question about kaspersky firewall.

hi,
Im currently using KIS 2012 and i visited the GRC website to perform a test and my firewall did not completely stealth rather some ports were closed and some were stealthed.
Im not very in the know about firewalls so is this set up ok...?
I have asked this question in the kaspersky forum and ive been told to ignore these tests as they are apparently marketing hype.Is this true..?
Any help with this please.?

 

what ports were reported open and are you behind router?

 

im not behind a router no.
none of my ports are actually open.
when i did the test some ports were green and some were blue.
If i understand correctly all ports are supposed to be green.
Apparently kaspersky uses a different philosophy on firewall protection.
Any opinions on this.?

 

Leaktests are trusted cause they are harmless.

To test KIS:

- Disable automode
- Disable to trust "programs that known good" and "known in KSN" in Application Control
- Delete the leaktest program from trusted group in application control (if you run ist before)

Make your leak test and be happy

 

The Kaspersky firewall is designed so that it by default does not stealth ports.

http://forum.kaspersky.com/index.php?showtopic=221752&view=findpost&p=1754911

 

hi.
sorry i didnt use the leaktest on this site.
I used the port scans tests.
would i be right in thinking if my ports are closed im ok..?
Thanks.

 

Yes, closed is fine.

 

ok ive been informed of this thank you.
am i secure with unstealthed ports.?
I really like kaspersky and i just want to know the firewall is set correctly.
is there a way to stealth them within kaspersky or not.?
thanks.

 

Yeah, you can change firewall settings to make it stealth ports:

http://malwaretips.com/Thread-Configure-Kaspersky-for-Stealthing-all-ports

 

Ports can be "open" or "closed".
If they reported as "stealth" this is an answer of a FW - so someone knows they are there and can try to bypass. Stealth mode is pure marketing and at least KL has dropped it since 2008 (KIS 2009).

 

I'm not very familiar with the behavior of Kaspersky products or their naming conventions. However, common use of the term "stealthed port" would refer to the absence of a response. To, for example, a SYN. Which may have been sent as a quick check to see if there is a machine up on the target IP, which might be one of many designed to put a taxing load on the target machine, which might have been spoofed in an attempt to recruit the target machine for a DOS attack on some other machine. The absence of a response to such things is desirable in many cases. Were that port not "stealthed" but simply closed, the standard behavior would be to send a response to those SYNs (a RST).

 

a little overwhelming for me to read the details..
still trying to fit myself in these days. =)

 

Saw this thread here around early 2012 about KIS2012 and stealth. Might give you some ideas there.