Introduction
Kaspersky Anti-Hacker is a personal firewall and its use reliably protects the computer from outside penetration, allows you to control the behavior of the software installed on the computer, preventing its unauthorized attempts to send data to the network, protects against infection by certain types of viruses and ensures the safety of files stored on the computer from unauthorized deletion or modification.
Kaspersky Anti-Hacker allows the user to flexibly configure rules for applications and filter packets that the computer exchanges with servers located on the network. The Attack Detector detects the most common computer attacks and automatically blocks the attacker. Stealth mode makes the computer under protected by Kaspersky Anti-Hacker is invisible on the network, which makes it difficult to prepare and carry out an attack on it. Kaspersky Anti-Hacker controls the integrity of applications and if its files change, the user will be informed about it. All events that occur while working on the network are logged in the work log.
It should be understood that Kaspersky Anti-Hacker is a firewall that controls traffic between the computer and servers, and not an antivirus. Only some types of viruses and spyware, which, when infecting a computer, download their components from the network or send data to the network can be detected when help from Kaspersky Anti Hacker. To reliably protect your computer from both viruses and hacking, it is recommended to use a combination of Kaspersky Anti-Hacker and kaspersky antivirus .
Main Kaspersky features Anti Hacker:
- Control network activity of all applications installed on the computer. With the help of rules specific application you can allow access only to a specific server on the network, or allow access to all servers, and deny only one or a few specific ones. Thus, all applications installed on the computer are under constant control and can only communicate with servers after the user's permission.
- The network invisibility mode provided by the firewall makes it much more difficult to detect a computer on the network, and, therefore, complicates the process of preparing and carrying out an attack on it.
- Packet filtering provides traffic control at a lower level than the application layer. In this way, network activity in certain directions can be stopped once and for all, regardless of which application tries to send data in prohibited directions.
- Kaspersky Anti-Hacker detects port scan attempts and blocks the host from which the scan was performed. Using scanning, an attacker determines open ports and collects information for a subsequent attack on a computer in order to obtain full control over it for subsequent illegal actions on the network on behalf of the hacked computer. Or, having collected information about the victim computer, the attacker conducts an attack in order to disable the computer or make it impossible to access it from the network.
- The firewall allows you to view a list of all established connections to the network and, if necessary, break them.
- The program's operating modes allow you to control the exchange of application data with the network from allowing any data passing in any direction to completely prohibiting data exchange between the computer and the network. After installation, the firewall works in learning mode, that is, it asks the user about each attempt by the application to access the network. The user, depending on his own preferences, either allows or prohibits the exchange of data between the computer and the network. After some time, when rules for communicating with the network are created for all applications, the firewall can be switched to a more strict mode of operation. In this mode, the firewall controls the communication between the computer and the network based on existing rules, and all other attempts by applications to send or receive data from the network for which no rules have been created are blocked. Switching firewall operation modes is done in two mouse clicks.
- The firewall is very flexible in settings. If a firewall-protected computer has services that must be accessible from the network, for example, a www-server, then using one rule, access to this service can be granted to both everyone and certain visitors.
Program installation
The program can be purchased from partners of ZAO Kaspersky Lab, in online store OZON or in online store of Kaspersky Lab. Without the key file, the firewall will not work.
Before installing the program, you need to disable the built-in firewall in XP. It's better to do it when not physical connection with the network, that is, you need to disconnect the cable from network card. Installing Kaspersky Anti-Hacker with built-in enabled Windows firewall XP can cause system instability and crashes. The installation of the program is fully automated. Run the file with the distribution kit of the program. The files will be unpacked and the program will be installed on your computer. During the installation process, the program will ask key file. Add a key. The installation of the program will be completed after restarting the computer.
Program interface, operating modes
After the installation is completed, the program icon will appear in the tray and the main window will be displayed on the screen, an example of which is shown in the figure below.
In the main window of the program, using the slider, you can change current level security. The following modes are available:
- ban all. If this mode is selected, any communication between the computer and the network will be prohibited. Selecting this mode is similar to physically disconnecting the computer from the network.
