# KAV 2014 Using Port 443 to Broadcast my Browsing



## yynxs (Apr 22, 2015)

I use Peerblock, Proxomitron, Hosts, to control access to the web sites and the web. My ISP is VFIOS with an Actiontec Router hardwired. I run Kaspersky AV 2014 and Malwarebytes Premium for malware protection. 

Although everything available in KAV is set to manual update, the product has long contacted about 20 cloud sites on a constant basis as I browse, presumably to better "protect". Since I feel my computer startup, logon to the web, browsing habits, sites visited are my own and the site I visit business, I've always blocked KAV access to those cloud addresses (along with Google, Facebook, Twitter, etc). Peerblock allows me to see the blocking as it occurs as I use the internet and open up connections to sites that fail because I've blocked google fonts or analytics so I can browse the site and go back to being private. 

Recently, after an update, I discovered a series of port 443 and 137 connections to sites in the range 62.128.100.0-62.128.100.199 that are not being blocked by Peerblock. Investigation reveals those IP addresses (in the Ukraine) are registered to Kaspersky, presumably safe but obviously not maintaining my privacy. 

I contacted Kaspersky and provided my system information using their analysis tool and asked why their antivirus was suddenly contacting the Ukraine on ports 443 and 137. Their advice was to uninstall and remove Sanboxie (service disabled in Services) and Malwarebytes as it "conflicts with KAV 2014". Since my trust level is now zero, I obviously will not do that. 

When this first occurred I ran every rootkit and system scanning tool I could download (Trendmicro, McAfee, etc.) and full deep scans by my registered Malwarebytes Premium to check and no malware, et al. found. I did multiple software shutdowns and checks using TCP_View and Peerblock to test various sites I normally visit and know for certain KAV 2014 is the culprit contacting Kaspersky registered sites in the Ukraine. When KAV 2014 is shut down, no contacts to Kaspersky cloud sites nor the 62.nnn.nnn.nnn sites occur with 25 web sites tested. They do occur when KAV 2014 is started. 

I first attempted some rule blocking using Peerblock. Failed. Next rule based blocking using Windows Firewall. Again failed. Believing I could not solve the problem on the desktop, I turned to the Actiontec router and created outgoing rules to that ISP range blocking port 443, 137, and then all ports and protocols. No joy. KAV 2014 continues to contact those Ukraine ranges in every instance except total blockage of all packets and loss of the internet. The only thing that keeps KAV 2014 from contacting those sites is shutdown of my Proxy filtering software Proxomitron which KAV 2014 is set to use as "manual proxy". This, of course, leaves me unable to use that software as a proxy for browser interactions with the web. 

I've done some searching on the web and found lots of advice on Port Forwarding but nothing that stops contact to a set range using 443/137 ports. The consensus is: "You need those for secure browsing." 

At this point I am looking for some professional advice on keeping KAV 2014 (or any autochecking software for that matter) from contacting a specific range of sites without explicit (hopefully easy to implement like Peerblock) permission. Failing that, the ability to completely block that web range against all port contacts through my VFIOS Actiontec router. 

Thank you for any help on this.


----------



## TheCyberMan (Jun 25, 2011)

Hi and welcome to TSF,

I would add deny rules to the Ukraine for https(443) and Netbios(137). Netbios could allow an attacker to map your system.

Lets see an log from the router please.

Malwarebytes premium may interfere with KAV if on the same computer as they both will do deep scans. turn off Malwarebytes real time(background scanner) and do a scan manually with malwarebytes after the scanner realtime scanner is disabled.

Turn off the Windows firewall if KAV is running a firewall both do deep scans.

Uninstall Peerblock it is to do with P2P. 

Run the uninstall tools for mcafee and trendmicro:

McAfee removal tool (MCPR.exe) 1.0 - Free Download

Uninstalling the Worry-Free Business Security (WFBS) Agent using the Uninstall Tool

Download Trend Micro Uninstaller ToolTech Support All

The Trendmicro I have provided two.

If still no improvement then see below.

If you are not a business you can post in our virus forum.
http://www.techsupportforum.com/for...-posting-for-malware-removal-help-305963.html


----------

