Kaspersky
Question

JavaScript injection breaks website. Adding the website to the exclusion list and safe list does not resolve the problem.

  • 17 September 2019
  • 23 replies
  • 7793 views

Hello,

Using Firefox 69.0 and Kaspersky 20.0.14.1085 (d) with default settings, the internet protection through javascript injection breaks an important website I use.

This is mostly but not always reproducible and started with Firefox 69.
If I disable the injection in Advanced > Network, it works perfectly.

Adding the website to the exclusion list and safe list in the internet protection did not solve the problem.

Is there a way to disable injection for a list of websites?

23 replies

Userlevel 7
Badge +9
Welcome. Disabling script injection is a global option.
That's too bad, it could be disabled by URL using the existing whitelists...
Userlevel 7
Badge +9

Please submit your suggestion to K-Lab Technical Support
https://center.kaspersky.com 

I don't believe disabling injection per site is the way to go - fixing the problem is. This hasn't been happening for me in KIS 19...
Userlevel 7
Badge +11
Is that so...is it really breaks/affect the domain or something...what is the point of aspects to be done toward this.
Hi @plumbersnearmee,
Welcome!
This MAP will help you.
Thanks.

Hello,

Using Firefox 69.0 and Kaspersky 20.0.14.1085 (d) with default settings, the internet protection through javascript injection breaks an important website I use.

This is mostly but not always reproducible and started with Firefox 69.
If I disable the injection in Advanced > Network, it works perfectly.

Adding the website to the exclusion list and safe list in the internet protection did not solve the problem.

Is there a way to disable injection for a list of websites?

 

Hello,

 

Late but for those who stumble on the same issue:

 

It’s not possible to control script injection other than with port exclusion. The “Additional / Network / Inject script into web traffic to interact with web pages” will *not* stop AV (currently 2020) from inserting scripts hosted on gc.kis.v2.scr.kaspersky-labs.com.

 

But you can use the “Monitor selected ports only” and remove ports 80, 443 (possibly 8080 if necessary), and select “Do not scan encrypted connections”.

 

It is unfortunate that this problem, reported since 2015 at least, is ignored by Kaspersky.

 

Good luck.

I have the same problem with my website , if someone can help me I would appreciate it
  

I have disabled script injection, rebooted, even exited the program.  The address still appears when connecting to sites:

ff.kis.v2.scr.kaspersky-labs.com

Any ideas?

 

Hello,

Using Firefox 69.0 and Kaspersky 20.0.14.1085 (d) with default settings, the internet protection through javascript injection breaks an important website I use.

This is mostly but not always reproducible and started with Firefox 69.
If I disable the injection in Advanced > Network, it works perfectly.

Adding the website to the exclusion list and safe list in the internet protection did not solve the problem.

Is there a way to disable injection for a list of websites?

 

Hello,

 

Late but for those who stumble on the same issue:

 

It’s not possible to control script injection other than with port exclusion. The “Additional / Network / Inject script into web traffic to interact with web pages” will *not* stop AV (currently 2020) from inserting scripts hosted on gc.kis.v2.scr.kaspersky-labs.com.

 

But you can use the “Monitor selected ports only” and remove ports 80, 443 (possibly 8080 if necessary), and select “Do not scan encrypted connections”.

 

It is unfortunate that this problem, reported since 2015 at least, is ignored by Kaspersky.

 

Good luck.


That makes sense because disabling script injection does not fix the issue.  I am glad someone has an idea of what is going on.  I think I will just unsubscribe, stop using kaspersky unless tech support is able to help out.  I will post followup if I find a solution.

How do I get support? I am having the same problem as above. Thanks :hugging:

Userlevel 7
Badge +11

Hello @bromedium,

Welcome!

Go to Support for home products, select your Country, select Application Use, select from available options: Submit a request, Online Chat (not available all regions), Phone (not available all regions).

Thank you:pray_tone3:

Flood:whale:

Hello @bromedium,

Welcome!

Go to Support for home products, select your Country, select Application Use, select from available options: Submit a request, Online Chat (not available all regions), Phone (not available all regions).

Thank you:pray_tone3:

Flood:whale:

Thank you for guidance

Userlevel 7
Badge +11

Hello @bromedium,

You’re very welcome!

