Kaspersky
Question

"Allow" rules on Application Control are not working, after installing July 26 Update for Windows 10 1903.

  • 27 July 2019
  • 9 replies
  • 400 views

Hi, I'm using KIS 2020's Application Control to restrict file access only allowed to necessary applications.
However, after installing July 26 Windows 10 1903 update, "Allow" rules doesn't apply to necessary apps.

I set Kaspersky to restrict other apps via:
  1. create a category which has a rule that blocks every app except Microsoft (If Microsoft apps are not allowed, allowed apps on that category are not getting allowed to access specific resource)
  2. create Files and Folders rule on category I created on step 1, set file path to only allow apps I need to use and inherit deny rules so others shouldn't have access that path.
  3. click Save



but July 26 Windows 10 1903 update messed up with this, "Allow" rules on this category are not applied, even if I allowed every app with Microsoft signature, which worked for necessary apps and protected access from others well previously.

for example, I restricted Chrome User Data folder only allows Microsoft and Google, so other apps shouldn't has access to it, preventing other apps stealing login credentials, web history, cookies, etc.

However, with that update, even Chrome cannot get access to Chrome User Data then silently crashes.

The only way workaround is marking a check from exclusions rules, which makes Kaspersky not to inherit restrictions from parent, on every apps on that vendor(bulk applying exclusions rules are nowhere on KIS 2020).


How can I get "allow" rules works without setting exclusions to each exe?

9 replies

Userlevel 7
Badge +5
Hello @ChiriChitosan,
Welcome!
  • Settings exclusions for each/every.exe is not standard.
  • When you were using KIS 19.0x, did you also set the same exclusions?
  1. Have you uninstalled & reinstalled KIS?
  2. If "yes", what procedure did you follow?
  3. Do you backups, pre 1903 restore point and sysimage?
  4. Is KIS2020 the commercial release? Licensed or free?
  5. Can you please also provide: GSI include "Windows logs - https://support.kaspersky.com/common/diagnostics/3632#block7,
  6. Please upload the GSI zip folder to a cloud storage of your choice and post back the link please?
Thanks
Sorry, I have uninstalled July 26 Update to check if this is due to KIS definition update. but Uninstalling that update made "allow" rules work normal.

also, setting exclusions to so much exes are exhausting to me.

  • Settings exclusions for each/every.exe is not standard.
  • Okay. To prevent doing this, I have uninstalled July 26 update and I've set never install that update on my Computer using a troubleshooter.
  • When you were using KIS 19.0x, did you also set the same exclusions?
  • No, I've NEVER SET exclusion of not to inherit some exes of parent process before today.
  1. Have you uninstalled & reinstalled KIS? No, it's same and current installation.
  2. If "yes", what procedure did you follow? (Sorry, I said no.)
  3. Do you backups, pre 1903 restore point and sysimage? I did uninstalled that July 26 Update, which IS cumulative update NOT feature update. After uninstalled July 26 update from my computer, it still runs 1903.
  4. Is KIS2020 the commercial release? Licensed or free? I'm using purchased version of KIS and has patch b.
  5. Can you please also provide: GSI include "Windows logs - https://support.kaspersky.com/common/diagnostics/3632#block7,
  6. Please upload the GSI zip folder to a cloud storage of your choice and post back the link please? Sorry I uninstalled July 26 update rather than excluding each exes on KIS.
However, I have set deny rule with logging, there's whole lot logs about access has been blocked......on apps that I allowed.




It has been in white-list.



Thanks
Userlevel 7
Badge +5
Hello @ChiriChitosan,
Thanks for posting back.
"deny" rule(s) do block.
Best regards.
It is right that "deny" rules do block, however, I have allowed some apps to access some resources right under that category. and July 26 update for Windows 10 1903 broke how "allow" rules apply.
Userlevel 7
Badge +5
@ChiriChitosan
  1. Have you unistalled & restalled Kaspersky software?
  2. If not, please do that and save ONLY "licence" information.
  3. When the uninstall is complete - REBOOT, power off/on PC
  4. Reinstall Kaspersky software.
  5. REBOOT, power off/on PC
  6. Run manual database update
  7. Reapply whatever rules you require.
  8. REBOOT, power off/on PC
  9. Check the rules.
IF, at that point Windows has "changed" any Kaspersky rules, please post back with GSI & Windows logs.
Thanks.
@FLOOD Can I export rules or something...? I have upgraded 2019 -> 2020, not remove and reinstall, due to too much rules I have to set. Making things worse, applications are available for applying rules, but only after launch it once. I have frequent sign-out issue on Adobe apps so learned excluding each app again is not gonna well.
Userlevel 7
Badge +5
Hello @ChiriChitosan,
Your previous advice, "1903 July update caused Kaspersky software to not work properly", if you export the Kaspersky settings (that are not working), imo, the result will not be satisfactory.
You could use the export feature, reset Kaspersky software, import settings, however, if that doesn't work I recommend the procedure previously advised.
Thanks.
https://help.kaspersky.com/KIS/2020/en-US/82867.htm
Sorry for no updates almost 10 days, I was busy then.

At first, I thought fresh install will also be no good so prepared fresh install of 1903 on Virtual Machine.

Fortunately the trials on VM, installing Kaspersky with new installer from global Kaspersky homepage, worked well even July 26 update installed.

So I tried that installer on real system. Forgot export setting before clicking 'remove' to old KIS 2020 installation so I had set those again on new KIS 2020 installation.

Before this I used KIS 20.0.14.1085 a en installer from FTP, as community refers, about 1~2 months ago.
Dunno why same version (both numeric and patch status) worked differently. but KIS from homepage works.

Thanks. It is solved via reinstalling using installer from homepage, not FTP.
Userlevel 7
Badge +5
Before this I used KIS 20.0.14.1085 a en installer from FTP, as community refers, about 1~2 months ago. Thanks. It is solved via reinstalling using installer from homepage, not FTP.

Hello @ChiriChitosan,
Thank you for letting us know.
I don't recollect advising installing from a FTP source, in fact, it's not a recommendation I would make.
We're glad uninstalling and performing a fresh install worked.
Thank you.

Reply / Ответить