Jump to content
userWithProblem

ff.kis.scr, main.js javascript injection issue with Firefox

Recommended Posts

Welcome to the forum:

 

edit: merged, and add quote:

 

Hello all,

 

Kaspersky Lab would like to explain the injection of special script in web pages loaded in users’ browsers. This technology is going to replace the obsolete plugin technology in our consumer products launched or updated in 2015 and later on. The new protection technology adds a special script to a web page shown to the user, which does not send any data from the computer to third-party servers but works as a communication channel between the browser and our security solution. This interaction is performed in the form of sending requests to a special technical URL, which the browser interprets as addressing a remote server, however, instead of the remote server these special requests are handled by security solution, running locally. This means that no information leaves the computer via this script.

This technology is used by several components of Kaspersky Lab solutions for home users, including web antivirus, anti-phishing and Safe Money. As this technology was designed solely for the purpose of providing better protection, our products currently do not offer an option of disabling this script. However, our experts are currently working on modifications to the company’s solutions that will enable users to disable the script if they desire. This change may be included in forthcoming updates.

Edited by richbuff

Share this post


Link to post

same problems with main.js javascript injection, as mentionned here in other threads (with KIS 16.0.0.614) & Win

 

Please, make this feature so that the user can en-/disable it with 1 click.

It's really annoying and in some cases leading to false results while testing javascripts, AJAX among other things

 

I'm fine for years with KIS but, professionaly, I cannot work with this kind of injections (on localhosts or remote).

b.

 

edit: merged, and add quote:

 

Hello all,

 

Kaspersky Lab would like to explain the injection of special script in web pages loaded in users’ browsers. This technology is going to replace the obsolete plugin technology in our consumer products launched or updated in 2015 and later on. The new protection technology adds a special script to a web page shown to the user, which does not send any data from the computer to third-party servers but works as a communication channel between the browser and our security solution. This interaction is performed in the form of sending requests to a special technical URL, which the browser interprets as addressing a remote server, however, instead of the remote server these special requests are handled by security solution, running locally. This means that no information leaves the computer via this script.

This technology is used by several components of Kaspersky Lab solutions for home users, including web antivirus, anti-phishing and Safe Money. As this technology was designed solely for the purpose of providing better protection, our products currently do not offer an option of disabling this script. However, our experts are currently working on modifications to the company’s solutions that will enable users to disable the script if they desire. This change may be included in forthcoming updates.

Edited by richbuff

Share this post


Link to post

Hi,

 

The question of main.js injection has been raised before (and addressed by Kaspersky staff here: http://forum.kaspersky.com/index.php?showt...;#entry2464779) , but I have 2 more questions (or better, demands) regarding that answer:

 

- I want to disable this injection if I disable web antivirus, anti-phishing and Safe Money.

- I want to understand how Kaspersky checks my SSL connections, because I'm quite OK with KIS injecting main.js and checking my non-SSL connections, but I want to disable SSL check completely (banks, email etc.). I checked the certificate chain, but it seems untouched.

 

UPD: I have just managed to stop the main.js injection (at least the developer tools register no XHR requests):

 

- Disabled Private Browsing

- Disabled Anti-Banner

- Disabled Safe Money

- Deleted Kaspersky browser extensions

- Modified Web Anti-Virus settings

 

Changed parameters:

 

DxOZaQm.png

 

So far I'm pretty satisfied with the result, but I'm not sure if Kaspersky does something fishy to check my Thunderbird mail (it's also establishes a secure connection to IMAP servers).

 

After these actions, I still have questions:

 

Hello all,

 

Kaspersky Lab would like to explain the injection of special script in web pages loaded in users’ browsers. This technology is going to replace the obsolete plugin technology in our consumer products launched or updated in 2015 and later on. The new protection technology adds a special script to a web page shown to the user, which does not send any data from the computer to third-party servers but works as a communication channel between the browser and our security solution. This interaction is performed in the form of sending requests to a special technical URL, which the browser interprets as addressing a remote server, however, instead of the remote server these special requests are handled by security solution, running locally. This means that no information leaves the computer via this script.

