TVs. Consoles. Projectors and accessories. Technologies. Digital TV

How to configure Kaspersky, initial actions after installing the antivirus. Configuring Kaspersky for local network Kaspersky blocks access to the folder

The component is designed to ensure the safety of your work on the network. Firewall V Kaspersky Internet Security 2014. All network connections on your computer based on packet/network rules Firewall assigns statuses and controls them in accordance with the established statuses (allows or denies connections).

1. How to change network status

To change the network status, follow these steps:

  1. In the lower right part of the window, click on the link Settings.
  1. In the window Settings go to section Protection and select Firewall.

  1. In the window Firewall settings click on the link Networks.

  1. In the window Manage networks in the block Networks Right-click on the connection for which you want to change the status and select from the context menu:
    • Public network, if you want to deny access to files, folders and printers, as well as Remote Desktop on your computer. This status is suitable for networks that are not protected by any anti-virus programs, firewalls, or filters (for example, for an Internet cafe network). Each program's network activity is filtered according to the rules for that program. By default, the Internet network is assigned the status Public network, which cannot be changed.
    • Local network, if you want to provide access to networks whose users you trust to access files and printers on your computer (for example, an internal corporate network or a home network). Each program's network activity is filtered according to the rules for that program.
    • Trusted network, if you want to open full access to what you consider to be a secure network, in which your computer is not subject to attacks and attempts of unauthorized access to data on your computer. If you select this status, any network activity within this network will be allowed.
  2. In the window Manage networks click on the button Change.

  1. Close the program window.

2. How to prevent a program from accessing the Internet using Firewall

To block a specific program from accessing the Internet, you can create a rule for the program in Firewall. To do this, follow these steps:

  1. In the lower right corner click on the link Settings.

  1. In the window Settings go to section Defense Center and select Firewall.

  1. In the window Firewall settings click on the link Configure program rules.

  1. In the window Program management right-click on the program you need and select the item in the context menu Details and rules.

  1. In the window Program Rules go to bookmark Network rules and click on the button Add.

  1. In the window Add in section Action select Block.
  2. In the section Name enter Web Browsing.
  3. If you want the result of this network rule to be recorded in the report, then check the box Record events.
  4. Click on the button Add.

  1. On the bookmark Network rules a rule with an icon will appear Prohibit.
  2. In the window Program Rules click on the button Save.

  1. Close the window Program management.
  2. Close the program window.

There are many versions of antiviruses from Kaspersky Lab, each of which has its own advantages and disadvantages. One of the latest options is Kaspersky Internet Security 2015, which combines many functions, the configuration of which requires time and certain skills. We will tell you how to install and carry out basic configuration of Kaspersky Anti-Virus in this article.

Download and Install

The first step is to download the installation distribution to your computer. Where and how to do this is up to everyone to decide for themselves. The demo version can be downloaded from the official website; it will work for 30 days, after which it will require activation. Once the distribution is on your computer, you will need to run it.

After launch you will see the following window:

When you click the “Install” button, the next tab will open with a license agreement, which, as usual, you just need to accept. Next is another agreement, after which the actual installation of the program on the computer begins. It lasts about 15 minutes.

The program will run for quite a long time, analyzing the operating system and the state of the computer as a whole.

After this, Kaspersky Internet Security will require you to enter a license key. If you have it, enter and activate the program; if not, choose the trial version.

This is the last step, after which KIS 2015 will be installed on your computer. You will be taken to the main menu and will find that the antivirus databases are very outdated. This is due to the fact that the installation distribution contains a minimum set of information with the expectation of using the Internet to regularly update anti-virus databases. What you will need to do is click on update and wait.

Scan your computer

Before scanning, you need to make several settings so that it runs smoothly. To do this, go to the “Settings” menu item.

There we need the “Check” tab. The action to be taken when a threat is detected is set here. If you want to delete all infected files, select “Delete”, but it is much more effective to select the “Treat, incurable - delete” option. This way you will avoid losing most of your files and will be reliably protected from the threat. By the way, you can take action regarding threats yourself: select the “Inform” option and all decisions will have to be made manually.

Below you can define the action that will be performed when connecting removable media. A quick scan involves evaluating the boot sector, a full scan means checking all files. There are only 4 options: do not scan, quick and full scan, as well as a full scan of small media.

After this, you can start scanning. We return to the main menu and select the “Check” item.

A selection of verification options will open here. A full scan involves checking all directories on the computer and connected media. Quick scan analyzes important computer directories and shared objects, where viruses and malicious applications most often reside. Custom scanning allows you to analyze a specific directory where you think the virus may be located. Removable media scan gives the user a choice of media to scan, and the task manager displays all running scans.

Select the appropriate option and click “Run”. Now you just need to wait a little and you will see all the results.

