Kaspersky
Question

KSC Free v21.3 changelog clarification: "When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection."


Operating system: Windows 10 build 19042.804

Kaspersky Security Cloud Free v21.3.10.391

 

In the changelog for version 21.3 I saw this change:

"When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection."

 

I though that change meant that even if I turn off HTTPS traffic scan, https sites still would be verified by the Kaspersky Protection extension.

 

But that seems to not be the case because I did a couple of test(*1) with Https traffic scan disable + Kaspersky Protection extension enable and Kaspersky Security Cloud Free wasnt able to block any of the https sites.

*1 - I test against the Eicar tests(https://www.eicar.org/?page_id=3950) and some phishing sites from PhishTank.

 

So I would like to know what exactly that change means.

 

https://support.kaspersky.com/KSCloud/Win4.3/en-US/119653.htm


16 replies

Userlevel 7
Badge +9

Operating system: Windows 10 build 19042.804, Kaspersky Security Cloud Free v21.3.10.391

  1. In the changelog for version 21.3 I saw this change: "When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection." → 
  2. I though that change meant that even if I turn off HTTPS traffic scan, https sites still would be verified by the Kaspersky Protection extension. → 

But that seems to not be the case because I did a couple of test(*1) with Https traffic scan disable + Kaspersky Protection extension enable and Kaspersky Security Cloud Free wasn't able to block any of the https sites.
*A - I test against the Eicar tests (https://www.eicar.org/?page_id=3950)

*B - some phishing sites from PhishTank.

So I would like to know what exactly that change means.

https://support.kaspersky.com/KSCloud/Win4.3/en-US/119653.htm

Hello @razorfancy,

Welcome!

  1. KSC Free, Kaspersky protection extension, provides Kaspersky Onscreen Virtual keyboard only, all other aspects are managed by KSC Free application. 
  2. If KSC Free, Do not scan encrypted connections is activated, KSC Free does not verify the security of SSL connections.
  3. If Do not scan encrypted connections is activated, the “test” conditions are not valid. 
  4. Kaspersky Security Cloud package comparison shows the KSC Free features available.

Thank you:pray_tone3:

Flood:whale: +:whale2:

Operating system: Windows 10 build 19042.804, Kaspersky Security Cloud Free v21.3.10.391

  1. In the changelog for version 21.3 I saw this change: "When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection." → 
  2. I though that change meant that even if I turn off HTTPS traffic scan, https sites still would be verified by the Kaspersky Protection extension. → 

But that seems to not be the case because I did a couple of test(*1) with Https traffic scan disable + Kaspersky Protection extension enable and Kaspersky Security Cloud Free wasn't able to block any of the https sites.
*A - I test against the Eicar tests (https://www.eicar.org/?page_id=3950)

*B - some phishing sites from PhishTank.

So I would like to know what exactly that change means.

https://support.kaspersky.com/KSCloud/Win4.3/en-US/119653.htm

Hello @razorfancy,

Welcome!

  1. KSC Free, Kaspersky protection extension, provides Kaspersky Onscreen Virtual keyboard only, all other aspects are managed by KSC Free application. 
  2. If KSC Free, Do not scan encrypted connections is activated, KSC Free does not verify the security of SSL connections.
  3. If Do not scan encrypted connections is activated, the “test” conditions are not valid. 
  4. Kaspersky Security Cloud package comparison shows the KSC Free features available.

Thank you:pray_tone3:

Flood:whale: +:whale2:

So if it was the paid version of Kaspersky Security Cloud the Browser extension would have blocked the https sites even if the HTTPS traffic scan was off is that what you are telling me?

Userlevel 7
Badge +9

Hello @razorfancy

You’re welcome!

Your query was about “When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection

Web Anti-Virus will provide protection, if it’s enabled,. 

  • :question: Which browsers were tested? 

If your tests failed, make videos of the EICAR test file for checking Kaspersky applications' behavior tests & wicar tests & post back please? 

Please follow this process: 

  1. Perform the tests with KSCF features enabled, i.e. default. - make video(s)
  2. Exit browser. 
  3. Change Do not scan encrypted connections to enabled
  4. Exit KSCF, on the Windows Taskbar, rightclick the Kaspersky icon, select Exit
  5. Start KSCF
  6. Start browser
  7. Retest Eicar & Wicar → make videos & post back please? 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Hello @razorfancy

You’re welcome!

