Help - Search - Members
Full Version: Security Certificate Errors
Kaspersky Lab Forum > English User Forum > Protection for Home Users > Kaspersky Internet Security & Anti-Virus for Windows
biyahero
I am having a lot of trouble accessing many sites due to "security certificate errors".


I always get the following message in IE7 in the yellow bar at the top of the browser, accompanied by the popup box "Did you notice..." (the bar at the top with this message.

"To help protect your security, Internet Explorer has blocked this website from displaying content with security certificate errors. Click here for options."

The options are to "Display Blocked Content", "What's the Risk", and "More Information", which takes you to a help file which has some information about messages that appear in the yellow bar at the top of the browser, but not THAT message... other ones about Active-X controls, Popups, and the like... nothing about security certificate errors.

When this occurs, there is a red background to the URL of the page, and a smaller window in the address bar also with a red background which says "Certificate Errors" If I click on that box, and then on the "View Certificate" and add that certificate to the "Trusted Root Cerificate Store" to make it trusted, as it says to do in the dialog box I get when I view the certificate, I still get the message in IE7 and an endless cycle of the "Did you notice... " dialog box accompanied by the yellow bar at the top of the browser with the 'To help protect your security..." message.

Even if I add the site to the IE7 Trusted Sites Zone, it still does this. Previously with KIS 6 as I recall there would be a box popping up that would suggest you add the site to your trusted sites, but with IE7 this does not happen. I do notice that if I go to the Settings; Firewall; Trusted Sites, there is a checkbox under "Trusted Zone" (which is checked) which says Microsoft Internet Explorer security zones".. which it would seem should include all the sites listed in IE7's trusted sites in the KIS trusted sites without specifically adding them to there as well?

The only way I could successfully log on to Bank of America was to Exit KIS.
Then it worked fine, so I know that it is not a IE7 problem after all, since it does not happen if KIS is not running.

Is there a solution to this please?
Baz^^
Settings-Traffic Monitoring-"Do Not Check Encrypted Connections".

That will stop the security certificate errors.

It is happening because Kaspersky is using it's own certificate to check the traffic as it is coming into the computer and because IE does not "trust" the kaspersky certificate, it brings up a certificate error.

I don't use encrypted connection checking and haven't had any infections wink.gif
Bubba1
QUOTE(MAPKOBKA^^ @ 20.08.2007 07:39)
Settings-Traffic Monitoring-"Do Not Check Encrypted Connections".

That will stop the security certificate errors.

It is happening because Kaspersky is using it's own certificate to check the traffic as it is coming into the computer and because IE does not "trust" the kaspersky certificate, it brings up a certificate error.

I don't use encrypted connection checking and haven't had any infections wink.gif
[right][snapback]421829[/snapback][/right]

Yeah .. I've had the option to be asked selected for some time. Though, it's been a good while since I've allowed it, as numerous cert. messages are always generated. I keep thinking, maybe, for whatever reason, I just might want to scan an encrypted connection sometime .. so, for now, I haven't minded clicking "skip" much more often than "allow". smile.gif
drdos
QUOTE(biyahero @ 20.08.2007 07:34)
I am having a lot of trouble accessing many sites due to "security certificate errors".
I always get the following message in IE7 in the yellow bar at the top of the browser, accompanied by the popup box "Did you notice..." (the bar at the top with this message.

"To help protect your security, Internet Explorer has blocked this website from displaying content with security certificate errors.  Click here for options."

The options are to "Display Blocked Content", "What's the Risk", and "More Information", which takes you to a help file which has some information about messages that appear in the yellow bar at the top of the browser, but not THAT message... other ones about Active-X controls, Popups, and the like... nothing about security certificate errors.

When this occurs, there is a red background to the URL of the page, and a smaller window in the address bar also with a red background which says "Certificate Errors"  If I click on that box, and then on the "View Certificate" and add that certificate to the "Trusted Root Cerificate Store" to make it trusted, as it says to do in the dialog box I get when I view the certificate, I still get the message in IE7 and an endless cycle of the "Did you notice... " dialog box accompanied by the yellow bar at the top of the browser with the 'To help protect your security..." message.

Even if I add the site to the IE7 Trusted Sites Zone, it still does this.  Previously with KIS 6 as I recall there would be a box popping up that would suggest you add the site to your trusted sites, but with IE7 this does not happen.  I do notice that if I go to the Settings; Firewall; Trusted Sites, there is a checkbox under "Trusted Zone" (which is checked) which says Microsoft Internet Explorer security zones".. which it would seem should include all the sites listed in IE7's trusted sites in the KIS trusted sites without specifically adding them to there as well?

The only way I could successfully log on to Bank of America was to Exit KIS.
Then it worked fine, so I know that it is not a IE7 problem after all, since it does not happen if KIS is not running.

Is there a solution to this please?
[right][snapback]421825[/snapback][/right]

*****

biyahero,

Also, do a manual Windows Update, and in the Optional Software Section just below Critical Updates, download the ROOT CERTIFICATES Update.....this will update the Root Certificates for IE7.

-drdos
sjpschmid
So, will this be fixed in an update to KIS7, so that we won't have to turn off this checking of encrypted connections? Thank you.


QUOTE(MAPKOBKA^^ @ 20.08.2007 04:39)
Settings-Traffic Monitoring-"Do Not Check Encrypted Connections".

That will stop the security certificate errors.

It is happening because Kaspersky is using it's own certificate to check the traffic as it is coming into the computer and because IE does not "trust" the kaspersky certificate, it brings up a certificate error.

I don't use encrypted connection checking and haven't had any infections wink.gif
[right][snapback]421829[/snapback][/right]

Lucian Bara
there's nothing to fix here, as it's not a bug.
in order to scan encrypted connection kis has to intercept the certificate to decode the traffic. when it does that the certificate becomes invalid so the applications nag about it. there's nothing which can be done.

What you can do is disable only port 443, in settings>traffic monitoring>data ports. this way you can still have it enabled, for email clients for example (if you have ssl mail accounts)
Lucian Bara
no, that's only for popups, if you marked the sites as trusted, popups are opened on those sites, but it doesn't influence the certificate substitution and scanning process.
that's the only way (or marking the fake certificates as trusted in your browser), but there's really no flexible way to avoid certificate errors and scan encrypted connections.
sjpschmid
Thank you, Lucian.
So is it true then, that even though IE7 is telling you that you can "Display Blocked Content", there is actually no content being blocked, and you have access to the full content of the website it is warning about?


QUOTE(Lucian Bara @ 30.08.2007 01:20)
there's nothing to fix here, as it's not a bug.
in order to scan encrypted connection kis has to intercept the certificate to decode the traffic. when it does that the certificate becomes invalid so the applications nag about it. there's nothing which can be done.

What you can do is disable only port 443, in settings>traffic monitoring>data ports. this way you can still have it enabled, for email clients for example (if you have ssl mail accounts)
[right][snapback]427210[/snapback][/right]

Keith2468
This also happens with Windows Live and Outlook Express.

If I turn off the scan, it isn't a fix. It is disabling part of the protection. It is only a bypass. (Why would Kaspersky go to the expense of coding and testing the modules that provide the protection if they are pointless?)

Is there no way around it this message?

Couldn't Kaspersky use a certificate that was valid?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.