Minor antivirus settings

To make the program work even more efficiently, you need to dig into the additional settings and set certain Kaspersky parameters that you need. To do this, go again to the “Settings” tab and change each of the items in order.

There are three checkboxes here that you can clear or check. Automatic execution of actions will give freedom to the antivirus, which will decide what to do with the files on its own. If you check the “Do not delete possibly infected objects” checkbox, then all detected viruses and malicious programs will be quarantined. With the “Autorun” item, everything is very clear: you determine whether Kaspersky will automatically start when Windows starts. Setting a password is necessary to prevent third-party interference in the antivirus settings.

In the “Protection” settings item, you can determine the protection levels of various Kaspersky functions and configure them at your discretion:

  • For file antivirus, you can select three threat levels, depending on the environment in which you work, and define an automatic action when a threat is detected.
  • Application Control allows you to limit the influence of third-party programs on your computer: you can exclude unsigned applications, define rules for programs, and automatically place new programs in a specific list.
  • Protection against network attacks allows you to block the aggressor’s computer for a certain period of time.
  • IM antivirus analyzes the traffic of pager programs for the presence of malicious links.
  • The mail and web antivirus settings are identical to the file antivirus settings.
  • You can restrict the operation of the webcam for all (or some programs) or set it to issue notifications when it is used by a program from the allowed list.

  • Firewall settings allow you to organize secure access to the local network and the Internet. You can turn on notifications about vulnerabilities that await everyone who connects to a Wi-Fi network. It is possible to disable/enable FTP, change the firewall shutdown time, and block network connections when the KIS-2015 program interface is not enabled.

  • Activity monitoring can eliminate the risk to your computer from malware. Here you need to enable exploit protection to stop all attempts to perform unauthorized actions. Moreover, you can configure an automatic decision when a threat is detected: the action can be either allowed or prohibited. Application activity control allows you to automatically remove a malicious program upon detection or terminate its operation in a given session. If the influence of the virus could not be stopped, it is possible to automatically perform a rollback and return to the previous state of the computer. And one of the most important points of this point is protection from screen blockers, programs that completely paralyze the computer.
  • The anti-spam function is responsible for blocking incoming messages containing spam.

  • “Anti-banner” works like an ad blocker, eliminating banners on web pages and applications with advertising. To check, you can use the list of Kaspersky Lab banners, which is updated regularly, and you can also add banners to the prohibited list manually.
  • A secure payment service is needed to avoid the possibility of losing personal data, which could be used by attackers to steal your money. When visiting the website of a bank or payment system, you can choose an action: launch or not launch the Protected Browser, data from which cannot be intercepted. If the transition is made upon request from the secure payments window, then you can select the default browser to perform such actions.

The “Performance” tab is responsible for setting up the functionality of the computer and the even distribution of its resources, which are often not enough and the entire system begins to lag heavily. Available functions include blocking scheduled tasks when the battery is running, which has a positive effect on computer performance, and the presence of a gaming profile in which notifications do not pop up and do not interfere with normal operation in full-screen mode.

Kaspersky Internet Security can cede resources to the operating system when the computer starts, leaving only the most important components enabled, as well as more important programs in situations where the load on the processor and hard drive is too high. At the same time, it is possible to perform tasks while the computer is idle, which allows you to optimize the use of resources. The search for rootkits is performed in real-time mode and has virtually no effect on the operation of the system.

The “Check” tab and all its capabilities were described above. It is only worth noting that it is possible to schedule a scan, which is necessary for regular analysis of the system and maintaining its security at the appropriate level.

The “Advanced” item provides access to additional settings. Their list is also quite wide:

  • in the update settings you can enable or disable automatic download and installation of updates;
  • Secure data entry blocks eavesdroppers, protecting the privacy of the information you type;
  • in the threat and exclusion settings, you can enable analysis of programs that are potentially dangerous to your computer (for example, needed for remote control), as well as configure active infection technology;

  • when self-defense is enabled, all attempts to change and delete antivirus files are blocked to ensure stable operation;
  • in the network settings it is possible to block some ports and configure the analysis of secure connections, as well as organize access to the proxy server;
  • The “Notifications” item allows you to select the types of messages that the antivirus will display to the user;
  • reporting and quarantine parameters limit the storage period of data and its maximum volume;
  • parameters for connecting to web services are needed to configure interaction between the user and Kaspersky Lab;
  • The “Appearance” item has only two sub-items: you can disable icon animation and configure a smooth transition between program windows.

The first step to safe travel through the vast expanses of various networks is, of course, installing a reliable means of protection. One of the few such tools is the comprehensive product Kaspersky Internet Security.