Your query was about “When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection

Web Anti-Virus will provide protection, if it’s enabled,. 

  • :question: Which browsers were tested? 

If your tests failed, make videos of the EICAR test file for checking Kaspersky applications' behavior tests & wicar tests & post back please? 

Please follow this process: 

  1. Perform the tests with KSCF features enabled, i.e. default. - make video(s)
  2. Exit browser. 
  3. Change Do not scan encrypted connections to enabled
  4. Exit KSCF, on the Windows Taskbar, rightclick the Kaspersky icon, select Exit
  5. Start KSCF
  6. Start browser
  7. Retest Eicar & Wicar → make videos & post back please? 

Thank you:pray_tone3:

Flood:whale: +:whale2:

I tested on Edge Chromium with Do not scan encrypted connections disable the HTTPS sites arent blocked even if I have the Kaspersky Browser Extension Enable:

 

Test(https://secure.eicar.org/eicar.com.txt) with Https Scan Enable:

https://imgur.com/UUJII6O

 

Test(https://secure.eicar.org/eicar.com.txt) with Https Scan Disable:

https://imgur.com/DAQowBa

 

So from what I get from the test I post the change(*1) made in the new version is not applied to the web filter I assume or I am completely miss understanding that change.

 

*1 - ““When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection””

 

So please tell in which situations is that change applied(*2)?

 

*2 - You can give me examples with Kaspersky Paid versions if its easier for you.

Edit for my  previous post: So from what I get from the test I post the change(*1) made in the new version is not applied to the Kaspersky browser extension changes I assume or I am completely miss understanding that change.

Userlevel 7
Badge +9

Hello @razorfancy

Kaspersky protection extension , in KSCF, offers Onscreen virtual keyboard only.  

Follow this process: 

  1. Exit all browsers.
  2. Reset KSCF to default. 
  3. Change Do not scan encrypted connections to enabled
  4. Reports & quarantine → clear, take a screen-print & post back? 
  5. Shutdown PC using Shutdown, not Restart, power on, login. 
  6. Make sure KSCF is active. 
  7. Run the wicar tests & video the result, post back? 
  8. Go to KSCF Reports:

[a] Save the Web Anti-Virus Report, attach to your reply?

[b] Save the System audit Report, attach to your reply?

Thank you:pray_tone3:

Flood:whale: +:whale2:

Hello @razorfancy

Kaspersky protection extension , in KSCF, offers Onscreen virtual keyboard only.  

Follow this process: 

  1. Exit all browsers.
  2. Reset KSCF to default. 
  3. Change Do not scan encrypted connections to enabled
  4. Reports & quarantine → clear, take a screen-print & post back? 
  5. Shutdown PC using Shutdown, not Restart, power on, login. 
  6. Make sure KSCF is active. 
  7. Run the wicar tests & video the result, post back? 
  8. Go to KSCF Reports:

[a] Save the Web Anti-Virus Report, attach to your reply?

[b] Save the System audit Report, attach to your reply?

Thank you:pray_tone3:

Flood:whale: +:whale2:

You are not tell me when that change(*1) is applied, if is not applied to the Free version give me a example for the paid version.

*1 - ““When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection””

 

Also tell me this: If I had the paid version of Kaspersky Security Cloud, the Kaspersky Browser Extension would be able to block HTTPS sites even if I have the Do not scan encrypted connections  option disable?

Edit for my  previous post: Also tell me this: If I had the paid version of Kaspersky Security Cloud, the Kaspersky Browser Extension would be able to block HTTPS sites even if I have the scan encrypted connections  option disable?

When Scan encrypted connections option is enable Kaspersky products always were able to block HTTPS, that also happens with the new version.

 

But with the change(*1) to how the Kaspersky Browser Extension works I though that HTTPS sites would be able to be blocked even If I had the Scan encrypted connections option disable but that seems to not be the case as I show you in the Screenshots links I posted before.

 

*1 - ““When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection””

 

So please just tell me a situation where that new change is applied in the Kaspersky Security Cloud Paid version for example.