This technology is used by several components of Kaspersky Lab solutions for home users, including web antivirus, anti-phishing and Safe Money. As this technology was designed solely for the purpose of providing better protection, our products currently do not offer an option of disabling this script. However, our experts are currently working on modifications to the company’s solutions that will enable users to disable the script if they desire. This change may be included in forthcoming updates.

 

I have highlighed the interesting points in bold. So, if the script injection is going to replace the plugin technology, how is it done? Because we all know that a technology can't add any scripts, it is done by a program (system) utilizing some technology (sorry for being a nerd, but I have some Linux kernel dev experience and your explanation seemed overly simplistic to me).

 

So, a tl;dr; version: what solution are your developers working on: to configure the browser extension not to inject DOM elements into the pages or your main engine not to intercept encrypted traffic?

 

Kind regards,

Andrew

 

P.S. I would like to ask you to keep this thread open and communicate your ongoing efforts clearly all the way until the release of the changes that "may be included in forthcoming updates".

 

=============

//edit: merged, and add quote, and add reply:

 

Hello all,

 

Kaspersky Lab would like to explain the injection of special script in web pages loaded in users’ browsers. This technology is going to replace the obsolete plugin technology in our consumer products launched or updated in 2015 and later on. The new protection technology adds a special script to a web page shown to the user, which does not send any data from the computer to third-party servers but works as a communication channel between the browser and our security solution. This interaction is performed in the form of sending requests to a special technical URL, which the browser interprets as addressing a remote server, however, instead of the remote server these special requests are handled by security solution, running locally. This means that no information leaves the computer via this script.

This technology is used by several components of Kaspersky Lab solutions for home users, including web antivirus, anti-phishing and Safe Money. As this technology was designed solely for the purpose of providing better protection, our products currently do not offer an option of disabling this script. However, our experts are currently working on modifications to the company’s solutions that will enable users to disable the script if they desire. This change may be included in forthcoming updates.

 

Welcome. "Communication of your ongoing efforts" is here: https://my.kaspersky.com/en/support/helpdesk

Share this post


Link to post

Welcome. Please see below quote:

Hello all,

 

Kaspersky Lab would like to explain the injection of special script in web pages loaded in users’ browsers. This technology is going to replace the obsolete plugin technology in our consumer products launched or updated in 2015 and later on. The new protection technology adds a special script to a web page shown to the user, which does not send any data from the computer to third-party servers but works as a communication channel between the browser and our security solution. This interaction is performed in the form of sending requests to a special technical URL, which the browser interprets as addressing a remote server, however, instead of the remote server these special requests are handled by security solution, running locally. This means that no information leaves the computer via this script.

This technology is used by several components of Kaspersky Lab solutions for home users, including web antivirus, anti-phishing and Safe Money. As this technology was designed solely for the purpose of providing better protection, our products currently do not offer an option of disabling this script. However, our experts are currently working on modifications to the company’s solutions that will enable users to disable the script if they desire. This change may be included in forthcoming updates.

Share this post


Link to post
Welcome. Please see below quote:

 

This script is the culprit blocking banners on my website. And yes, banner block is off. I spend so much time and money trying to PREVENT injection into code and now I am paying Kaspersky to do it?

 

What if someone hacks into your servers and plays around with the code that you are injecting? I cannot even imagine how many computers will be infected in the blink of an eye.

 

I have always been curious about Bitdefender. I will be dumping Kaspersky and moving to Bitdefender and recommending this to the people who use my website. Kaspersky is blocking my banners, my source of income.

 

Injecting code, for any reason, is a pretty ballsy move. Too many options out there other than Kaspersky

 

Share this post


Link to post

Since installing KIS version 2016 on two of my computers, I noticed a large number of requests to Kaspersky server in network tab of Chrome and Firefox console. The requests never end even if the page has loaded.

 

Has anyone else noticed the same thing? Please take a look at your network tab in developer console after loading some site, for example www.kaspersky.com. It's pretty obvious. This happens on my laptop and desktop with 16.0.0.614a.

