Kaspersky
Solved

New Ethernet Network Detected on every boot for Hyper-V Virtual Switch [Merged]


Good afternoon,

 

I have recently moved to KSC Free (20.0.14.1085) and have been unable to prevent the “New Ethernet Connection” pop-ups from appearing each time the system boots.

The pop-ups are caused by Hyper-V’’s virtual NICs which are generated dynamically when the hypervisor loads, but I have been unable to find a way to exclude these in KSC Free. Having looked at previous community posts, there were some suggestions about exclusions in the settings under Firewall > Networks, however as I am using the Free edition, these menus aren’t accessible.

Any assistance on how to exclude these virtual NICs would be greatly appreciated!

Pop-up for Hyper-V’s default NAT virtual NIC
Pop-up for Hyper-V connection sharing (ICS) adapter

 

icon

Best answer by Berny 6 January 2021, 18:23

@yksepsak Welcome. Please contact Kaspersky Lab Technical Support https://center.kaspersky.com 

View original

40 replies

Userlevel 1

Im having this problem too. Im using a VPN and everytime I connect to it, this pops up. Firewall is off for the free version, but the network detecting thing seems to be turned on with no way to turn it off.

Maybe it’s a bug. Please remove it from the free version.

Userlevel 2

KSC Free 20.0.14.1085 (k)

Same problem with 3 virtual networks (Ms Sandbox, VM Workstation Player & Oracle Virtual Box).
I get prompted for all 3 after every start, resume from suspend and resume from hibernate.

It only started a couple of weeks ago.

Userlevel 7
Badge +9

Hello @nickbiss39, @Jsdn, @AlanB,

Welcome!

Each of you, please run Traces → follow the documented procedure and a GSI & Windows Logs & add the data to this topic?

Hopefully, someone from Kaspersky will look at the problem:thinking:

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

Hope this is what you need.

For the traces I…

  • on my PC (already booted) I got the support page ready
  • put the system to sleep
  • woke the system and logged in
  • before the first of the problem prompts appeared I started the traces
  • waited for and responded to the three network prompts
  • stopped the traces
  • generated a local report which is attached.

Also supplied the get system info report.

The PC was running with all of my browsers etc on it, if this means there is too much dross in the report, let me know and I will try to find time where I can grab the traces when nothing else is running… just let me know.

 

Userlevel 7
Badge +9

Hello @AlanB,

Thank you for the data & the update:ok_hand_tone3:

For the Traces, please do the following:

  1. Enable Traces.
  2. Shut system down using full Shutdown, not Restart & not Sleep. 
  3. Power system on, login, make sure Kaspersky application is active and make sure no other apps, browsers etc are in use. 
  4. Replicate the three network prompts or wait for the three network prompts to appear, respond to the prompts - also tell us the responses you’ve applied? 
  5. Disable Traces. 
  6. Save Traces, post to your reply please?

Note: Traces can be very large, the goal is to run them for the shortest possible time while still capturing the relevant events.. 

  • May we also have the Kaspersky application Detailed Report please  → open Kaspersky app, select More Tools, select Reports, select Detailed Reports, select All Events, select 24hrs (preferably), select Export, save the Report as a .txt file, attach:paperclip: to your reply please? 

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

OK, I think that I have done what you wanted, from a clean start.

The first prompt appeared before I could navigate to and start traces, but I start traces before I responded.

I think that I actually got 7 prompts that time, I gave different responses… No, Restrict, Yes, No, Restrict, Yes, No.

Then stopped trace and packaged it

Have attached the new Traces and a Detailed report as requested.

Hope that helps.

Userlevel 7
Badge +9

Hello @AlanB,

  • :arrow_right: Traces must be enabled BEFORE the system is shutdown:arrow_left:

It goes like this:

  1. Enable Traces.
  2. Shutdown.
  3. Power on.
  4. Login.
  5. Kaspersky app active - yes.
  6. Replicate Network prompts. 
  7. Answer Network prompts.
  8. Disable Traces
  9. Provide Traces here - please? 

