Kaspersky
Question

JavaScript injection breaks website. Adding the website to the exclusion list and safe list does not resolve the problem.

  • 17 September 2019
  • 17 replies
  • 7170 views

Hello,

Using Firefox 69.0 and Kaspersky 20.0.14.1085 (d) with default settings, the internet protection through javascript injection breaks an important website I use.

This is mostly but not always reproducible and started with Firefox 69.
If I disable the injection in Advanced > Network, it works perfectly.

Adding the website to the exclusion list and safe list in the internet protection did not solve the problem.

Is there a way to disable injection for a list of websites?

17 replies

Userlevel 7
Badge +8
Welcome. Disabling script injection is a global option.
That's too bad, it could be disabled by URL using the existing whitelists...
Userlevel 7
Badge +8

Please submit your suggestion to K-Lab Technical Support
https://center.kaspersky.com 

I don't believe disabling injection per site is the way to go - fixing the problem is. This hasn't been happening for me in KIS 19...
Userlevel 7
Badge +9
Is that so...is it really breaks/affect the domain or something...what is the point of aspects to be done toward this.
Hi @plumbersnearmee,
Welcome!
This MAP will help you.
Thanks.

Hello,

Using Firefox 69.0 and Kaspersky 20.0.14.1085 (d) with default settings, the internet protection through javascript injection breaks an important website I use.

This is mostly but not always reproducible and started with Firefox 69.
If I disable the injection in Advanced > Network, it works perfectly.

Adding the website to the exclusion list and safe list in the internet protection did not solve the problem.

Is there a way to disable injection for a list of websites?

 

Hello,

 

Late but for those who stumble on the same issue:

 

It’s not possible to control script injection other than with port exclusion. The “Additional / Network / Inject script into web traffic to interact with web pages” will *not* stop AV (currently 2020) from inserting scripts hosted on gc.kis.v2.scr.kaspersky-labs.com.

 

But you can use the “Monitor selected ports only” and remove ports 80, 443 (possibly 8080 if necessary), and select “Do not scan encrypted connections”.

 

It is unfortunate that this problem, reported since 2015 at least, is ignored by Kaspersky.

 

Good luck.

I have the same problem with my website , if someone can help me I would appreciate it
  

I have disabled script injection, rebooted, even exited the program.  The address still appears when connecting to sites:

ff.kis.v2.scr.kaspersky-labs.com

Any ideas?

 

Hello,

Using Firefox 69.0 and Kaspersky 20.0.14.1085 (d) with default settings, the internet protection through javascript injection breaks an important website I use.

This is mostly but not always reproducible and started with Firefox 69.
If I disable the injection in Advanced > Network, it works perfectly.

Adding the website to the exclusion list and safe list in the internet protection did not solve the problem.

Is there a way to disable injection for a list of websites?

 

Hello,

 

Late but for those who stumble on the same issue:

 

It’s not possible to control script injection other than with port exclusion. The “Additional / Network / Inject script into web traffic to interact with web pages” will *not* stop AV (currently 2020) from inserting scripts hosted on gc.kis.v2.scr.kaspersky-labs.com.

 

But you can use the “Monitor selected ports only” and remove ports 80, 443 (possibly 8080 if necessary), and select “Do not scan encrypted connections”.

 

It is unfortunate that this problem, reported since 2015 at least, is ignored by Kaspersky.

 

Good luck.


That makes sense because disabling script injection does not fix the issue.  I am glad someone has an idea of what is going on.  I think I will just unsubscribe, stop using kaspersky unless tech support is able to help out.  I will post followup if I find a solution.

How do I get support? I am having the same problem as above. Thanks :hugging:

Userlevel 7
Badge +9

Hello @bromedium,

Welcome!

Go to Support for home products, select your Country, select Application Use, select from available options: Submit a request, Online Chat (not available all regions), Phone (not available all regions).

Thank you:pray_tone3:

Flood:whale:

Hello @bromedium,

Welcome!

Go to Support for home products, select your Country, select Application Use, select from available options: Submit a request, Online Chat (not available all regions), Phone (not available all regions).

Thank you:pray_tone3:

Flood:whale:

Thank you for guidance

Userlevel 7
Badge +9

Hello @bromedium,

You’re very welcome!

  • When Kaspersky Technical Support provide you with a solution, would you be kind enough to share it (here) with us please? 

Thank you:pray_tone3:

Flood:whale:

As a web developer I would like to have this feature too, because It’s odd to get flawed results from 3rd party payload while running performance tests or debugging/profiling.

KIS is even injecting its CSS/JS into websites that are running on localhost with no possibility to exlude a certain URL from this behaviour. The current workaround is to disable the injection completely, explicitely blocking the URLs within the dev-tools/when running Lighthouse CLI or by running the web server on a port that isn’t monitored.

As a user I would expect that if I add the domain to the exclusions list (within the extended → network settings) that this prevents it from injecting the payload.

 

Lighthouse results with injected CSS/JS

 

Lighthouse results without injected CSS/JS

 

It would be nice to see any changes in this regard.

Userlevel 7
Badge +9

Hello @Woolong551,

Welcome!

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will communicate with you, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
  • Please share the outcome with the Community when it’s available? 

Thank you:pray_tone3:

Flood:whale:

Hey, we are also facing the same problem with our website.Can u pls help us. 

If the website is part of a blocked category, an allow permission in the Exclusion List would allow the user to access the specific URL.

 

Moderation note : Pub url in signature removed

Userlevel 7
Badge +9

Hello,

Welcome!

  1. Please edit/remove the URL, it is  not necessary for us to provide assistance.
  2. The www is not “part of a blocked category”. 
  3. Show us an image of the problem please? 

Thank you:pray_tone3:

Flood:whale:

Reply