 

This is a typical request:

Request URL:https://gc.kis.scr.kaspersky-labs.com/65FA126E-01AC-CB4E-B1FA-517C66730CF7/F7864D91-69B6-FC46-8C0E-F10C98FC9769/from
Request Method:GET
Status Code:200 Request has been forbidden by antivirus (from ServiceWorker)

 

Browser:

post-12210-1443043487_thumb.jpg

 

Share this post


Link to post

This script injection causing a lto of issues with my browser. If I have opened 100 tabs, it freezes my web activity. I also cannot work as web developer, because it is spamming my console. Kaspersky is going to unusable. Also explaining that this will replace plugin is very dangerous. This injection is using address ff.kis.scr.kaspersky-labs.com that is resolved by external DNS. If your DNS will be spoofed then all sensitive data can be send outside your computer (also banking sites).

 

Injecting anything to web site is very bad practice. Viruses and Trojans do so.

 

I'm sorry to say, but after 15 years of usage is time to change antivirus.

Edited by mszef

Share this post


Link to post

The last thread about this problem (http://forum.kaspersky.com/index.php?showtopic=316466) was closed, why?

I upgraded KAV two days ago to the 2016 version and i'm getting crazy with this.

 

1- It affects KAV as well

2- It happens even while the protection is paused

3- It happens even with the browser plugin disabled

4- It slows down my browser when i have a fair amount of tabs open, specially on imgur.

 

What the heck?

 

598rRsC.png

Share this post


Link to post

Because this issue is not forum resolvable, and because this issue is known, and because workarounds have already been posted, and because instructions to contact Tech Support have been posted.

 

If you have this issue, please simply contact Tech Support.

Share this post


Link to post

ff.kis.scr.kaspersky-labs - Slow!

 

I've recently installed Kaspersky and have noticed that EVERY time I browse to a new web page, Kaspersky seems to be intervening, and it takes a ridiculously long time to load each page. I appreciate this may be more secure, but I want to turn off this process as it's slowing up my work-flow way too much. Have had a look at the settings but can't figure out which of the options to disable. Any clues guys? Thanks.

Share this post


Link to post

I am working on a project in my localhost server. In console log I see kaspersky is sending infinity http requests. like :

 

-----------------------------------------------------------

main.js (line 27)

 

GET http://ff.kis.scr.kaspersky-labs.com/4434A...10B6816628/from

 

200 Request has been forbidden by antivirus

 

-----------------------------------------------------------

 

why it's showing ? how can i stop it ?

 

//Edit: Welcome. Merged. Please see below quote:

Hello all,

 

Kaspersky Lab would like to explain the injection of special script in web pages loaded in users’ browsers. This technology is going to replace the obsolete plugin technology in our consumer products launched or updated in 2015 and later on. The new protection technology adds a special script to a web page shown to the user, which does not send any data from the computer to third-party servers but works as a communication channel between the browser and our security solution. This interaction is performed in the form of sending requests to a special technical URL, which the browser interprets as addressing a remote server, however, instead of the remote server these special requests are handled by security solution, running locally. This means that no information leaves the computer via this script.

This technology is used by several components of Kaspersky Lab solutions for home users, including web antivirus, anti-phishing and Safe Money. As this technology was designed solely for the purpose of providing better protection, our products currently do not offer an option of disabling this script. However, our experts are currently working on modifications to the company’s solutions that will enable users to disable the script if they desire. This change may be included in forthcoming updates.

Edited by richbuff

Share this post


Link to post

Just wondering if this is normal. Not a huge issue but I have a weak PC and try to minimize the amount of activity going on with it. I've noticed, since I updated to 2k16 yesterday, there are 1 script and 3 XHR's from gc.kis.scr.kasperskylabs.com (I use uMatrix, which blocks scripts/frames etc unless I say it's ok).

 

I've disabled the "Kaspersky Protection" extension as I'm comfortable using WoT, uMatrix and my own judgement. The script/XHR's still attempt to load. Is the extension and attempted loading of the script/XHR's related? If I prevent the 4 items from loading will it cause any issues with anything else, or are they strictly for the Kaspersky Protection extension?

 

Thanks.

Share this post


Link to post

Addendum: The XHR's seem to be only on certain site. The one script is constant. I'm more concerned with the script. Thanks.

Share this post


Link to post

Hello

 

I noticed that Kaspersky Internet Security 2016 injects its javascript in every web page all the time.

Ok I understand that you protect my data bla bla ...

But why you change my data on every website in incognito mode with disabled Kaspersky Protection extension in Chrome?

I even disabled Private Browsing and Web Anti-Virus completely in settings but it didn't help KIS continues make xhr requests to your server all the time when I browsing sites in incognito mode.