The first step to safe travel through the vast expanses of various networks is, of course, installing a reliable means of protection. One of the few such tools is the comprehensive product Kaspersky Internet Security. Despite the fact that the KIS product is quite complex, immediately after installation it is ready to perform all the duties assigned to it. The need for additional settings is extremely rare, and this is a very big plus for developers. But it is necessary to understand that this opportunity is based on the sharp edge of compromise solutions. Let's look at what they are using the example of a firewall.

Firewall settings consist of two parts: program rules and package rules. Application rules can be used to allow or block specific programs or groups of programs from sending or receiving packets or establishing network connections. Packet rules allow or deny the establishment of incoming or outgoing connections, and the transmission or reception of packets.

Let's see what the rules for programs are.

All programs have four categories:

  1. Trusted - they are allowed to do everything without exception.
  2. Weak restrictions - the “action request” rule has been established, allowing the user to independently make a decision about the advisability of network communication between programs of this group.
  3. Strong restrictions - in terms of permission to work with the network, the same as weak ones.
  4. Not trusted - by default, these programs are prohibited from any network communication (humanly speaking, I feel very sorry for them).

By default, all programs from Microsoft, KIS itself and other programs from well-known manufacturers are placed in the “trusted” group by default. For the default settings, the choice is good, but personally I would not trust all programs, even from famous manufacturers, so completely.

How do programs fall into one group or another? It's not that simple here. The decision to place a particular program into one of four groups is made based on several criteria:

  1. Availability of information about the program in KSN (Kaspersky Security Network).
  2. The program has a digital signature (already tested).
  3. Heuristic analysis for unknown programs (something like fortune telling).
  4. Automatically place a program in a group pre-selected by the user.

All these options are located in the “Application Control” settings. By default, the first three options are installed, the use of which leads to a large number of “trusted” programs. The fourth option can be selected independently as an alternative to the first three.

Let's conduct an experiment. Let’s put some program (for example, the “Opera” browser) in the list of programs with weak restrictions and see how the “action request” rule works. For program rules to take effect, you must close and reopen the program for which the rules have been changed. If you now try to go to any website, no action request will occur, and the program will calmly establish a network connection. As it turns out, the “action request” rule only works if the “Select action automatically” option is unchecked in the main protection settings.

Another surprise awaits users of network utilities such as ping, tracert (if the “action request” rule is extended to trusted programs), putty (ssh client) and, possibly, the like. For them, KIS stubbornly refuses to display the action request screen. There can only be one way out - to set permissions for a specific program manually.

Before moving on to package rules, let me give you one piece of advice: create your own subgroups for each group of programs. For example: “Network utilities”, “Office programs”, “Internet programs”, etc. Firstly, you will always be able to quickly find the program you need, and secondly, you will be able to set rules for specific groups, instead of setting rules for individual programs.

Batch rules.

Packet rules define individual characteristics of packets: protocol, direction, local or remote port, network address. Batch rules can act as “allowing”, “denying” and “according to program rules”. The rules are scanned from top to bottom until an allowing or prohibiting rule is found based on a set of characteristics. If a rule for a package is not found, the default rule (the latest one) is applied. Usually in firewalls the last rule is to prohibit the reception and transmission of any packets, but for KIS this rule is permissive.

The action “according to program rules” is by its nature a “window” for the actual actions of program rules. This is convenient because you can determine the order in which rules are executed. For example, the program tries to send a packet to port 53 of the DNS server. If there is a packet rule with an action “according to program rules”, direction “outgoing”, remote port 53 (or not defined), and an allowing rule is set for the program to send a packet to port 53, then the packet will be sent if the program is prohibited from sending packets to port 53, then this packet will not be sent.

The scope of the rules covers a certain area: “any address” (all addresses), “subnet address” - here you can select the type of subnet “trusted”, “local” or “public”, and “addresses from the list” - specify IP addresses or domain names manually. The relationship of a specific subnet to “trusted”, “local” or “public” is set in the general firewall settings.

KIS packet rules, unlike most firewalls, are overloaded with a large number of directions: “inbound”, “inbound (stream)”, “outbound”, “outbound (stream)”, and “inbound/outbound”. Moreover, rules with some combinations of protocol and direction do not work. For example, an ICMP deny rule in combination with stream directions will not work, i.e. prohibited packets will pass through. For some reason, stream directions are applied to UDP packets, although the UDP protocol by its nature does not create a “stream” as such, unlike TCP.

Another, not entirely pleasant, point is that the packet rules do not have the ability to specify a reaction to a denial of an incoming packet: prohibit the reception of the packet with a notification to the party that sent it, or simply discard the packet. This is the so-called “invisibility” mode, which was previously present in the firewall.

Now let's turn to the rules themselves.