- High. In this mode, communication with the network is limited to already created rules. All attempts to exchange application data for which rules have not been created will be rejected. This mode is best used with long time, which the firewall worked in the mode Average and rules have been created for all applications that need access to the network. If an application is installed on the computer that needs access to the network, then you need to temporarily switch the firewall to Average or manually create a rule for a new application.
- Average. When you try to enter the network of applications for which no rules have yet been created, the firewall will issue a request and ask you to specify the action that it should take when the application enters the network. An example request will be discussed below. With it, you can create a rule that will guide the firewall on subsequent attempts by the application to access the network, or one-time prohibit or one-time allow the application to communicate with the network.
- Short. In this mode, the firewall allows all applications to communicate with the network, except for those for which deny rules have been created. That is, if it is not explicitly stated that the application should not be granted access, then it will gain access to the network.
- Allow all. Selecting this mode is equivalent to disabling the firewall. Control over network activity is disabled, all applications gain access to the network, regardless of the rules created.
Paragraph Stealth Mode is designed to enable the operating mode in which the firewall hides the computer on the network. AT this mode the computer stops responding to requests for its existence on the network. Stealth mode can be used when the firewall is set to High, Average or Short. When working in stealth mode, only a computer protected by a firewall can initiate a connection to any server on the network. Filtering rules that allow connections to certain services running on the computer take precedence over stealth mode. Thus, if, for example, a www server is installed on the computer, waiting for a connection on port 80, then you can create a rule that will allow connections to this port and enable stealth mode. With this setting, the www-server will be accessible from the network, but requests about the existence of a computer on the network (ping) will be ignored.
It is recommended after installation, for quite a long time, to work in the mode Average. After rules have been created for all applications that determine their behavior on the network, the firewall can be switched to High. After that, network activity that is not described by the rules will be silently suppressed.
The window with the packet filtering rules settings can be accessed from the main application window by clicking the button on the toolbar or from the menu Service - Packet Filtering Rules. An example of a window with packet filtering rules is shown in the figure below.
After installing the application, rules have been created in this list that ensure operation in local network. They can be changed or removed according to their own preferences.
Rules are executed from top to bottom. The firewall checks the packet against the rule, and if the rule indicates an action to be taken on the passing packet, then the action is taken. For example, if packet exchange is allowed between a computer with installed firewall and the 21st port of the host 192.168.2.2, and all other traffic between these computers is prohibited, then the allow rule must be higher than the deny rule.
Packet filter rules take precedence over application filter rules. If you forbid sending packets to a specific server on the network with a packet filtering rule, and then allow any application to communicate with the same server, then the application will not get access to specified server because the packet will be rejected by the packet filter.
After the firewall is installed, standard rules are created for some applications, which can be viewed in the window called with Service - Rules for Applications. An example of rules created after installing the application is shown in the figure below.
Rules for applications can be created either manually or using a wizard. The Rule Wizard window is displayed when the firewall is running in medium security mode. When an application accesses the network for the first time, when rules have not yet been created for it, the window shown below will open.
The firewall will offer to create a rule for the application based on the standard one. If the need for the application to go online is doubtful, then in the wizard window you can click the button Block once. This will cause the application's request to be rejected, but only until the next time it tries to go online. If the application does not work correctly, then during its next attempt to access the network, a firewall request will again appear on the screen to create a rule for this application, and such access can be granted to it. Moreover, an application can be granted access to the network as full, that is, it will be allowed to establish connections with any ports on any servers, or limited, in accordance with its type, which the firewall will automatically detect. Providing full access or limited is done by selecting the appropriate value from the combo box Allow application activity according to its type. Standard types applications are shown below.
If, when creating a rule for an application, the switch is set to Deny any app activity, then the firewall will create a deny rule for it, and until this rule is deleted, the application will not receive access to the network.
Paragraph Set up a rule is designed to create a rule manually, which requires some special knowledge, but allows finer filtering of application activity. An example of a window in which manual setting rules are shown below.
Based on the request received, the firewall creates a template that offers to manually correct it to fit your needs. In the example above, Miranda tried to access server 64.12.161.153 from port 3028 on port 5190 from the local machine. and from any higher than 1023, it makes sense when setting up this rule to uncheck the item local port . Also, it is known that Miranda will always try to establish a connection with the server on port 5190. Thus, after editing the rule will take the form shown in the figure below.