  • When Kaspersky Technical Support provide you with a solution, would you be kind enough to share it (here) with us please? 

Thank you:pray_tone3:

Flood:whale:

As a web developer I would like to have this feature too, because It’s odd to get flawed results from 3rd party payload while running performance tests or debugging/profiling.

KIS is even injecting its CSS/JS into websites that are running on localhost with no possibility to exlude a certain URL from this behaviour. The current workaround is to disable the injection completely, explicitely blocking the URLs within the dev-tools/when running Lighthouse CLI or by running the web server on a port that isn’t monitored.

As a user I would expect that if I add the domain to the exclusions list (within the extended → network settings) that this prevents it from injecting the payload.

 

Lighthouse results with injected CSS/JS

 

Lighthouse results without injected CSS/JS

 

It would be nice to see any changes in this regard.

Userlevel 7
Badge +11

Hello @Woolong551,

Welcome!

  • After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will communicate with you, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
  • Please share the outcome with the Community when it’s available? 

Thank you:pray_tone3:

Flood:whale:

Hey, we are also facing the same problem with our website.Can u pls help us. 

If the website is part of a blocked category, an allow permission in the Exclusion List would allow the user to access the specific URL.

 

Moderation note : Pub url in signature removed

Userlevel 7
Badge +11

Hello,

Welcome!

  1. Please edit/remove the URL, it is  not necessary for us to provide assistance.
  2. The www is not “part of a blocked category”. 
  3. Show us an image of the problem please? 

Thank you:pray_tone3:

Flood:whale:

Userlevel 3
Badge

Hi

I have been having similar issues with a very important website I use and have had to resort to using another browser, however the other browser isn’t as easy to use and ease of use is very important.

This problem has been going on for approximately a year.

I have spent a very long time trying to find a solution but only a few others have mentioned having the same issue with the particular website, so it’s clearly not a problem with firefox or the website. These others have changed browser.

A couple of solutions have been mentioned but no instructions given on how to disable this injection. I have searched for Advanced - Network.. Nothing. Same with trying to close the ports as mentioned as another solution.

Can someone please post specific instructions on how to do this as I really need to access this website from firefox.

 

Thank you

Userlevel 7
Badge +11

Hello @LadyBeetle

Welcome back!

  1. Open the Kaspersky application, select Settings:gear: , select Network settings, in the Traffic processing section, uncheck Inject script into web traffic to interact with web pages → select Save to apply the change. 
  2. Monitor selected network ports only is shown in image 2 
  3. Do not scan encrypted connections is shown in image 3

     

     

     

     

  4. In the Kaspersky protection extension, does Private browsing, Allow data collection on this site help? 
  5. In the Kaspersky protection extension, does Anti-banner, Allow on this website help?
  6. May we know the site URL please, we’d like to test the issue? 

Please let us know? 

Thank you:pray_tone3:

Flood:whale:+:whale2:

Userlevel 3
Badge

Hi Flood and Flood’s Wife,

Hallelujah!!

Finally after many melt downs this website is now working perfectly again!!

So simple.

The thing is I didn’t even think of Kaspersky blocking it somehow!

Big Thanks again Flood!

Cheers LadyBeetle :beetle:

Userlevel 7
Badge +11

Hello @LadyBeetle

You’re so very welcome:relaxed: !

Please don’t suffer for so long next time:disappointed_relieved:

 We’re delighted the issue is fixed:cartwheel_tone3:

Cheers!

Flood:whale:+:whale2:

Userlevel 3
Badge

Trying so hard to work it out for myself!

LOL

:beetle:

Userlevel 3
Badge

You can use a trick to keep KIS from injecting its script from *specific* sites.

When the site is accessed via HTTPS (encrypted) then you can add the site to “Network Settings → Trusted Addresses”. You need to restart the browser and reload the page afterwards for the setting to take effect.

Unfortunately this exception list doesn’t work quite the way I would expect it to work. E.g. it will *not* disable script injection for “askmrrobot.com”, but it *will* disable script injection for “www.askmrrobot.com”. Looks like a bug to me, especially since I could make KIS hang with full CPU load using this dialog once (and even kill the KIS task then).

Reply