macOS Mojave (10.14.6 )
Kaspersky Security (chrome extension) 184.108.40.206
Where can I see what task/process/daemon initiated outbound network traffic that is routed through 'kav'?
BackgroundAs per design of KIS, most of my network traffic is routed through the background kav process. However, this creates a problem in that I cannot see what task/process/daemon on my computer initiated the outbound traffic.
ProblemFor the vast majority of traffic, this isn't an issue (most traffic goes to named domains and is obviously due to known programs --internet browsing, streaming, messaging, etc.) However, there is a significant amount of traffic that I have which is routed to IP addresses (not DNS resolved domain names) and I need to determine where it's coming from so that I can set up appropriate firewall rules.
What I've triedI've enabled both log non-critical events and trace mode to see if originating processes were logged. I found no logs of originating processes at the following locations:
- /Users//Library/Logs/Kaspersky Lab/ (trace log)
- /Library/Logs/Kaspersky Lab/ (trace log)
- KIS application --> Protection --> Reports
More informationIs there a list of safe domains/IP's that KIS uses for service? I see outbound traffic at this moment for example to 220.127.116.11 and 18.104.22.168 which are both Kaspersky Lab servers -- I can't tell if that's chrome web traffic related to this website or if that's KIS in the background doing something.
Examples of outbound IP's I've logged
- (22.214.171.124 / 126.96.36.199 / 188.8.131.52) --> Amazon related
- (184.108.40.206 / 220.127.116.11 /18.104.22.168) --> Google related
- (22.214.171.124 / 126.96.36.199 / 188.8.131.52) --> Apple related