If you need to change, for example, the server address, then in Rule description you need to click on the parameter highlighted in blue and enter the required value. After the rule has been edited, you need to click the button Further and in the next window of the rule creation wizard, select the action that the firewall should perform when the rule is triggered. After pressing the button Ready the rule will be created.
Events that occur during the operation of Kaspersky Anti-Hacker are logged in the operation log. The log can be accessed using the menu item View - Magazines or using the button on the toolbar. An example log is shown in the figure below.
In each created rule, you can check the item Log an event. In this case, each time the rule is triggered, a mark about this will be added to the work log. By default, the operation log records attacks on a computer protected by Kaspersky Anti-Hacker with information about the type of attack and the address from which the attack was carried out. The log size is specified in the settings, which can be accessed using the menu item Service - Options - Logs. When the log size exceeds the one specified in the settings, the firewall logs new events instead of the oldest ones.
Firewall testing
Test computer configuration, software used in testing
- Celeron Tualatin 1000A on bus 133, i.e. processor frequency 1333 megahertz.
- maternal asus motherboard TUSL-2C, BIOS revisions 1011.
- 512 megabytes of RAM running at 133 megahertz.
- Hard drive Seagate Barracuda 4 80 gigabytes in UDMA5 mode.
- Windows XP Pro Eng without service pack.
- 10 megabit network of two computers.
- Kaspersky Anti-Hacker 1.5.119.
- Internet Explorer 6.0
- Retina Vulnerability Scanner 4.9.206.
- Utility for network flooding via ICMP, IGMP, TCP, UDP.
The operating system was not optimized after installation, no security updates or service packs were installed. Firewall settings were left at default.
Program Memory Usage and CPU Load
To evaluate the behavior of a firewall in difficult conditions, when a machine under its protection is attacked over a local network, a number of tests were performed. During the attack on the test machine, readings were taken about the amount of memory occupied by the program and about the processor load.
| The moment of taking the readings | Memory used |
||
Physical memory (kilobyte) | Virtual memory (kilobyte) |
||
After scanning with Retina with Stealth Off | |||
After scanning with Retina with stealth mode enabled | |||
ICMP flood for 5 minutes with stealth mode enabled | |||
ICMP flood for 5 minutes with stealth mode turned off | |||
IGMP flood for 5 minutes with stealth mode enabled | |||
IGMP flood for 5 minutes with stealth disabled | |||
SYN flood for 5 minutes with stealth mode enabled | |||
SYN flood for 5 minutes with stealth off | |||
UDP flood for 5 minutes with stealth mode enabled | |||
UDP flood for 5 minutes with stealth disabled | |||
The test results indicate that there are no memory leaks and demonstrate that even when attacking over a local network, where the data transfer rate is several times higher than when working on the Internet, there are no problems with a decrease in computer performance under firewall protection.
Scanning the system with a Retina security scanner
The test machine was scanned with the Retina Vulnerability Scanner before and after the firewall was installed. The scan results are shown in the table below.
Name | Before firewall installation | After installing a firewall | Stealth Mode |
Reply to ping | |||
Response time | |||
Domain/workgroup name | |||
Trace route | |||
Packet lifetime | |||
Determining the OS version | |||
Determining the date and time | |||
Determination of the MAC address | |||
Open port 135 | |||
Open port 139 | |||
Open port 445 | |||
Access to administrative shared resources |
Scan results show that firewall installation closes access to open ports and disables access to administrative shares. Enabling stealth mode hides the computer on the network, and it stops responding to ping.
Attack on test machine
During the firewall testing, a flood was performed according to the main protocols. This test is designed to show the behavior of the firewall under heavy loads, which can only be achieved in a local network. By default, after installing the firewall, the attacking host is blocked for 1 hour. This function works, and during the first test attack, the firewall denied all incoming connections from the machine on which the utility that was used to carry out the attack was running. In order to obtain correct test results, the attacking host's block time was set to 0, but attack detection was left enabled. During testing, the firewall determined the type of attack, and informed about it in the main program window, an example of which is shown below.