 

I recorded a video to demonstrate this behavior https://db.tt/KTQSG0ph

Is this a bug? Or I should change something in settings?

 

Kaspersky Internet Security 2016 16.0.0.614(a)

Chrome Version 45.0.2454.101 m (64-bit)

Share this post


Link to post

Not sure if it matters, but I mispelled the address for the script. It's actually gc.kis.scr.kaspersky-labs.com I forgot the dash. Can anyone tell me where this script is coming from? It's almost every page. I've removed the Kaspersky protection extension, as well as disabled secure data input, yet it's still trying to load a script.

Share this post


Link to post

KAV is injecting javascript. I understand the reasons, but it is not OK. For one thing is messes up debugging of my site. It prevented functionality from working (and no I won't help you fix it. The fix is: Stop injecting crap into others sites) And frankly, if you take it upon yourself to modify my copyrighted site, I will have stop using your product. God knows what else your code might be up to. Come to think of it, I think I will stop using it right now. Angry doesn't begin to describe my feeling.. you have erased my trust in you. You did shady things, in secret.... in secret!

Share this post


Link to post

This is really annoying while debug web ajax traffic by Firebug or other developer tool.

 

I do search a lot but it not have a way to turn if off.

 

I see support say this need to inject a javascript to make antivirus work, WHY other antivirus company don't?

 

I use 2 license for my PC and Laptop. If this can't turn off, any one have any suggestion to other antivirus, I'm interesting in Bit Defender.

 

Thanks

Share this post


Link to post

You could install Privacy Badger, which you can configure to block it, or you could try adding the following to your hosts file:

 

 

# Special Entries
0.0.0.0    0.0.0.0        # fix for traceroute and netstat display anomaly
0.0.0.0    gc.kis.scr.kaspersky-labs.com    # Kaspersky anti-injection for Google Chrome
0.0.0.0    ff.kis.scr.kaspersky-labs.com    # Kaspersky anti-injection for Mozilla Firefox
0.0.0.0    ie.kis.scr.kaspersky-labs.com    # Kaspersky anti-injection for Internet Explorer

Edited by mattblack8

Share this post


Link to post

Welcome to the forum.

 

Upcoming build of 2016MR1 (being tested now) will let the user to disable this feature:

 

post-5997-1446540578_thumb.png

Share this post


Link to post
You could install Privacy Badger, which you can configure to block it, or you could try adding the following to your hosts file:

# Special Entries

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

0.0.0.0 gc.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Google Chrome

0.0.0.0 ff.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Mozilla Firefox

0.0.0.0 ie.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Internet Explorer

YES, I try and it not call ajax every second but script still inject into html code.

 

Why not have a way to completly turn it off???

Share this post


Link to post
Welcome to the forum.

 

Upcoming build of 2016MR1 (being tested now) will let the user to disable this feature:

 

post-5997-1446540578_thumb.png

 

Thanks , this awesome :)

Share this post


Link to post

>>Upcoming build of 2016MR1 (being tested now) will let the user to disable this feature:

 

Any update on this issue.. last post was from 11/3...

 

i'm on a trial version now, and this is a significant issue for us..

 

 

Share this post


Link to post

There is no update. Contact KL Tech support for more information via my.kaspersky.com as we are not privy on those details on the forums. The version will be released when ready.

Edited by Whizard

Share this post


Link to post

I know this is going to be merged with http://forum.kaspersky.com/index.php?showtopic=316466 which is closed but i have a question.

 

I was reading the last posts and noticed that harlan4096 informed us with a screenshot that the MR1 version of 2016 will have the option to disable the injection of the script.

This is good because lots of people actually don't want this but.. will the "bug" (i'm using quotes because some devs on the russian forum say it's not a bug and it's working as it should) be fixed? And i mean, the multiple injections per page that prevents them from fully loading and makes web developing a hell.

Am am currently using KAV 2015 because it works as it shoud: it injects one time per page.

Will the upcoming version only give the option to disable the injection? Will it still keep spamming nonstop for those who want it on (to take full advantage of the security they are paying) or will it be working fine like in older versions?

 

Am i wasting everyones time by posting this here and should be opening a ticket just to ask a simple question?

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.