macOS Mojave (10.14.6 )
Kaspersky Security (chrome extension) 20.0.0.3
Where can I see what task/process/daemon initiated outbound network traffic that is routed through 'kav'?
Background
As per design of KIS, most of my network traffic is routed through the background kav process. However, this creates a problem in that I cannot see what task/process/daemon on my computer initiated the outbound traffic.Problem
For the vast majority of traffic, this isn't an issue (most traffic goes to named domains and is obviously due to known programs --internet browsing, streaming, messaging, etc.) However, there is a significant amount of traffic that I have which is routed to IP addresses (not DNS resolved domain names) and I need to determine where it's coming from so that I can set up appropriate firewall rules.What I've tried
I've enabled both log non-critical events and trace mode to see if originating processes were logged. I found no logs of originating processes at the following locations:- /Users//Library/Logs/Kaspersky Lab/ (trace log)
- /Library/Logs/Kaspersky Lab/ (trace log)
- KIS application --> Protection --> Reports
More information
Is there a list of safe domains/IP's that KIS uses for service? I see outbound traffic at this moment for example to 77.74.178.18 and 77.74.178.23 which are both Kaspersky Lab servers -- I can't tell if that's chrome web traffic related to this website or if that's KIS in the background doing something.Examples of outbound IP's I've logged
- (52.214.10.178 / 35.153.41.70 / 143.204.225.159) --> Amazon related
- (173.194.76.189 / 35.186.224.47 /216.58.201.182) --> Google related
- (17.253.109.203 / 17.167.194.230 / 17.142.171.9) --> Apple related
Thank you,