During an attack on a machine protected by Kaspersky Anti-Hacker, the processor load remained at an acceptable level, and the amount of memory used by the program remained practically unchanged. The numbers are shown in the table above. The heaviest TCP attack with stealth mode disabled caused CPU usage in the region of 70%, but this usage was not constant, but varied from 3% to 69%. During this attack, some slowdown in the speed of the computer was noticeable, but work could continue.
Online firewall test
To test the firewall for the quality of its control of applications trying to send information to the Internet, the PCAudit2 utility was used. This utility prompts you to enter any few words in any application (for example, Notepad) or go to any site that requires authorization and enter a username and password. The utility intercepts the input data, takes a screenshot from the screen, determines the username working in the system, IP address and attempts to send the collected information to its server. The utility then opens a dynamically generated page from the server with the submitted data and visually demonstrates what information can be obtained by a hacker who hacked into the system.
Unfortunately, Kaspersky Anti-Hacker was unable to stop this data from being sent. After launching the utility, the firewall brought up the rule creation wizard window, determining that windows explorer trying to access the internet. After creating a rule that prohibited any windows activity Explorer, PCAudit2 continued its work and sent the collected information to the server. The fact of the information leak was confirmed by the page that was opened later, where all the intercepted information was listed and a screenshot of the screen taken while the utility was running was shown. The leak test was repeated with a rule already created to prevent any communication between Windows Explorer and any servers. Unfortunately, the test results were again negative, that is, the utility was again able to send all the collected information to its server.
Conclusion
The firewall test results indicate that, in general, the product is of sufficient quality and provides a barrier between the network and the computer. This is confirmed by the amount of memory occupied and the use of the processor by the program during a head-on attack on the computer. The scan results confirm that the system protected by Kaspersky Anti-Hacker is protected from attacks using discovered and not yet known vulnerabilities in system services. The reasonable minimalism of the settings makes it much easier for an unprepared user to work with the firewall. At the same time, you can manually create fairly complex rules that, with a certain amount of knowledge, will help organize flexible control over traffic. Despite all this, online testing showed that the firewall does not control applications well enough. The user must carefully control the launch of applications, not open files received from dubious sources. In some cases, it is impossible to fulfill this condition and, under unfavorable circumstances, important data can be stolen from a computer protected by a firewall.
Security features that an individual seeks in a security software can vary from person to person. Regular check for updates and configuring options harden browser & OS security. But there are some features a user may not want to use. In this post, we see how to turn off Kaspersky Firewall and Safe Money in Kaspersky internet security , in Windows 10.
Turn Off Kaspersky Firewall
Switch on your computer and open main window by double-clicking on its icon in the notification area of the taskbar or the desktop shortcut residing on your main computer screen.
To disable the firewall in Kaspersky Internet security. Click open its Settings. Under Protection settings, you will see the switch to toggle on or off the firewall. Move the slider to the Off position.
Disable Kaspersky Safe Money
Safe Money is a feature that offers better security when dealing when shopping and making transfers online. Kaspersky Safe Money Feature serves this purpose well. However, it opens the web page in a new window each time they visit the sign in page of a banking or payment system web page.
If for any reason, you are unhappy with this feature, you can disable Kaspersky Safe Money. Here's how you do it.
In its Settings in the Protection tab, you will also see the entry name, reading safe money.
Simply change the toggle switch position next to the same to turn Off position to disable the Kaspersky Safe Money feature.
That's it! From now onwards, whenever you visit a payment website, Kaspersky will not open the web page in a protected mode. The feature assumes importance, especially when you are dealing with online banking and payment systems, such as PayPal. You need extra protection then, since data leakage may result in a serious financial loss.
How to disable the firewall and why you need it
Any computer running Windows is already equipped with a regular firewall. Sometimes when you reinstall a program or operating system, you have to turn it off for a while. Even more often, the reason for disabling the built-in firewall is the installation of another firewall, independent or as part of a third-party program.
To prevent a conflict between two firewalls, they usually disable the built-in one, you cannot completely remove it, but you can stop or suspend work if you know how to disable the firewall. In Windows, you usually have to go through several steps, you need not only to disable the firewall in its own settings, but also cancel the default automatic start of its service.
