firewall problem with KAV

[Guest]

[cvsa]

As reported here (http://forums.comodo.com/leak_testingattacksvulnerability_research/v3_doesnt_pass_grc_leaktest_merged_threads-t5795.75.html)  there's a problem of security showed by GRC leaktets for people who use Kaspersky antivirus. Comodo firewall lets GRC acceed to the internet through KAV's  avp.exe process. I think cis should warn us if an application tries to use port 80 to acceed a remote adress. Some firewalls do it : Outpost for example...

Could you (Comodo people) do something about it  ?

[commanding the celsius]

I think cis should warn us if an application tries to use port 80 to acceed a remote adress. Some firewalls do it : Outpost for example...

CIS warns you too, you are probably using safemode or similar, some safe applications such as a KAV antivirus get automatically allowed then. Set CIS to custom policy and alert settings HIGH.

Check your firewalls network security policy too to see if you have any previous allowed rules for KAV, if so, remove them.

Firewall > Advanced > Network Security Policy.

Now you should get an alert next time KAV tries to connect the Internet. 

[cvsa]

yes, i've got an alert when kav acces internet... but that's not what i want cause KAV always access the internet ! I would like Comodo firewall to tell me (once kav is trusted) when another applicatioin is using port 80 trough kav monitoring (i.e. avp.exe) to acces internet (like grc leaktest) ...

[commanding the celsius]

I never heard of AVP, but it should show up an alert if this really access the Internet, I have a hard time believing that CIS somehow would miss that.

So you put the firewall to custom policy?

If so check at:
Firewall > Advanced > Network Security Policy. to see if you got any allow rules for avp.exe.

I get a different alert if ex; Internet Explorer and then Firefox tries to access the Internet through port 80.
Also what CIS version are you running?

[cvsa]

avp is the monitoring process of Kaspersky AV. it scans all the traffic . I Use last stable version of CIS (not the beta).

Kaspersky is creating a breach through CIS firewall and GRC leak test is using that breach : it gets access to the internet via port 80 monitored by avp.exe process (part of KAV) ,  cf; the link in my first post.

[.FaZio93.]

So, have you asked on the KAV forums yet?

[cvsa]

yes.. no answer

they say use kis or outpost.....

[commanding the celsius]

First check if you passes http://www.testmypcsecurity.com/securitytests/firewall_test_suite.html
That test (340/340 points), If not then your setup is wrong.

Make sure you uses proactive security mode.
I bet you should get a warning!

Comodo should catch this whenever or not this is a bug in KAVS.

Check your network security policy, do you got any global allow rules there? Also Check your application rules.
Also check firewall behavior settings, under alert settings, make sure every box is clicked.

[cvsa]

my test is 340 /340. The only allowed pro. is AVP (Kasperky) and grc leaktest still penetrate the FW trough avp.exe process via port 80.

Could any KAV user on this forum try to reproduce the problem ?

[Tags:]