IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Traffic Monitor Untrusted Certificate Warnings
c3k
post 24.11.2010 15:29
Post #1


Advanced Member I
***

Group: Members
Posts: 84
Joined: 28.02.2009




I'm using KIS v11.0.1.400 (no other English version is available on the update page). I have several computers wired in a LAN behind a router. I also have a network printer. I get REPEATED warnings about traffic which involves my network printer, due to unauthenticated website certificates. I have NO idea why I get these warnings or what they mean.

Here's an example:
**************************************************
KIS 2011, Traffic Monitor

Cannot guarantee the security of the encrypted connection between Checkbook-V1-728x90[1].swf and 192.168.1.124 because it is impossible to check the website authentication certificate.

View the website certificate

Website address: 192.168.1.124 (192.168.1.124)

Do you truste the specified website?
**************************************************
Now, the bold Checkbook...swf item changes. Sometimes it is something in Chinese (I think) characters. Sometimes it's some other verbiage. I never know what they are, where they're coming from, or what they are trying to do.

The 192.168.1.124 is my network printer's fixed IP address on my LAN. Do I trust my printer/fax/scanner? Why wouldn't I?

Is it asking if the printer is trusted, or if the other place (Checkbook...swf) is trusted?

KIS works very well, but this has been going on for a few months. How do I stop these nuisances? Is there a danger to saying "Yes, accept the untrusted certificate"? If I "Deny certificate (recommended)" will I lose some sort of functionality?

If these are nuisance messages, how do I configure KIS to stop them?

Thanks,
Ken
Go to the top of the page
 
+Quote Post
Whizard
post 24.11.2010 17:04
Post #2


Professional
***************

Group: Moderators
Posts: 20710
Joined: 19.11.2005
From: Toronto/Canada




Disable SSL scanning.


--------------------
Networking and Security Guru
~^Whizard^~
Go to the top of the page
 
+Quote Post
c3k
post 24.11.2010 19:08
Post #3


Advanced Member I
***

Group: Members
Posts: 84
Joined: 28.02.2009




QUOTE(Whizard @ 24.11.2010 08:04) *
Disable SSL scanning.


Whizard,

Thank you for pointing me in this direction. Using what you wrote, I looked up SSL in the KIS Help file and found this:

*******************************************************************************
Scan encrypted connections

Connections using the Secure Sockets Layer (SSL) protocol protect data exchange channel on the Internet. The SSL protocol allows identifying the parties exchanging data using electronic certificates, encoding the data being transferred, and ensuring their integrity during the transfer.

The box enables / disables scanning of secure connections through installation of Kaspersky Lab certificate.

If the box is checked, Kaspersky Internet Security always uses the installed certificate of Kaspersky Lab to ensure that the connection is secure indeed. If Kaspersky Internet Security detects during connection to server an invalid certificate (e.g., when it is replaced with malicious intentions), the product will display a prompt suggesting to accept or reject the certificate or just view the information about the certificate. If Kaspersky Internet Security functions in automatic mode, it terminates the connection using an invalid certificate automatically without notification.

When you check the box for the first time, the Certificate Installation Wizard launches automatically.

If the box is unchecked, Kaspersky Internet Security does not scan SSL traffic.

This box is unchecked by default.

*******************************************************************************


If I disable SSL Scanning, does that open up some sort of vulnerability? If not, why am I getting these warnings? Who, or what, is trying to communicate to (or is it FROM) my network printer? Is my network printer somehow being used as a toehold to gain access to my LAN?

Thank you so much for your help!
Ken
Go to the top of the page
 
+Quote Post
c3k
post 1.12.2010 17:44
Post #4


Advanced Member I
***

Group: Members
Posts: 84
Joined: 28.02.2009




QUOTE(c3k @ 24.11.2010 10:08) *
If I disable SSL Scanning, does that open up some sort of vulnerability? If not, why am I getting these warnings? Who, or what, is trying to communicate to (or is it FROM) my network printer? Is my network printer somehow being used as a toehold to gain access to my LAN?

Thank you so much for your help!
Ken


Any help for the questions I posted above? If I disable SSL scanning, the warnings go away. Okay, if I disable KIS, ALL the warnings would go away, yet it's obvious that disabling KIS would open up vulnerabilities. That's why it's there. Why is SSL Scanning there? Why, when I'm not trying to print anything, am I getting so many certificate requests to/from my network printer?

Thanks.
Go to the top of the page
 
+Quote Post
Whizard
post 1.12.2010 18:34
Post #5


Professional
***************

Group: Moderators
Posts: 20710
Joined: 19.11.2005
From: Toronto/Canada




You are in no harm in switching it off. I am guessing its a "chatty" printer. Which model is that? Ensure you are running the latest Kaspersky 2011 build 400.

This post has been edited by Whizard: 1.12.2010 18:35


--------------------
Networking and Security Guru
~^Whizard^~
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 20.10.2014 15:19