Limitations in the Network Attack Blocker feature in Kaspersky Security for Virtualization 3.0 Light Agent

 

Kaspersky Security for Virtualization 3.0 | Light Agent

 
 
 

Limitations in the Network Attack Blocker feature in Kaspersky Security for Virtualization 3.0 Light Agent

Back to "General Info"
2019 Apr 03 ID: 12638
 
 
 
 
  1. The rules for applications’ network activity monitoring don’t take into account the filtering options set at the network layer:
    • Network adapter ID
    • The list of MAC Addresses of the local adapter
    • The list of the local MAC Addresses
    • The list of the deleted MAC Addresses
    • The type of an Ethernet-frame (IP, IPv6, ARP, etc)
    • TTL of an IP packet
    The co-usage of the network and application layers’ rules may block the network traffic at the application level, though it may be allowed at the network layer.
  2. Under to TCP and UDP protocols network activity isn’t blocked at the application layer, should the IP-address and the sender’s address coincide and the packet has been sent through a RAW socket.
  3. The firewall doesn’t run a check on the applications’ rules and allows network activity, if the packet was sent through a RAW-socket and the remote host’s address doesn’t matter.
    • for IPv4: 127.0.0.1 (**)
    • for IPv6: ::1
  4. The local address, to and from the data is transmitted, cannot be determined in following cases:
    • The local application initiated the network activity under the protocols TCP or UDP doesn’t specify the local IP address.
    • The local application initiated the network activity under the protocol ICMP.
    • The local application gets the inbound packet under the UDP protocol.
  5. The firewall doesn’t filter loopback-trafic at the network layer. The decision about loopback-packets is made at the application layer.
  6. Only the outbound ICMP_ECHO_REQUEST is supported upon the filtration of the network activity under the ICMP protocol.
  7. The filtration of inbound ICMP packets cannot be carried out at the application layer.
  8. The filtration according to the packet rules cannot be carried out at the application layer for the outbound network activity through RAW-socket.
  9. The packets filtered with the Network Attack Blocker feature aren’t subjected to the Firewall check.
  10. The filtration of the tunnel traffic according to the packet rules reruns for one packet as it progresses between the host’s tunnel interfaces.
 
 
 
 
Was this information helpful?
Yes No
Thank you
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK