Looks like Kaspersky 2010 has gone gold

Still having major slowdown/sticking issues with Firefox, even when I tried that beta hotfix.

 

Thank you for trying to help me.

I don't think I can set all trusted programs to ask for internet access, considering what is in that list, my computer would either freeze up or I'd be bombarded with questions.
Considering your second suggestion, manually disabling trusted applications, I'm not sure what to do. I have to set something for network service and there many options. Would 'any network activity' be the correct option ? (There are others like outgoing TCP stream, DNS over TCP etc.)
And would it make a difference whether I'm behind a router or directly connected to the internet ? (Currently I'm not using my router due to problems).

I also looked at the option mentioned in post #61. I could set an application from trusted to ?? what's the best for controlling outbound access (asking for permission or blocking it) ?

About the above two approaches: which one is best ? I'm used to commercial firewalls that control outbound access in a much more simple way.

I'd appreciate any help with this.

 

Anyone know when KIS 2010 is going to be officially released here in the U.S.? I just went to their site, and it still shows the 2009 version.

 

Right now it shows KIS 2010 on the .com site.

 

Strange. I was just there, and all it had was KIS/KAV 2009.

http://usa.kaspersky.com/downloads/kis_latest_versions.php


EDIT......Ok, I see what site you're talking about. Thanks Fly.

 

I think you will be fine with allow all trusted, if you really want some program to stop phoning home consider deny connecting to public networks (internet zone, see sec. screeny), if application is trusted/HIPS didn't find anything suspicious/nothing compromised, it will not try to establish any unsolicited/malware driven connection, you can control almost every application from itself, aka. disable automatic update etc., it is much better control than blocking network requests from firewall over and over, just my opinion...

also should be noted, executables which are not recognized by Kaspersky automated application analyzer will be not placed in trusted group, for any other group (except untrusted) you will be prompted (and not just by FW), if application is malware or malware like recognized by K analyzer, it will not even start, so I recommending relaxation, if you need to be asked for something by Kaspersky, you will be asked

 

Could anyone tell me if the prior KIS issues with Vista have been addressed with this latest version? I think prior KAV did not have DDA in Vista- if so, does 2010 do DDA?

thanks

PS- sorry, did not read the whole thread in case the question was asked/answered earlier

 

Thank you for your help. I think I got it now.

Although I doubt whether it's wise to give full internet access to explorer.exe and the application layer gateway service.
I've been told that explorer.exe is sometimes used by malware, and I think that the application layer gateway service could compromise my privacy. (I don't trust my ISP!). One could question some of the other stuff in that list.

As I have stated, I'm currently not behind a router. Kaspersky detected a worm (perhaps some other stuff too), the Helkern worm. I 've noted a few of such messages. I've never seen that with other security software. Do they block it without notifying me ? Or does this Kaspersky software (configuration) have some vulnerabilities ? For as far as I understand, if there are no windows services listening, a worm or other malware would not even be able to get on my computer, in theory anyway. I know there is a 'netstat' command to check for that, but I'm not sure about the correct Netstat command. Can anyone enlighten me ?

 

If you think about direct disk access protection, you are wrong in assumption that 2009 didn't have it, both 2009 and 2010 have DDA protection. here are screens for some KIS 2010 protection scope for Vista:

 

you can always put ask rules on every application including explorer.exe etc.
Kaspersky have special rules for network attacks which may be generated by worms etc. in your case "halkern port" (1434) and it is part of Kaspersky network attack blocker component...if you do not like to be informed with popup you can disable it (see pic.)
I think command which you are looking for is netstat -a, for complete list of commands and their descriptions for netstat you can always type netstat ? in CMD

 

try KIS/KAV 9.0.0.463 (CF1) build, works much better, at least on my comp

 

Netstat -a says that some things are listening.
Protocol TCP
I'll replace the user name by an X
x:emap
x:microsoft-ds
x:1110
x:19780
x:netbios-ssn
x:1027
(In case the numbers are ports, the utility at www.grc.com states that the first two are stealth, the last one closed)
According to netstat -a, those things are listening.
I've found one reference for an emap service, and it was described as malware or malicious, but I cannot find it on my computer under 'services'. As for the numbers, I have no idea what they mean.
I installed Kaspersky on a known clean OS/computer. (clean image)
About the Helkern worm: in the log I can find two intrusions/detections (?), both on port 1434, both UDP. According to the port on www.grc.com, it is closed. (Again, I use only KIS' firewall, I don't have a functional router at the moment) If the port is closed, how can Kaspersky detect the worm ?
A little reference: https://www.grc.com/port_1434.htm

Can I get some advice, or an explanation, please ?

 

yes, those numbers are ports...
135/TCP,UDP Microsoft EPMAP (End Point Mapper), also known as DCE/RPC Locator service, used to remotely manage services including DHCP server, DNS server and WINS
source wikipedia
ports 1110, 19780 is where Kaspersky listen
kaspersky in fact establish itself like local proxy, all traffic are scanned monitored by kaspersky, from loopback interface, you can see it in action by ticking at "show connections established by Kaspersky internet security" at the top of network monitor then you can start your internet browser and watch connections of KIS...
port should be closed, you should be worried only if ports are opened...

 

Thanks for the info. Does the DDA for Vista apply to KAV as well?

 

Thank you, I got it now.

 

No, only KIS have that protection

 

Do any other av's provide DDA in Vista? (not talking suites)

 

I doubt, since this is behavior blocking/HIPS job, but maybe there is in some, really don't know, sorry

Edit: you can install CIS only AV component, it goes with HIPS which have DDA protection, you can chose not to install FW component...

 

For some it does and for some it doesn't. Please keep in mind this is still beta

 

sure, hence the phrase on my comp. A bit rushed .459 general release though.

 

Used last beta untill after an update i had no more network connection, the operating system got also messed-up.Luckely i had a back-up.
I was surprized pleasently at the begining ,first 5 days, KAV 2010 beeing the first that didint messed up my connectivity (last know KAV to work on my PC beeing KAV 6) ,but it recovered .

 

Virgin broadband now gives free Kaspersky

 

Barclays Bank online customers in the UK can also download a KL product free of charge.

 

see for details
http://forum.kaspersky.com/index.php?showtopic=123401

 

Correct. It is just the AV engine. No antispyware or other security from Kaspersky