[RESOLVED] ABE and Kaspersky URL Advisor
[RESOLVED] ABE and Kaspersky URL Advisor
Hi all,
I'm using Kaspersky Internet Security 16.0.0.614(a) and NoScript 2.6.9.34. When the ABE is active, Kaspersky URL Advisor doesn't work properly, The "buttons" indicating the the site reputation don't appear.
Here is the console entry:
[ABE] <LOCAL> Deny on {GET https://ff.kis.scr.kaspersky-labs.com... <<< https://www.google.com.br/search?q=kasp...}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
I'm sorry for my ignorance, but i'm not sure how to create a rule to make it work... If anyone can help me, i would really appreciate it.
I'm using Kaspersky Internet Security 16.0.0.614(a) and NoScript 2.6.9.34. When the ABE is active, Kaspersky URL Advisor doesn't work properly, The "buttons" indicating the the site reputation don't appear.
Here is the console entry:
[ABE] <LOCAL> Deny on {GET https://ff.kis.scr.kaspersky-labs.com... <<< https://www.google.com.br/search?q=kasp...}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
I'm sorry for my ignorance, but i'm not sure how to create a rule to make it work... If anyone can help me, i would really appreciate it.
Last edited by LuisFeps on Mon Aug 10, 2015 4:47 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: ABE and Kaspersky URL Advisor
Can you please do a reverse DNS lookup of ff.kis.scr.kaspersky-labs.com and post here the result? (I think open a Command Prompt & type nslookup followed by that domain)
To answer your question, *if* it's determined to be safe to add an exception for it, here's how it would be done:
go to NoScript Options > Adavnced > ABE, and add above the default SYSTEM rule
Note: At this point I have absolutely *no* idea how dangerous that is! So please don't add exception just yet, I think we all need some more information before deciding if it's safe.
To answer your question, *if* it's determined to be safe to add an exception for it, here's how it would be done:
go to NoScript Options > Adavnced > ABE, and add above the default SYSTEM rule
Code: Select all
Site https://ff.kis.scr.kaspersky-labs.com/*
Accept
*Always* check the changelogs BEFORE updating that important software!
-
Re: ABE and Kaspersky URL Advisor
Thanks for your reply! I did it as you said. Here it is:
C:\>nslookup ff.kis.scr.kaspersky-labs.com
Server: Unknown
Adress:
***Unknown não encontrou ff.kis.scr.kaspersky-labs.com: No response from server
Note: "Unknown não encontrou" means "Unknown has not found"
C:\>nslookup ff.kis.scr.kaspersky-labs.com
Server: Unknown
Adress:
***Unknown não encontrou ff.kis.scr.kaspersky-labs.com: No response from server
Note: "Unknown não encontrou" means "Unknown has not found"
Last edited by LuisFeps on Mon Aug 10, 2015 3:26 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: ABE and Kaspersky URL Advisor
Argh, I know basically nothing about IPv6 addresses and haven't yet found any documentation that explains them in a way I find clear & understandable
Thanks for posting that though, hopefully someone else can advise you whether adding exception is safe/reasonable.
Oh, and let's move this to the ABE forum (didn't catch it was posted in NS Support when I made my prior post).
** EDIT **
If it happens always then never mind my edit, what I said before applies.
Thanks for posting that though, hopefully someone else can advise you whether adding exception is safe/reasonable.
Oh, and let's move this to the ABE forum (didn't catch it was posted in NS Support when I made my prior post).
** EDIT **
Wait... does this *always* happen? If not, if it only "sometimes" happens, this kind of thing could indicate that you're trying to use KIS when your computer/router is in the middle of a DHCP lease reset, and you don't have full Internet connectivity - see viewtopic.php?p=69123#p69123 for a better explanation.LuisFeps wrote:"Unknown has not found"
If it happens always then never mind my edit, what I said before applies.
*Always* check the changelogs BEFORE updating that important software!
-
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: ABE and Kaspersky URL Advisor
Unfortunately ff.kis.scr.kaspersky-labs.com basically resolves to localhost (it's probably a way for the URL advisor add-on to communicate with a locally installed Kaspersky executable).
You may want to insert the following rule in the beginning of the SYSTEM ruleset:
You may want to insert the following rule in the beginning of the SYSTEM ruleset:
Code: Select all
Site ff.kis.scr.kaspersky-labs.com
Accept GET from https://www.google.com.br
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: ABE and Kaspersky URL Advisor
Thank you all guys for the help!
Yes, it always happens.barbaz wrote: ** EDIT **Wait... does this *always* happen? If not, if it only "sometimes" happens, this kind of thing could indicate that you're trying to use KIS when your computer/router is in the middle of a DHCP lease reset, and you don't have full Internet connectivity - see viewtopic.php?p=69123#p69123 for a better explanation.LuisFeps wrote:"Unknown has not found"
If it happens always then never mind my edit, what I said before applies.