Sometimes it is necessary to disable the firewall as part of the Internet Security programs, usually temporarily, because it interferes with certain operations. In Avast, for example, this can be done through screen management, the firewall screen is turned off by the Stop button on the Real-time Screens tab. In Kaspersky there is a firewall icon and in context menu the disable item (or a word with a similar meaning) is selected.
This article provides instructions on how to disable the most common firewalls, plain language).
Distinguishing features: a shield icon, or a round icon with a question mark or a gray "brick" sign next to the clock.
How to disable: click right click mouse on tray icon - policy - idle mode (or "disable").
Kaspersky Internet Security
Select the Anti-hacker component
left-click on the heading of the Anti-hacker panel
select STOP in the context menu
_____________________________________________________________
Zone Alarm
Features: blue letter"Z" in the tray, next to the clock
How to turn it off: Double click on the letter "Z", select the FireWall partition, Move all sliders to the bottom "off" position
_____________________________________________________________
Distinguishing features: blue eye icon next to the clock
How to disable:
Personal Firewall is a highly integrated feature of ESET NOD32 Smart Security and it is not recommended to disable it. However, if necessary, you can open all TCP and UDP connections to allow transmission network traffic to and from the computer. To do this, follow the steps below.
Note. Creating rules to allow all traffic is only recommended for diagnosing and troubleshooting system problems.
1. Open the main application window. To do this, click the icon in the Windows notification area or select Start - All Programs - ESET - ESET NOD32 Smart Security.
2. Press the F5 key to open the Advanced Setup window. In the configuration tree on the left, select Personal firewall, and then select Policy-based mode from the Filtering mode drop-down menu.
3. In the configuration tree, select Personal firewall > Rules and zones, and then click the Setup... button in the Zone and rule editor section.
4. To create a rule that allows all traffic, click the New button and enter a name for the rule, such as Allow All. Set the Direction field to Both. Set the Action field to Allow and click OK. Click the Yes button to confirm.
5. Click the Toggle detailed view of all rules link and clear all checkboxes except for the checkbox corresponding to the Allow All rule you just created. Click OK to save your changes.
_____________________________________________________________
Panda Internet Security
Distinguishing features: Panda tray icon Image
How to disable: double click by the Panda Platinum Internet Security icon in the tray (next to the clock) opens the program window for configuration permanent protection computer shown below:
Uncheck FireWall Protection - Enable.
Press OK
_____________________________________________________________
Agava Firewall
Distinguishing Features: Green bull "V" tray icon
How to disable: Double click on the icon next to the clock, policy section, select "Allow all."
_____________________________________________________________
Distinguishing features: Tray shield icon
How to disable: Right-click on the icon and select open. The main window of the program will immediately open.
Disable "Network Monitor", "Application Monitor", "Component Monitor" and "Application Behavior Analysis"
_____________________________________________________________
Vipnet Personal Firewall
Distinguishing features: icon with red dots in the tray next to the clock
How to disable: double click on the tray icon, select the "modes" section, select the "4 Pass all IP traffic" mode.
_____________________________________________________________
Kerio Personal Firewall
Distinguishing features: Tray icon with blue shield
How to disable: Right-clicking on an icon opens a menu. Select the item "Disable FireWall", after that the icon with a shield in the tray will become crossed out.
_____________________________________________________________
McAfee Internet Security
Distinguishing features: Tray icon with an "M" in a red square
How to disable: Right click on the icon, select personal firewall - "options". Click on the "Security Settings" icon. Select "Security Level" - "Open".
_____________________________________________________________
Norton Internet Security
Distinguishing features: Yellow circle next to the clock, crossed out by 4 lines, criss-cross Image
How to disable: Double clicking on the icon opens the menu. Select the "Personal Firewall" item, press the "Turn Off" button
_____________________________________________________________
Sygate Personal Firewall
Distinguishing features: Icon with red-grey arrows next to the clock
How to disable: Double clicking on the icon opens the menu. In the menu, select "Security", select "Allow all"
_____________________________________________________________
Distinguishing Features: Yellow barrier badge next to the clock
How to disable: Double click on the icon to open the menu, go to the "Firewall" tab, uncheck "Enable Firewall"
_____________________________________________________________
N-vidia firewall
How to disable: To disable this firewall, uninstall "Network Access Manager"
Good day to you, dear readers of the Surfers Community! :) In my previous series of 5 articles, I talked about protecting your computer with various antivirus applications, both free and paid. But using antivirus software alone will not protect your computer for very long. good level. It is recommended that, in addition to simple anti-virus protection, you also use the so-called Firewalls (Firewalls), and also do not forget about the most basic security measures, such as - backup data from the computer, try not to visit sites of various "bad" content, do not launch suspicious files and much more.
In my subsequent articles, we will talk about Firewalls and additional components attached to them. They are designed to protect your computer from various hacker attacks, to control access to the Internet for programs installed on your computer, to block (according to the rules you set) incoming and outgoing network traffic. This protection component will greatly enhance the security of your system.
Firewalls, like antiviruses, are of course various manufacturers:) I will focus on 2:
Firewall, which is built into the complex software from Kaspersky called "Kaspersky Internet Security" includes access control to programs and a firewall. I decided to analyze the work of the firewall from this product in the article, since I have already talked about reliability antivirus product from Kaspersky, and use a comprehensive solution (antivirus + firewall) from such reliable manufacturer very comfortably! The only drawback is that the product is paid. But even if you don't want to pay for antivirus, there's always a way to turn paid product for free :)
Today I will tell you about the firewall and auxiliary components from a comprehensive solution for protecting your computer - Kaspersky Internet Security. I will use in my example a 30-day trial period of the full version of this product, and also at the end I will analyze the question of how it is possible to make this product "free" (of course, with the help of cracking programs) :). Let's start as always with the installation of the product :)
Installing a comprehensive computer protection solution - Kaspersky Internet Security
Consider the entire installation process step by step:
Go to the Kaspersky Anti-Virus website at the link:
kaspersky
On the site, click on the item "Download" from top menu, then from the drop-down list select the item "Product distributions":
On the new page, under the heading "Product distributions", select "Kaspersky Internet Security for all devices":
On the newly opened page, click on the link "Kaspersky Internet Security for Windows" (we will abbreviate it as KIS):
5. In the list of download options that appears, select the latest version currently available. At the time of this writing latest version- 2015. Select the language Russian and click the "Download" button:
Will start either automatic download KIS installation file on your computer, or a download confirmation window will be displayed.
After downloading the file, find it on your computer and run it. The file of the latest version at the moment is called "kis15.0.0.463ru-ru.exe".
The KIS installation process will start, which is practically no different from the installation process of standalone Kaspersky Anti-Virus. But still, I will analyze this stage so that you, dear readers, definitely have no questions left :)
In the very first window, click the only button "Install":
At the next stage, we are offered to accept an agreement on the use of the service kaspersky security network. This service Kaspersky allows you to detect new threats, view the reputation of sites and provides other useful additions. Click the "Accept" button:
At the end of the installation, the last window will appear, where we check that the “Run Kaspersky Internet Security” checkbox is checked and click the “Finish” button:
Immediately after installing KIS, a window will appear for entering the product activation key. If you suddenly bought this product, then through this window you can activate it without any problems. In our case, we do not buy anything and will seek free full use :) Just use the 30-day trial period, then reset and get 30 days again (Unless of course you yourself want to do this). And so on ad infinitum :) So, click on the link "Activate trial version programs" (do not forget to connect to the Internet, otherwise the activation will not work!)
After a few seconds, a window will appear with a message about successful activation, and it will also indicate that there are 30 days left. Just click the "Finish" button:
This completes the installation of a comprehensive solution for protecting the computer "KIS". Now let's move on to setting individual components KIS, namely the firewall, which includes the Application Control component.
Configuring the Firewall (Firewall) included in Kaspersky Internet Security
First, turn on the main KIS window by double-clicking on the icon on the desktop, or on the same icon in the tray.
First of all, update anti-virus databases by clicking on the "Update" button:
In the next window, click the "Update" button again:
In my example (pictured above), the databases have already been updated, which is why you see the message "The databases and software modules relevant."
