Kaspersky
Question

ULTRASURF

  • 30 December 2021
  • 2 replies
  • 30 views

Hi,

 

I’m wondering if anyone has a solution to blocking ULTRASURF on the PC - a VPN type program designed to bypass filters, etc. (it is also available as an EXTENSION for browsers such as Chrome, Edge, etc.)

 

I’ve discovered that this program, just over 3mb, which is simply an EXECTUABLE (.exe) can easily bypass Kaspersky Safe Kids.

 

I did attempt to raise a ticket with Kaspersky about the issue, but they asked me to do all sorts of things, which as a parent I simply haven’t the time or inclination to do. I’d expect their technical experts to do the necessary checks to overcome this vulnerability.

 

At any rate, It turns out that trying to block the Ultrasurf home page using Safe Kids, but it didn’t work.

 

Furthermore, a child can simply run this program from a USB stick, or copy it onto a PC from USB and it will run (no installation needed). I could not block the program via the Dashboard because, as it hasn’t run an installer, it doesn’t display as a program to be blocked!

 

Also, turns out, if you rename the file ‘usf.exe.’ to something else, it will still run - again, easily defeating Kaspersky Safe Kids (allowing access to everything).

 

So far, the only solution I have come up with is to block the home page and download page using Windows Host file. I’ve also had to password protect a firewall and require authorisation for files to access the internet - this means that if a child attempts to run the program, I will need to grant permission (input the password) to allow it to run - not an ideal solution.

 

Furthermore, I have set Kaspersky to block access to proxy and anonymizer sites, and yet sites offering ULTRASURF are still available. I’ve blocked access to sites that allow technology and software downloads, but still find that it’s possible to get downloads for this software, and others.

 

I’ve also tried using Windows 10 Pro Applocker to prevent this file from running, but without success (using HASH). It works when blocking using the name of the .exe, but the problem is that renaming the .exe (as mentioned above) will bypass that rule easily.

 

So, any suggestions as to how to block Ultrasurf would be appreciated, as well as for the developers of Kaspersky Safe Kids to come up with solutions to the problems I’ve highlighted (without expecting me to do all the work for them).

 

Finally, I have used the REGISTRY to block access to the CHROME (Ultrasurf) Extension, and also utilised an EXTENSION called BLOCKSITE to block the keyword ULTRASURF - setting a Password. Again, these things are not possible to do with Kaspersky Safe Kids currently.

 

Thanks.


2 replies

Userlevel 7
Badge +11

Hello @StvAce

Welcome!

  1. OS version & build 
  2. KSK version & patch(x) X=letter, on the Windows Taskbar or hidden icons, rightclick the Kaspersky icon, select About
  3. May we know the specific  “all sorts of things” Kaspersky support requested please? 
  4. Is the support case still open? 
  5. Is KSK Premium or Free? 

Please let us know? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Hello,

 

Thanks for the reply.

The Windows versions are Home and Pro. I’m more concerned with the Pro (21H2), OS Build: 19044.1415 for the moment.

Also, because there is an Ultrasurf Chrome extension that can be installed on Chromium (Microsoft Edge, Google Chrome, Brave, etc.) based browsers, this is also a problem as KSK seemingly does nothing to prevent or block PC extensions.

The KSK version is: 1.0.5.9806(I)/202106

The support case is now closed.

Via a ‘chat’, and then in email, I was asked the following:

First email from Kaspersky:

 

‘1. The website URL used to download the exe file.
2. A screenshot of the block sites setting for the child profile in your My Kaspersky account which can be accessed on the My Kaspersky website [https://my.kaspersky.com].
3. Detailed description about the issue and steps taken thus far.’

 

 

------------------

I already provide the URL - and it’s easy to find. Simply type ULTRASURF in Google, or whatever, and you’ll find the homepage.

I provided a detailed description of the problem in the initial ‘chat’, and therefore saw no need to repeat myself. And I never bothered with the screen shot as I perceived it would be pointless.

The second email:

 

‘STEPS TO COLLECT TRACES:
==========================
To help further diagnose the issue please provide trace logs of the problem:

1. Create trace logs:
To access Safe Kids settings right-click the icon in the tray, next to the date and time, then click Settings.
Tic the box next to 'Log application events'.
Reproduce the issue.
*Note: do not disable traces yet.

2. Collect the trace logs: https://support.kaspersky.com/us/13191#block2
*Note: the logs will be named something like:
- SAFEKIDS.1.0.0.831a_mm.dd._hh.mm_.SRV.log.enc1
- SAFEKIDS.1.0.0.831a_mm.dd._hh.mm_.GUI.log.enc1

3. Disable traces in the settings by unchecking 'Log application events'.
4. Email back the archived trace logs.
**********************************************************************************************************************************************
STEPS TO COLLECT GSI REPORT:
============================
Please create a GetSystemInfo report:

1. Download the utility GetSystemInfo.exe from the following direct link: https://kas.pr/GSI (click on it to initiate download)
2. Run the GetSystemInfo.exe and click 'Accept'.
3. Check the option "Include Windows event logs" and click on the 'Start' option. The process can take up to 10 minutes and the progress bar may remain below 10% for most of the time.
4. A *.zip file with a name similar to this will be saved on your desktop automatically:
eg. GetSystemInfo_PC_Name_Username_Date_Time.zip
5. Please send us that .zip archive containing the report as an attachment in a reply to this email.
Further support on how to use the GetSystemInfo utility can be found here: http://support.kaspersky.com/general/dumps/3632 (click on that link to bring up the detailed guide)’

-------------------------

I’m not going to do all of that - ridiculous!

KSK developers should be able to do all of this without my assistance. The fact is, someone at Kaspersky should be able to simply download the usf.exe file and run it with Kaspersky Safe Kids in operation. They will immediately find that they can surf the internet without any problem and have no means by which to block this *.exe. As it runs when renamed, it requires a mechanism to recognise this process by more than its name.

Furthermore, KSK needs some kind of browser extensions controls to prevent the installation of unwanted extensions - proxy avoidance and VPNS.

Similar issues exist with the Android operating system. Download any VPN form Google Play Store and KSK is bypassed instantly. Only by blocking Google Play Store can this be prevented.

At any rate, suggestions as to how to prevent Ultrasurf running on a PC would be a good start (ideally utilising KSK).

Thanks.

Reply