So, the IPv6 Adress above is mine? Sorry, I'm very noob...Giorgio Maone wrote:Unfortunately ff.kis.scr.kaspersky-labs.com basically resolves to localhost (it's probably a way for the URL advisor add-on to communicate with a locally installed Kaspersky executable).
Mozilla/5.0 (Windows NT 5.1; rv:39.0) Gecko/20100101 Firefox/39.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: ABE and Kaspersky URL Advisor
I don't know, butLuisFeps wrote: So, the IPv6 Adress above is mine? Sorry, I'm very noob...
Code: Select all
$ dig ff.kis.scr.kaspersky-labs.com
; <<>> DiG 9.9.6 <<>> ff.kis.scr.kaspersky-labs.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37921
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ff.kis.scr.kaspersky-labs.com. IN A
;; ANSWER SECTION:
ff.kis.scr.kaspersky-labs.com. 234 IN A 127.245.107.154
;; Query time: 32 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: lun ago 10 16:22:39 CEST 2015
;; MSG SIZE rcvd: 74
This alone suffices for ABE to consider it local, no matter if it resolves also to other (IPv4 or IPv6) addresses.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: ABE and Kaspersky URL Advisor
Giorgio, your rule is not working.
Am I doing it wrong?
barbaz, your rule works, but is it safe to use?
Am I doing it wrong?
barbaz, your rule works, but is it safe to use?
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: ABE and Kaspersky URL Advisor
Well, at this point it's pretty clear that address is a part of KIS (and likely just for KIS, not your whole machine), so it's probably safe to add exception.LuisFeps wrote:barbaz, your rule works, but is it safe to use?
Does my suggested exception work if you put Accept GET instead of just Accept? If so that's more safer.
*Always* check the changelogs BEFORE updating that important software!
-
Re: ABE and Kaspersky URL Advisor
There's probably some other (Google?) site getting involved. LuisFeps, can you post the Browser Console messages after applying Giorgio's rule?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: ABE and Kaspersky URL Advisor
No it doesn't. It only works if I put just Accept.barbaz wrote:Does my suggested exception work if you put Accept GET instead of just Accept? If so that's more safer.
Here it is:Thrawn wrote:There's probably some other (Google?) site getting involved. LuisFeps, can you post the Browser Console messages after applying Giorgio's rule?
[ABE] <LOCAL> Deny on {POST https://ff.kis.scr.kaspersky-labs.com/. ... categorize <<< https://www.google.com.br/search?q=uol& ... wATGhq-wDg - 11}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
https://www.google.com.br/search?q=uol& ... =kaspersky : Unable to run script because scripts are blocked internally.
[ABE] <LOCAL> Deny on {GET https://ff.kis.scr.kaspersky-labs.com/...9E1052A0EC <<< posting.php?mode=reply&f=23&t=21139 - 2}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
I cut off some parts of the URL's because they're too big.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: ABE and Kaspersky URL Advisor
So it needs POST as well as GET, so try Accept GET POST and see if that works?
Given this console message, I don't think it's possible to restrict sites to Accept from in this case, best that can be done is limit the methods to only what's needed.LuisFeps wrote:[ABE] <LOCAL> Deny on {GET https://ff.kis.scr.kaspersky-labs.com/...9E1052A0EC <<< https://forums.informaction.com/posting.php?mode=reply&f=23&t=21139 - 2}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
*Always* check the changelogs BEFORE updating that important software!
-
Re: ABE and Kaspersky URL Advisor
Yes! Now it's working. No messages with Google URL in the Browser Console.barbaz wrote:So it needs POST as well as GET, so try Accept GET POST and see if that works?
So it means, in this case, with that rule, the URL Advisor will only work with a Google search?barbaz wrote:Given this console message, I don't think it's possible to restrict sites to Accept from in this case, best that can be done is limit the methods to only what's needed.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: ABE and Kaspersky URL Advisor
If you only have "Accept GET POST", and *not* "Accept GET POST from [...]", then it's set up to work everywhere. If you want it to only work on specified sites, you would add a "from [...]" to your Accept rule as shown in Giorgio's example.LuisFeps wrote:So it means, in this case, with that rule, the URL Advisor will only work with a Google search?
*Always* check the changelogs BEFORE updating that important software!
-
Re: ABE and Kaspersky URL Advisor
Ok! Thank you very very much!barbaz wrote:If you only have "Accept GET POST", and *not* "Accept GET POST from [...]", then it's set up to work everywhere. If you want it to only work on specified sites, you would add a "from [...]" to your Accept rule as shown in Giorgio's example.
Thank you everyone for such great support!
You guys are the best!
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0