Use the back arrow to return to the main window.
Now let's get to the settings. To go to the settings window, click on the "Settings" link at the very bottom of the main window:
I want to note once again that the KIS product includes Kaspersky Anti-Virus + additional components for data protection and traffic control (firewall, application control). Everything about setting up the antivirus itself on maximum level I talked about protection in a separate article, which you can read here "Protecting your computer from viruses with Kaspersky Anti-Virus". Accordingly, in the KIS product under consideration at the moment, all antivirus settings are absolutely identical (they can differ only when new versions are released) and it makes no sense to analyze them again in this article. And therefore, if you want to configure the antivirus from the KIS product to its full potential, then refer to the article at the link above. Thus, we first configure all antivirus components and only then proceed to configure the firewall.
Here on the tabs "Files and system registry", "Rights", " Network Rules» you can set the rules of the selected program for each individual action in the system: autorun, access to other processes, access to the Internet, access to various devices computer.
In order to set the desired rule for interacting with files and the system registry, you need to right-click on the action in the window on the right (write, read, create, delete) opposite the desired object or system action:
In drop down list available actions you can choose a new one.
Everything is the same on the "Rights" tab. Here we choose desired action and by right-clicking in the window on the right, we can change the access of our program:
On the "Network rules" tab, you can set restrictions for the program to access the network (local, Internet, or all at once). This function, as a rule, is performed by Firewalls (firewalls), but in the KIS product this is apparently placed in a separate section. Using the network rules settings, you can, for example, completely block the program from accessing the Internet. For example, you use a program on your computer and you know for sure that it does not need Internet access to normal operation. But at the same time, it is known that every program has vulnerabilities, and therefore it is better to just take it and close its access to the Internet completely.
By default, the Network Rules tab will already contain several rules for the selected program, for example:
This set of rules depends on which group KIS placed the default program you selected into. You can see this if you return to the main window of the Application Control component.
Please note that on the right side of each program there will be a trust level. All reliable programs that have a digital signature, KIS will always immediately give the status "Trusted". You can freely trust KIS about programs and change their status only if you are not sure about this program and do not know why it, for example, can access the Internet. You can change the status manually by right-clicking on desired program and in the "Restrictions" menu, select the one you need:
And it is precisely these global restrictions that determine the rules that we see by default in the “Network Rules” tab. Let's go back to her.
On that tab, we can also set our own rules, which can override those that are set by default. To do this, click the "Add" button:
A window will open for creating a new rule for the application:
In it, we set the action: "block", "allow" or "request access". In this example, I will show how to completely block the program's access to the Internet, so I chose "Block".
The next step is to set the direction of the network connection, on which we impose restrictions: "Incoming", "Outgoing" or both at once. I choose "Incoming / outgoing" to completely block the program from accessing the Internet.
In the "Protocol" and "Address" menus, leave everything by default (Protocol: "All", Address: "Any"), after which we press the "Save" button.
As a result, our manually created rule will appear in the list and using it, we completely blocked the selected program from accessing the Internet, including incoming requests:
There is also the last tab "Exceptions". The settings on this tab should be changed only if you are 100% sure that the program is reliable and you want KIS protection not to control any of its actions (to do this, check the boxes next to the corresponding items). Set exceptions only if you are sure about the program!
On this, we have analyzed the possibilities to set personal settings for programs. Press the "Save" button.
In the settings window, go to the "Protection Center" tab on the left and select "Application Control" in the right part of the window. This component is the main component of the mentioned Firewall and allows you to set program restrictions on Internet access, which I wanted to talk about in this article:
In the new window, check that the component itself is enabled (the slider on the top right has been moved to the right position), check the box "Trust programs that have digital signature»:
You can get all the information in Russian about the Application Control component by clicking on the "Learn more" link located at the top of this window.
And I will tell you with examples what this component is in general.
The program access control window will open. In this window, all currently installed programs will be collected, divided into groups (by developers):
Each program immediately receives certain access rights, which we can configure ourselves.
