Kaspersky
Products
Support go
Community
Personal Account go
Check a file or link
Kaspersky Club go
Kaspersky Education go
Beta Testing
back back
support
Home Support
Business Support
Virus Fighting
back back
kaspersky club
Россия и СНГ
Global
back back
kaspersky education
Бесплатный образовательный портал
Free educational videocourses
back back
Personal Account
My Kaspersky
KSOS Management Console
CompanyAccount
Question

Not enough privacy protection in Application Control component, legit software scanning user’s Chrome history.

  • 17 January 2021
  • 8 replies
  • 147 views
E

Recently, there has been reports about some legit software scanning user’s Chrome history (or any browser installed) and save it to their own SQLite database for query.

 

I have been an Anti-Virus user for years but due to the event, I decided to upgrade to Internet Security to see if the Application Control could help me fight this kind of breach in my privacy. I tried to put the application in Low Restricted group, it did not detect the behavior, for High Restricted group, the application cannot connect to the Internet, making it unusable.

 

I also tried to set up custom rules in Application Control, but I find no option to do so.

 

Here is the Process Monitor log for the said privacy breach behavior from a legit software (with valid certificate and millions of users): * username is censored

 

20:19:50.9845654    TIM.exe    5036    QuerySecurityFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Information: Attribute
20:19:50.9853745    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 0, Length: 1,048,576
20:19:50.9864900    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 1,048,576, Length: 1,048,576
...
20:19:51.0030329    TIM.exe    5036    ReadFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    Offset: 25,165,824, Length: 196,608
20:19:51.0034535    TIM.exe    5036    CloseFile    C:\Users\_\AppData\Local\Google\Chrome\User Data\Default\History    SUCCESS    
 

8 replies

Igor Kurzin
Rank
Userlevel 7
Badge +4

Hi @Elasticrouter , 

Please submit a ticket to technical support via my.kaspersky.com, include traces with reproduction of the Chrome folder scan: how to collect traces

  • enable traces
  • restart PC
  • reproduce the Chrome folder scan
  • stop traces

 

Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
E

Hi @Elasticrouter , 

Please submit a ticket to technical support via my.kaspersky.com, include traces with reproduction of the Chrome folder scan: how to collect traces

  • enable traces
  • restart PC
  • reproduce the Chrome folder scan
  • stop traces

 

Hi @Igor Kurzin,

 

I have attached my traces with reproduction to a technical request, do I need to provide you with the request ID?

 

Thanks.

Igor Kurzin
Rank
Userlevel 7
Badge +4

Hi @Elasticrouter , yes, please. Thank you. 

Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
E

Hi @Elasticrouter , yes, please. Thank you. 

Hi Igor,

 

Here is the request ID - INC000012350967, thanks.

Wesly.Zhang
Rank
Userlevel 7
Badge +4

Hello @Elasticrouter 

Do you set a right application rule for tim.exe? I use notepad as a target process to check the behavior of application control. It is normal.

Regards.

Go! The world !!! ? Our CD8/CD4 T & Antibody created by B lymphocytes are on their way to destroy the Coronaviruses.? Forum Moderator China. Did it answer your question? Mark it as solved! If I don't reply your topic or post for a long time, Please send me a PM include your post or topic URL to notice me, Thanks.
Igor Kurzin
Rank
Userlevel 7
Badge +4

Hi @Elasticrouter , 

Do you have any confirmation that the applicvation

save it to their own SQLite database for query

?

Did a reply answer your question? Please mark it as Best answer, the Topic status will change to Solved, thank you!
Wesly.Zhang
Rank
Userlevel 7
Badge +4

Hi @Elasticrouter , 

Do you have any confirmation that the applicvation

save it to their own SQLite database for query

?


Hello,

I think this question is related to this news in China. Not using own sqlite database. just query urls.

https://tech.ifeng.com/c/837vdMTxmIq

https://bbs.pediy.com/thread-265359.htm

Go! The world !!! ? Our CD8/CD4 T & Antibody created by B lymphocytes are on their way to destroy the Coronaviruses.? Forum Moderator China. Did it answer your question? Mark it as solved! If I don't reply your topic or post for a long time, Please send me a PM include your post or topic URL to notice me, Thanks.
E

Hi @Wesly.Zhang 

 

Thank you for your follow-up, as I stated in my post,

 

I also tried to set up custom rules in Application Control, but I find no option to do so.

 

that’s why my intend is to propose Chrome history to be protected by Kaspersky by default, in Low Restricted group possibly. (Not that I have set up custom rule, but Kaspersky weren’t doing its job, sorry for the confusion)

After studying your screenshots, I have found the ‘Add’ button on my settings (as it is only shown after I click on any resources), and will be setting up my own rule forward.

 

For @Igor Kurzin ‘s SQLite issue, it is like what @Wesly.Zhang had said, I saw that on some report that other person posted, and I only tested the file query part using Process Monitor. Sorry for the misleading information.

Reply / Ответить


 Utilities