Update WFP driver: fix compatibility issues with KIS and ESET #1497

Closed
ameshkov opened this Issue Jan 16, 2017 · 12 comments

Projects

None yet

4 participants

@ameshkov
Member
ameshkov commented Jan 16, 2017 edited

It appears that the workaround with callouts order is no more required for both new versions of KIS and ESET. They've finally fixed async reinjection issue in their new drivers. Removing that workaround will also fix the issue with simultaneous HTTPS/SSL filtering.

So, here's what we should do:

  1. Update WFP driver;
  2. Disable KIS & ESET detection (and switching to TDI driver if detected);
  3. Test it with the latest versions of KIS and ESET, check that it works correctly now.
  4. Test WFP driver with older versions of KIS and ESET. We may still need to detect both AVs and react in the case if a user is on the older version.
@ameshkov ameshkov added the Network label Jan 16, 2017
@ameshkov ameshkov added this to the 6.1 R3 milestone Jan 16, 2017
@suhan3z suhan3z was assigned by ameshkov Jan 16, 2017
@BooBerry

This means that SSL scan needs to be disabled in KIS/ESET isn't required anymore, right? If so, awesome! What incompatibilities remain?

This also means you'd need to be using the latest versions of Kaspersky Internet Security 2017 or ESET Smart Security 10.

I might have to get a new KIS or ESET subscription. 👍

@ameshkov
Member

This means that SSL scan needs to be disabled in KIS/ESET isn't required anymore, right? If so, awesome!

Yeah, I hope so:) We'd better thoroughly test it.

What incompatibilities remain?

I guess Bitdefender and F-Secure

This also means you'd need to be using the latest versions of Kaspersky Internet Security 2017 or ESET Smart Security 10.

I hope that new driver may also come to older versions of KIS and ESET with updates. Not sure about it yet, though.

@ameshkov
Member

Seems to be working in case of KIS.

However, there's an issue with "Kaspersky Protection" browser extension, WFP driver breaks its communication with KIS:

Publish plugin API, hasToolbar = true
script.light.js:1401 WebSocket connection to 'wss://gc.kis.v2.scr.kaspersky-labs.com/D4F5A9B2-D21E-2942-AE6B-9026F6275995…nponjcgjgcnfacekaijdbbplhib%2Fbackground%2Fmain.html&nocache=1484676004760' failed: Error in connection establishment: net::ERR_NETWORK_ACCESS_DENIED
WebSocketWrapper.GetWebSocket @ script.light.js:1401
gc.kis.v2.scr.kaspersky-labs.com/D4F5A9B2-D21E-2942-AE6B-9026F6275995/init?…nfacekaijdbbplhib%2Fbackground%2Fmain.html&plugins=light_ext&nocache=1d52b Failed to load resource: net::ERR_NETWORK_ACCESS_DENIED 
@ameshkov
Member

@suhan3z to solve the issue with KIS we should add a rule so that gc.kis.v2.scr.kaspersky-labs.com domain was not affected by our driver at all.

185.85.13.155 is that domain IP.

@suhan3z
Member
suhan3z commented Jan 27, 2017

Done

@suhan3z suhan3z closed this Jan 27, 2017
@BooBerry
BooBerry commented Jan 27, 2017 edited

Looks like it's only fixed (in the case of KIS) in KIS 2017 (and likely above) according to this post of a user using KIS 2016:

https://forum.adguard.com/index.php?threads/adguard-for-windows-v6-1-298-r2.16860/#post-124318

Might be worth modifying the release notes to reflect you need KIS 2017/ESET 10 and above, if this is indeed the case or else it just brings confusion.

@suhan3z
Member
suhan3z commented Jan 30, 2017

@vozersky We need to check KIS 2016 with new beta

@ameshkov
Member

@suhan3z @vozersky you'd better use the newer build I've linked here: #1522

@ameshkov ameshkov reopened this Jan 30, 2017
@ameshkov
Member

Might be worth modifying the release notes to reflect you need KIS 2017/ESET 10 and above, if this is indeed the case or else it just brings confusion.

Moreover, we might need to update KIS/ESET detection and force using TDI in case if older versions are detected.

@sergerosenthaler

Malwarebytes 3.0.6.1469 and latest Adguard beta, WFP driver enabled. The web protection module from Malwarebytes won't activate automatically. Started it manually, no more browsing possible. Think this has to do with the updated WFP driver.

@ameshkov
Member
ameshkov commented Jan 30, 2017 edited

@sergerosenthaler was it ok in the current stable version of Adguard?

@sergerosenthaler

@ameshkov yes, Sophos Home (latest update), Malwarebytes 3.0.6.1469 and Adguard current stable worked in perfect harmony.

@ameshkov ameshkov closed this Feb 1, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment