Kaspersky
Question

KES11.6 Exclusion trusted application IP range/subnet

  • 9 June 2021
  • 3 replies
  • 70 views

Userlevel 3
Badge +1

Currently, someone can only add single IPs as a remote IP (trusted Application → do not check network traffic to a specific remote IP):

 

 

 

 

Could you please consider to be able to add IP ranges or IP subnets?

 

This is the only way to exclude (old internal) websites, which do not use HTTP protocol as it is described within RFC standards. We have many old printers providing a configuration website which do not send a response header (no even 200 OK) on certain requests (KES blocks that).


This topic has been closed for comments

3 replies

You can add in a rule in the firewall if you are running the Endpoint Firewall.  See the following KB for setting up a network rule. https://support.kaspersky.com/KESWin/11/en-US/136337.htm

Userlevel 3
Badge +1

Thank you for the suggestion. Does a firewall rule also apply in such a case (INC000012833838):

 

09:43:07.935 0x13dc ERR http ProxySession(245): traffic_processing::protocollers::http::pipeline::Http1Processor::ProcessData ResultCodeException - 0x8000004b (Unspecified error): Incorrect HTTP header. At C:\a\c\d_00000000\s\component\traffic_processing\source\protocollers\http\http_parser\http1\header_parser\header_parser.cpp(61)
09:43:07.935 0x13dc ERR trafmon ProxySession(245): traffic_processing::traffic_monitor::Session::OnDataReceived ResultCodeException - Failed to process data in high layer protocol: 0x8000004b (Unspecified error). At (0)
09:43:07.935 0x13dc INF trafmon ProxySession(245): TERMINATE connection



 

Userlevel 3
Badge +1

I added a firewall rule on top but it does not work:

 

 

 

I exported the trusted appl exclusion rule and found some XML which describes the IP (is it possible to change something within the XML file to cover more than one IP?):

            <key name="0000">
<key name="V6">
<tQWORD name="Hi">0</tQWORD>
<tQWORD name="Lo">0</tQWORD>
<tDWORD name="Zone">0</tDWORD>
<tSTRING name="ZoneStr"></tSTRING>
</key>
<tBYTE name="Version">4</tBYTE>
<tDWORD name="V4">2130706433</tDWORD>
</key>