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

OK, didn’t realise that the Enable Traces would work through a restart.

The number of network prompts seems to vary.  From Sleep and Hibernate I have only ever seen 3 prompts. Since I have been doing the Restarts to grab the traces, I have seen 7, 5 and this time it was just 3 (No, Restrict, Yes).

Hope it is all as required this time :grinning:

 

Userlevel 7
Badge +9

Hello @AlanB,

Thank you for persisting:grinning: and the Traces:clap_tone3: !

Agreed, the process does appear to defy logic, however, enable before allows for the Traces to capture both the end & start of the Kaspersky app. 

Do the alerts show after the Kaspersky app has been clicked on, with no other actions by you? 

Please let us know?

Thanks again:pray_tone3:

Flood:whale:

Userlevel 2

The alerts show after login, no interaction is required with Kaspersky or any other app (Kaspersky obviously auto-starts).

Userlevel 7
Badge +9

Hello @AlanB,

Excellent, thanks for the clarification:ok_hand_tone3:  


addendum

  1. Please add network prompt images
  2. If an original hosts file is used, do the same prompts occur? 

Please let us know?

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

Here are a typical 3 prompts images.  Each is followed by an identical “Attention” confirmation prompt which I cannot screen-grab, so photo instead.

I had assumed that one of those was Windows Sandbox, but when I started that, Kaspersky prompted for Adapter #6.

VirtualBox and VmWarePlayer are obviously setting up networks at boot, but I am not sure if anything else is (or how to check).

I thought that this might help recognise the networks.

>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home

   Link-local IPv6 Address . . . . . : fe80::a556:22e9:1a0d:c9eb%19

   IPv4 Address. . . . . . . . . . . : 192.168.0.9

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 192.168.0.254

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::693c:7868:69b1:ead2%5

   IPv4 Address. . . . . . . . . . . : 192.168.56.1

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::e1d9:5d4f:8609:fc30%21

   IPv4 Address. . . . . . . . . . . : 192.168.42.1

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::f541:dbc9:c5ff:7d63%16

   IPv4 Address. . . . . . . . . . . : 192.168.193.1

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

Ethernet adapter vEthernet (Ethernet):

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::ed40:573d:c3e6:dee5%15

   IPv4 Address. . . . . . . . . . . : 172.19.144.1

   Subnet Mask . . . . . . . . . . . : 255.255.240.0

   Default Gateway . . . . . . . . . :

Ethernet adapter vEthernet (VirtualBox Host):

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::c5f4:5be2:c65e:df59%37

   IPv4 Address. . . . . . . . . . . : 172.22.176.1

   Subnet Mask . . . . . . . . . . . : 255.255.240.0

   Default Gateway . . . . . . . . . :

Ethernet adapter vEthernet (VMware Network ):

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::f551:215e:b22d:f6d0%43

   IPv4 Address. . . . . . . . . . . : 172.17.64.1

   Subnet Mask . . . . . . . . . . . : 255.255.240.0

   Default Gateway . . . . . . . . . :

Ethernet adapter vEthernet (VMware Network ) 2:

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::b80d:2a97:7ee9:58b8%55

   IPv4 Address. . . . . . . . . . . : 172.18.144.1

   Subnet Mask . . . . . . . . . . . : 255.255.240.0

   Default Gateway . . . . . . . . . :

Ethernet adapter vEthernet (Ethernet 2):

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::38b6:1cd0:ec4a:3492%44

   IPv4 Address. . . . . . . . . . . : 172.30.224.1

   Subnet Mask . . . . . . . . . . . : 255.255.240.0

   Default Gateway . . . . . . . . . :

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :

   Link-local IPv6 Address . . . . . : fe80::3c28:6fa0:e770:ddeb%75

   IPv4 Address. . . . . . . . . . . : 172.31.240.1

   Subnet Mask . . . . . . . . . . . : 255.255.240.0

   Default Gateway . . . . . . . . . :

 

Original hosts? Are you referring to C:\Windows\System32\drivers\etc\hosts?  If so, I will need to go and look for one; I think that it would be only comment lines but I cannot remember for sure.

