Jump to content
jerald225

Firefox and SSL sertificates: Connection is encrypted with Kaspersky certificate?

Recommended Posts

Hello to all!

 

I had KIS 2016 and recently updated to KIS 17.

 

When I open an encrypted connection (firefox latest version- win 8.1 pro), e.g. (from a bank web site) it shows that the connection is encrypted but not with the bank's certificate (Symantec) but with : AO Kaspersky Lab.

 

The question is: is it as safe as the bank's certificate?

Why didn't this happen in KIS 16?

 

Thanks!

Share this post


Link to post

I noticed the same thing and it bothers me. I actually opened a support ticket in May 2016 (against KIS 2016) and the feedback I received is that it is how it works and the only way to prevent it is to disable scanning encrypted connections.

 

Unfortunately right now our product does not possess such an option. Even if all components that request ssl decoding will be turned off there are still random ssl requests from the engine left (feature implemented for security reasons).

The only things that might help are:

 

1) Completely disable encrypted connection scanning

2) Add *websitename.com* to the list of exclusions (KIS > settings > additional > threats and exclusions > manage exclusions > add > type in website address in "File or folder" field > Add)

 

None of those options sound as improvement in safety to me.

 

Now I am using KIS 2017 already and I just noticed something that seems to be a solution. Do this: remove the address from the Safe Money list, open a normal browser window, go to the bank site. IF you get a prompt to open this in secure browser accept the offer and let it remember your choice. Now the link created this way, even when you open it from Safe Money list, uses the original bank certificate. I tried this with several banks and it appears to work for each one of them. Unfortunately for me some of the institutions that I work with do not appear on the KIS list of banks, so I don't get that prompt in the regular browser. Creating those in Safe Money directly results in replacing their certificate with a certificate signed by Kaspersky.

 

If this solution works reliably, the only question remaining is how to add those particular sites to the list KIS consider worthy of their protection. If someone finds the way, let me know.

Share this post


Link to post

Another thing that works is to add to Safe Money the main web site from the bank and not the online banking site. So you open that one in Safe Money and ignore the certificate that is signed by Karspersky. Now when you click on whatever opens the online banking that usually opening the site with the original certificate from the bank. Not sure if this is a feature or a bug in the product, but it solves the problem for me, more than half of the time.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.