Kaspersky and Tiny

Discussion in 'other firewalls' started by JayTee, Apr 3, 2005.

Thread Status:
Not open for further replies.
  1. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    OK, I changed my AV to Kaspersky Anti-Virus (KAV) to test how much impact it had the resources of my PC (AMD64 3200, 1G RAM). It was quite un-noticeable.

    However, I was surprised that KAV managed to bypass my firewall rules and update itself automatically, without asking me whether it could access the Internet.

    My rules are only outbound but I noticed in the activity monitor that kavsvc.exe was being allowed inbound on a udp port ... of course I could block this inbound activity, but my greater fear is that some untrusted process could be able to do the same!

    Any ideas: I'll try to summarize the firewall rules later as I have to go to church.
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I was under the impression that only Trusted apps were allowed full access in both directions in Tiny...
     
  3. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    maybe tiny firewall knows that KAV is safe.

    Like wat zonealarm has automatic configuration
     
  4. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    maybe tiny is under "learn" mde
     
  5. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    KAV personal updates via active FTP or HTTP. It listens on ports 1110 and 1125 to scan pop3 and smtp, respectively, and needs access to ports 110 and 25 to receive and send mail. The UDP activity may have been loopback. You might want to watch for whether your AV picks up email activity from your email client after KAV is running.
     
  6. mlr1m

    mlr1m Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    52
    In the TPF2005-Pro the "services" group is not restricted.
    You need to create a rule to control this group. If not all apps in the service group will have full access to the net.

    In an earlier build of TPF the "KnownSystemApps" had the same problem.

    Michael
     
  7. JayTee

    JayTee Registered Member

    Joined:
    Nov 2, 2004
    Posts:
    166
    Thanks Michael for the info. Both ewidoctrl.exe, ewidoguard.exe and kavsvc.exe are in the services tab.

    Incidentally, I had the same problem with ewido which automatically updated itself everyday. I stopped it by removing svchost.exe from connecting out and instead allowed system outbound access. However, the subsequent Netbios alerts and prompts drove me crazy so I had to allow svchost.exe access to 255.255.255.255.
     
  8. mlr1m

    mlr1m Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    52
    You have to allow DHCP Broadcast (255.255.255.255) , out
    As far as automatic updates, you should control those with the program itsself, not Tiny.

    Michael
     
Thread Status:
Not open for further replies.