 

Userlevel 7
Badge +9

Hello @AlanB,

Thank you for the information & the images:ok_hand_tone3:

  • Original hosts question → yes. 

The hosts file that currently exists is not standard, copy the file that’s there to the desktop, then follow How to reset the Hosts file back to the default → when you’ve created the new hosts file, copy it to C:\Windows\System32\drivers\etc\hosts - after you’ve copied the current hosts file to the Desktop. 

  • Is it possible to change the startup for VirtualBox and VmWarePlayer so they don’t start automatically at boot → it’s not the ultimate solution but it’s worth seeing if it makes a difference? 

Please let us know?

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

OK, I set the hosts file as requested, shutdown, powered up and logged in.

The prompts were the same.

Userlevel 1

I needed to uninstall for now as the popup was pretty annoying during work so I dont have the Trace.

One thing I noticed is, it didn’t matter which option I selected in the prompt. No.., Restrict.., Yes.., all ended up me connecting to the VPN just fine. Common sense also tells me it should be blocking the network until I select either the button, but if I let the prompt unselected, it was still connected. So this prompt it self, did asbsolutely nothing.

Since this network protection seems to be part of the “Firewall” feature, and Firewall is disabled in the free version, I suspect this network “detection” function was accidentally left enabled while other Firewall related function was disabled. That could explain why it didnt matter which option I selected on prompt. It detects, but for nothing.

My guess is they just need to simply disable this detection part.

Userlevel 7
Badge +9

Hello @Jsdn,

Thank you for the update and the information:ok_hand_tone3:

  • We agree with your conclusion, however, the difficulty is getting this investigated/changed, even when it’s a bug or implementation issue, bc it’s reported for the free software and there’s no Tech Support for the free software, further, for TS to investigate any issue, they always require data, however, if no TS is available to users of the free software, it’s not easy to submit data → evidence of that, discussing the issue with Kaspersky Level 1 Support, we get told to “ask the Kaspersky Community for help:rolling_eyes:
  • Now there’s data & history, we’re hoping the Kaspersky Lab employees who participate in the Community will see the need and proactively work on the problem:thinking:

Thank you:pray_tone3:

Flood:whale:

Userlevel 7
Badge +9

OK, I set the hosts file as requested, shutdown, powered up and logged in. The prompts were the same.

Hello @AlanB,

  • Thank you for the update and for resetting the hosts file:ok_hand_tone3:
  • It was a long shot, and as a general rule, unless a host file has been consciously modified, it’s best to use the original. 

Thank you:pray_tone3:

Flood:whale:

Userlevel 2

@FLOOD and accepting @Jsdn ‘s hypothesis that this problem is indeed just a problem with disabling the Firewall in the free edition.

Just to state the obvious, hopefully TS will see the commercial incentive…
I am sure many users of the free version do not have the environment to cause this problem.  However VM usage isn’t uncommon, so, many free users will experience this annoyance.  Why would these users then even consider upgrading?

Userlevel 7
Badge +9

Hello @AlanB,

Agreed:ok_hand_tone3:

Unfortunately, the Kaspersky Community cannot this fix this; as previously stated, we’re hoping Kaspersky Technical experts will proactively engage. 

Thank you:pray_tone3:

Flood:whale:

Userlevel 1

Was this resolved with patch L ?

Userlevel 7
Badge +9

Hello @Jsdn

Welcome back!

Have you tested with v21? 

Please let us know the outcome!

Thank you:pray_tone3:

Flood:whale:

Userlevel 1

Oh, was a new version released? I temporarily switched to a different product, but wondering if this was resolved. Might test it later if no one knows.

Userlevel 7
Badge +9

Hello @Jsdn

Please share the outcome with the Community when it’s available?

Thank you:pray_tone3:

Flood:whale:

Userlevel 1

Unfortunately, not fixed in the latest version.

Although its the free version, Im starting to doubt the quality of the software when they cant/wont fix such simple problem. Moving on to other product for now.

Not fixed still….

Reply