 

Sorry for my english, its not the best.

Userlevel 7
Badge +9

Hello @razorfancy

Your English is fine, do not worry!

Please don’t keep repeating questions, we are not ignoring your topic. 

Allow us to explain:

  1. atm, we cannot (re)install KSCF to test, therefore, we need you to do the wicar tests & post the outcome images please? 
  2. If we have to (re)install KSCF, it will be later in the coming week. 
  3. We’ve already raised a query with the Kaspersky Technical experts. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Hello @razorfancy

Your English is fine, do not worry!

Please don’t keep repeating questions, we are not ignoring your topic. 

Allow us to explain:

  1. atm, we cannot (re)install KSCF to test, therefore, we need you to do the wicar tests & post the outcome images please? 
  2. If we have to (re)install KSCF, it will be later in the coming week. 
  3. We’ve already raised a query with the Kaspersky Technical experts. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

All the wicar tests are block both when  Scan encrypted connections  is enable and when is disable.

But against the Eicar tests the pages only are blocked when Scan encrypted connections  is Enable:

 

min 0:06 → I restore default settings

min 0:14 → I show that the option Scan encrypted connections upon request from protection components is Enable

min 0:26 → I show that Kaspersky Browser Extension is Enable

min 0:36 → I start the test with Scan encrypted connections upon request from protection components Enable

min 1:16 → This part of the test ended with all pages blocked

min 1:30 → I enable Do not scan encrypted connections option

min 1:47 → I show that Kaspersky Browser Extension is Enable

min 1:55 → I start the test with Do not scan encrypted connections option Enable

min 1:59 → The first file is block but only by the File Anti-Virus module

min 2:29 → This part of the test ended with zero pages blocked

 

 

Hello!

The feature should work for specific types of detects: phishing URL, dangerous URL. 

It is not recommended to disable SSL scan in product.

 

Userlevel 7
Badge +9

Hello @Anton Mefodys

@razorfancy is saying, with Do not scan encrypted connections enabled, the wicar tests  work, but, eicar tests fail

He’s provided the eicar tests video, only, (which appears to the support this), despite the fact we’ve requested the wicar video, images, more than once. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Hello @Anton Mefodys

@razorfancy is saying, with Do not scan encrypted connections enabled, the wicar tests  work, but, eicar tests fail

He’s provided the eicar tests video, only, (which appears to the support this), despite the fact we’ve requested the wicar video, images, more than once. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Which part of the wicar tests were blocked both when Scan encrypted connections is enable or when is disable you didnt understand?

 

The wicar test page:

 https://www.wicar.org/test-malware.html

 

The Screenshots I am posting are from this particular test(http://malware.wicar.org/data/eicar.com) but all the other wicar tests were also blocked both when Scan encrypted connections upon request from protection components is Enable or when Do not scan encrypted connections is Enable.

The Kaspersky Browser extension was always enable during both test situations.

 

I close the browser before changing the Scan encrypted connections option and only open the browser after save the change.

 

Scan encrypted connections upon request from protection components Enable:

https://imgur.com/xQkL5d8

 

Do not scan encrypted connections is Enable:

https://imgur.com/GKbmJIp

 

I removed the video I post previously because I notice it had my personal mail on it.

Hello!

The feature should work for specific types of detects: phishing URL, dangerous URL. 

It is not recommended to disable SSL scan in product.

 

When you said: “The feature should work for specific types of detects: phishing URL, dangerous URL.” were you talking about the this change that was in the changelog for the new KSC version?

When HTTPS traffic scan is off, Kaspersky Protection extension carries on the protection

 

If yes, then why was KSC Free unable to block the https://www.eicar.org/?page_id=3950 tests when Do not scan encrypted connections option is Enable.

 

If you werent talking about that then please give me example where that change in the new version is applied, you can give me examples with the paid version of Kaspersky Security Cloud.

Userlevel 7
Badge +9

@razorfancy

If Kaspersky Protection extension is not installed & or is disabled, and user disables HTTPS traffic scanning →  there will be no checking of URLs for encrypted connections, only HTTP connections will be checked. 

The eicar tests you ran were HTTPS. 

Thank you:pray_tone3:

Flood:whale: +:whale2:

Reply