To do this, open the group we need by clicking on it with the mouse and select the desired program in the group. By clicking on the program with the right mouse button, a list of actions will be displayed. For example, if we just need to block the launch of the program, select the item: "Block launch":
As a result, this program will move to the "Block startup" category:
And now, when you try to run a blocked program, you will receive a message like the one shown in the image below:
You can also set up individual program rules. To do this, right-click on it and select "Details and Rules":
In addition to the fact that you can set restrictions for programs, you can also add personal data (files, folders) that KIS will monitor and report if any action is performed on them by other programs or resources. To do this, we need to return to the very first window of the "Application Control" component and click on the "Manage data protection" link:
Here, on the first tab “Personal data”, click on the drop-down list “User files”, and then click on the “Add” button below:
In the next window, in the "Name" field, specify the name of the protected file / folder, after which we mark the "File" item and click on the "Select ..." link:
An explorer window will appear in which you need to specify the path to the protected file or folder, and then click "OK":
We will return to the previous window and see the path to the object we have selected on top. We accept the changes by clicking the "OK" button in this window:
As a result, in the main window "Protection of personal data" we will see the newly added object. Now KIS will control any interaction of other programs and processes with files and folders added to this category.
Check that the protection function is enabled. network attacks. To do this, in the main KIS settings window, select the "Network Attack Protection" item in the same "Protection Center" menu:
In the new window, we check that the component itself is enabled (the slider on the top right has been moved to the right position) and the “Add attacking computer to the block list” checkbox is checked. The default time is set optimally:
This additional component of the firewall will allow you to recognize an attack on a computer from the network in the form of many requests and block the alleged attacker.
Now let's check the settings of the Firewall component. By default, everything should be optimally configured there, but I still recommend that you always check after installation :)
So, in the same "Protection Center" menu, go to the "Firewall" item:
We check that all the settings in the window are set as in the image below, since they are optimal:
From this window, you can go directly to the settings of the main component of the Firewall - program control, by clicking on the appropriate link. But the settings of this function have already been discussed in paragraphs 1-5 of this section.
In the "Network" and "Configure Packet Rules" settings of the firewall, everything is optimally set by default. I would recommend changing something in these settings only to professionals who have good knowledge in the field of computer networks.
On this, we have analyzed the settings of the Firewall and its main components. It is this addition in the KIS product that I wanted to talk about in this article. There is one point left that I promised to touch on - how to make sure that the KIS product does not need to be bought (by the way, it costs 1600 rubles a year for 2 devices), and you can constantly use its full functionality for free. See below...
How to use the full version of Kaspersky Internet Security for free even after a 30-day trial period
There are several ways to prolong the activation of products from Kaspersky using "bad" methods. I talked about them in more detail in my article about a separate Kaspersky antivirus (the link to the article was at the beginning of the previous section).
And now I will consider the same method convenient for many, which I talked about in the article about Kaspersky - resetting the 30-day period and getting a new one of the same.
It should be borne in mind that the versions of anti-virus programs are constantly updated (currently the latest for Kaspersky is 2015), and therefore, the methods of “left” activation are also constantly changing, and with the release of new versions, you need to look for new ways to hack.
The method proposed now is suitable for both simple antivirus Kaspersky version 2015, and for the extended product Kaspersky Internet Security also version 2015.
Download the archive with a mini-program for resetting the trial period from the link:
KRT-KAV-KIS-2015.zip
ZIP archive
943 KB
Password for unpacking the archive: 123
Download
Be sure to turn off anti-virus protection before unpacking the archive, because antiviruses often consider a file from this archive to be a threat! This is not true! There are no viruses in the archive, it is only a program related to hacking (in our case, Kaspersky), and antiviruses very often block this type of program.
A detailed instruction with screenshots on what needs to be done to reset the trial period of KIS or just a separate Kaspersky anti-virus is attached in this archive. You will need to restart your computer, after which you can activate the 30-day period of using the full version of the product again :)
Do not forget to do it on time, because after 30 days antivirus protection and all components stop working!
That's all for today :) I'm not finishing about firewalls and the continuation awaits you in the next article. In it, I will talk about the best different criteria firewall - Comodo Firewall, which is also free ;)
Good luck to you! See you later;)
