This is a follow-up to this post.
I believe I have finally found a fix to the issue with KB944533 that breaks IE for some people running Kaspersky Internet Security (KIS).
So what I believe to be the scenario that triggers the problem is if you have KIS (perhaps limited to version 7 but this I do not know) installed but disable the firewall, you will run into the problems reported in this post. It is important to note the part about the firewall as that appears to be the problem.
An MS MVP said here:
Given other related threads here, I would not recommend attempting to disable the firewall in Kaspersky Internet Security in favor of using the Windows Firewall unless you can figure out how to completely disable the former. If you manage to do it, please let us know how.
I can now vouch for this – disabling KIS’s firewall causes problems!
The fix is simply to re-enable the firewall while you install the patch AND keep it enabled until at least the next time you run IE. When you do, KIS Firewall will open a prompt mentioning that the IE executable has been modified. Once you allow this, then voila – you’re done and you have this patch installed correctly and working. At this point you MIGHT be free to disable the KIS firewall again. Since installing the patch, I have yet to turn it off because I have been prompted 2-3 times with the dialog stating that the executable has been changed and I keep clicking on the allow option. I don’t plan to turn the firewall off again until after a few reboots of no prompts.
Bad Kaspersky! Obviously when I disable the firewall, it only disables parts of it. Bad! Bad! Bad! And I think it gets worse too, but I’ll wait a bit for that part.
What appears to me is going on here is that some portion of KIS is realizing that the executable has been modified. Because of this modification, I assume Kaspersky is intercepting DNS requests for whatever reason. Obviously the prompt to allow these sorts of DNS requests is isolated in the firewall, but also obvious is that the engine’s check for these DNS requests is NOT isolated to just the firewall. So this means that in order to allow these sorts of exceptions (i.e. make your system less secure in a sense), you must ENABLE the firewall! That makes absolutely no sense at all!
Now all of this has been a headache for me and many other people, but I think it gets worse. Reconsider everything that has gone on here and ignore the annoyance. Let me recap:
- IE’s executable gets modified.
- IE attempts to connect to the internet via domains and is blocked but when attempting by IP is not blocked
- KIS Firewall does the blocking because it realizes the executable has been changed
Now reconsider #2 and #3 together – the firewall blocks internet access to protect you, right? Nope! It only kinda partly blocks internet access. If the program is connecting via IP address, then the firewally lets it do anything it wants! So if somebody finds an exploit in IE to modify the executable so it sends all of your personal data to the internet, Kaspersky firewall does NOTHING to block that data transmission if it is sending it to an IP address, it only blocks it if it needs to resolve a domain name.
Bad Kaspersky! Go to your room and fix it!