Rules 1 and 2 allow, according to program rules, to send DNS requests via TCP and UDP protocols. Of course, both rules are useful, but generally network programs such as email and browsers request website addresses through the system DNS service, for which the “svchost.exe” system program is responsible. In turn, the service itself uses very specific DNS server addresses, specified manually or via DHCP. DNS server addresses rarely change, so allowing DNS requests for the “svchost.exe” system service to be sent to fixed domain name servers would be sufficient.

Rule 3 allows programs to send email via TCP. Here, as well as for the first two rules, it would be enough to create a rule for a specific email program, indicating which port and server to send to.

Rule 4 allows any network activity for trusted networks. Be very careful when enabling this rule, do not accidentally confuse the network type. This rule effectively disables firewall functionality on trusted networks.

Rule 5 allows any network activity according to the rules of programs for local networks. Although this rule does not completely disable the firewall, it significantly weakens its control functions. According to the logic of rules 4 and 5, rules would need to be placed at the very top to prevent packets from being processed by rules 1 - 3 when the computer is on a trusted or local network.

Rule 6 prohibits remote control of a computer via the RDP protocol. Although the scope of the rule is “all addresses,” it actually only applies to “public networks.”

Rules 7 and 8 prohibit access from the network to the computer’s network services via the TCP and UDP protocols. In fact, the rule only applies to “public networks.”

Rules 9 and 10 allow everyone, without exception, to connect to a computer from any network, of course excluding services prohibited by rules 6 - 8. The rule applies only to programs with permitted network activity. But be very careful, network activity is allowed by default to almost all programs except untrusted ones.

Rules 11 - 13 allow the reception of incoming ICMP packets for all programs. These rules make no more sense than 1 - 3, because ICMP in the vast majority of cases is used by the ping and tracert programs.

Rule 14 prohibits the reception of all types of ICMP packets, of course, with the exception of those allowed by rules 11 - 13.

Rule 16 prohibits incoming ICMP v6 echo request. ICMP v6 is not needed in the vast majority of cases. It would be possible to ban it completely.

Rule 17 allows everything that is not expressly permitted or prohibited by the previous rules. Although this rule is not displayed on the screen, it is absolutely necessary to remember its existence.

The default KIS firewall settings are certainly good and are suitable for most home computer users, which is what this product is aimed at. But the flexibility and undemandingness of additional settings, which was mentioned at the beginning of the article, unfortunately is achieved at the expense of the security of the users themselves, making this very security very dependent on the human factor: the knowledge and error-free actions of the user himself.

It often happens that Kaspersky Anti-Virus, which is supposed to ensure the security of the local network, on the contrary, in every possible way interferes with access to network resources.

Therefore, here we will look at what to do if Kaspersky blocks the local network, and what settings are necessary if access to the computer is limited.

Before you begin diagnosing the problem, make sure that

  • - you have the latest version of the antivirus installed;
  • - The driver for the network card has been updated on the computer.

What to do if Kaspersky blocks the local network?

To check, you should temporarily disable the protection. To do this, right-click on the antivirus icon in the system tray and select “pause protection.”

It is also necessary to disable the Windows firewall - Kaspersky itself will perform the firewall task, assign statuses and monitor the network connection. If you leave the firewall enabled, the antivirus will periodically shut down the network.

You must immediately remember the name of the network and .

To do this, go to “Start” - “Control Panel” - “Network and Internet” - “Network and Sharing Center” - “Changing adapter settings” - “Local Area Connection” (default local network name - network card model: Realtek RTL8102E…, Atheros and others).

Setting up Kaspersky for local network:

1) open the main antivirus window;
2) at the bottom left click the settings sign (gear);
3) in the left column, click “protection”;
4) then in the right window - “firewall”;

5) at the bottom - the “network” button;
6) select your network (the name of which you remembered earlier)

Double-click the network properties and select the “trusted network” network type.
Then, if necessary, you can disable the NDIS filter driver (network speed will increase significantly). It is disabled in the local network settings and cannot be configured.

It is necessary to turn on and restart the computer with the local network turned on and a cable connected to the computer’s network card, because Kaspersky begins to conflict with the Computer Browser service.

You can also prohibit or restrict certain programs from accessing the local network. To do this, follow steps one through four and select “Configure application rules.”

There are four groups to choose from: trusted, weakly constrained, strongly constrained, and untrusted. Using the right mouse button, select the appropriate priority for the programs to run, then add new groups and programs. To do this, select:

1) details and rules
2) network rules
3) restrictions
4) reset parameters
5)remove from the list
6) open the program folder

By default, program rules are “inherited” from the installed program, but they can be changed to the necessary ones. To do this, right-click the desired program (or subgroup) and select the appropriate item in the menu.



Share with friends:
Related publications