 2
Badge

You can either allow the exe file globally (do not scan network traffic) or allow all the destination addresses the program needs in Webcontrol.

I do not know anything else.

Can you request other community experts to look at this topic? Maybe they will come up with a solution or workaround.

Hello,

I’d like to ask you to help me.

We use KSC policy (Web Control) to block the Internet connection. However, we need to allow the Internet access for one application (it’s a chat desktop app). The problem is that it’s impossible to get all IP addresses the application is connecting to because servers are around tho world and there are dozens of them. Even if I specify public IP ranges the application uses and allow the category “Chats, forums, IM” in Web Control, application is not working.

Is there any workaround how to allow this application to have full Internet access?

Thank you for your time.

KES: 11.2.0.2254
NA: 11.0.0.1131
KSC: 11.0.0.1131

 

I asked it here but I haven’t got it working yet.

https://community.kaspersky.com/kaspersky-corporate-products-27/internet-access-for-desktop-app-8580?postid=44203#post44203

Userlevel 7
Badge +8

Hello @Hello There,

If the “expert” opinion you seek, is not forthcoming, please raise the issue directly with Kaspersky Technical Team via your Kaspersky Company account

Thank you:pray_tone3:

Flood:whale:

Hi,

only two experts replied. I’d like to know the opinion from other experts.

Thank you.

Userlevel 7
Badge +8

Hello @Hello There,

The Community is made up of users of Kaspersky software (like you) , all who give their time freely, to help other Community members (like you). There's a small team of Kaspersky employees - all of whom are clearly identifiable, bc, their profile shows "Kaspersky Lab Employee". For the most part, & from my observations, the willing helpers engage in providing technical analysis to address technical issues.

If no other Community “experts” contribute to your topic, please raise the issue(s) directly with the Kaspersky Technical expert Team via your Kaspersky Company account.

Thank you:pray_tone3:

Flood:whale:

I understand. However, I’d like to invite more community members to review this thread and share their opinion. I am missing this function here.

Reply / Ответить