Jump to content
Jeff-22

Chrome self signed certificate, Cannot guarantee... ... [merged]

Recommended Posts

1 hour ago, Si said:

OK, so I know nothing about Chrome and nothing about AV but I took at look at Chrome and found this

1) Go here chrome://flags/#load-media-router-component-extension

2) Set this attribute to disable - Connect to Cast devices on all IP addresses (EDITED: wrong one --> correct one)

3) Click Relaunch Now

That worked for me. At least, this is the first time in two weeks I've left my PC for more than half an hour without a dozen of these things appearing

Ignore that, it's started again, it's just a pile of garbage.

Share this post


Link to post

hi , I am getting similar notifications..  but its >>> SSL connection with invalid certificate  .. all i can see listed is google chrome..  can someone help please ..

kaspesky.txt

Edited by c.samuel94@yahoo.com
attach file

Share this post


Link to post
10 hours ago, Ensign Garak said:

The response that I received to my support ticket was to first track Chromecast (which I don't have/use), and then to "Ignore" the Encrypted Connections scan.  This did not change a thing with respect to my specific "Invalid Certificate" issues that are occurring in both Win 10 and Win 7, but I am posting that information here in case it might help someone else:

In the meantime, I have created log files and have uploaded them to support.  I guess we will see where things go from here.

I got the same response to my ticket.  This doesn't work!  I also sent in more dumps to them. 

 

Would love to hear from Kaspersky in this thread for everyone on what is really being done or if they plan to do nothing.  Last I heard my ticket, data etc was being passed to Tier II support.

Edited by jjflash7

Share this post


Link to post

I am getting a constant and annoying certificate error with Google Chrome and Kaspersky Internet Security. Even when I try to continue for the next 30 minutes it often takes several tries to get it to go away.  I have no idea what site or Chrome extension is causing the issue as the only information I have is is the URL:  2bce0ecd-032d-41ea-81ed-72060c2baf09 but I assume it is an extension because I don't even have to load a website for it to pop up.

Kaspersky and Chrome (72.0.3626.119 (Official Build) (64-bit)) are up to date. I am running Windows 10 v1803 (OS Build 17134.590)

Does anyone know how I can work out which site is causing this. 

image.png.b1a84e2b719a78ec800db75127db3498.pngimage.png.4e800e43196ab14668b3bd1df9ec09bc.pngimage.png.c6b76aadde29317ae101671d2ba4875d.png

image.png

Edited by kh2
delete duplicate image

Share this post


Link to post
8 hours ago, Si said:

Ignore that, it's started again, it's just a pile of garbage.

Do not bother with Chrome Settings

I have tried them all a week ago. Nothing worked, that is why I did not posted nothing here about it. 

We can not do anything here, It is Kaspersky error in code somewhere and waiting for fix or changing AV is only solution. 

I have to say that I am one of the lucky ones here, I just get errors, and cast is messed up after that (no matter if I click "Disconnect" or "Ignore") but all other things are working. At least I am not getting  DC which needs restart like some ppl here reporting. Still, this is too much.

Also, if I exit Kaspersky and open Chrome 1st and then load KAV I can work until next Chrome restart, still this is too much 

Personally I just downloaded Malwarebyte 14 days trial with hope that it will be solved in those 2 weeks. 

Share this post


Link to post
Your message 
Feb 14 2019, 10:32:53 AM

A prompt for accepting self-signed SSL certificates appears when Chrome is utilized. See the thread here:

. As requested, a log including a restart is attached. Additional clients'' logs will be provided on request.

 Support response 
Feb 14 2019, 9:18:44 PM
I do apologize if you are getting a "Cannot guarantee authenticity" message and thank you for sending us the logs. There's nothing to worry, I'll do my best to help you out. Please clarify, does the message appears after starting Google Chrome or if Google Chrome is used as a Chromecast device for a separate TV streaming device or a Smart TV that with native support of Chromecast? I will wait for your response. Thank you and have a nice day!
 
Your message 
Feb 16 2019, 11:17:02 AM

My user name is XsiliconX. As the thread states, Chromecast is not involved. The messages appear when opening Chrome.

Support response 
Feb 18 2019, 7:01:52 AM
I apologize for the inconvenience and thank you for letting us know about this concern. Thank you for the response. Kindly follow the steps below. Open Kaspersky. Click on the gear icon in the lower left. Click on Additional on the left. Click on Network on the right. Under 'Encrypted connections scanning' there is an option that says 'On errors during encrypted connections scan:' followed by a drop-down menu. Click the drop down menu and select 'Ignore' from the menu. **Note: All this does is stop the pop-up from appearing. The product will now automatically terminate the connection to the website or application where the error occurred. If issue persists after doing the steps. Kindly connect to our Remote Access Team for us to gather GSI Reports. Kindly follow the steps below for you to connect to our remote access team. 1.) Open a browser and access: kas.pr/cfr and enter your name. 2.) As soon as you accept the remote access connection, you will receive a message explaining the End-User License Agreement (EULA). 3.) Accept the End User License Agreement. 4.) Run the software. Click “Run”. Thank you and have a great day.
 
Edited by XsiliconX

Share this post


Link to post

Their feigned lack of official awareness and direct response regarding this issue is astounding. For a company of this size, whose very reputation and core area of expertise is being ahead of the curve in regards to security, to just let something like this continue to manifest in hundreds / thousands of user environments is kind of unsettling.

I wonder who they're passing the buck onto; surely there must be some finger pointing going on behind the scenes. If only they'd throw us a bone and ACKNOWLEDGE they're aware and actively working on the problem, they'd save a lot of face. instead, I guess they're just content to lose it by the minute as more and more users give up in frustration with mod-suggested workarounds that don't work.

Edited by MrOwl

Share this post


Link to post
14 hours ago, kh2 said:

I am getting a constant and annoying certificate error with Google Chrome and Kaspersky Internet Security. Even when I try to continue for the next 30 minutes it often takes several tries to get it to go away.  I have no idea what site or Chrome extension is causing the issue as the only information I have is is the URL:  2bce0ecd-032d-41ea-81ed-72060c2baf09 but I assume it is an extension because I don't even have to load a website for it to pop up.

Kaspersky and Chrome (72.0.3626.119 (Official Build) (64-bit)) are up to date. I am running Windows 10 v1803 (OS Build 17134.590)

Does anyone know how I can work out which site is causing this. 

 

Hey Kh2,

Do you have a certificate [Certification Tab] (3rd tab) image please?

Note the "issued to" & "issued by" are identical & the dates from 21/2/19 to 23/2/19.

Are you able to look in Kaspersky application [Reports], export for the last 7 days,  do a search on that date period to see if Kaspersky application is reporting the issue via it's reports.

Cheers!

Share this post


Link to post

I have the same problem again and again. Do not have or use Chromecast! 

Share this post


Link to post
6 hours ago, Frabato said:

Do not bother with Chrome Settings

I have tried them all a week ago. Nothing worked, that is why I did not posted nothing here about it. 

We can not do anything here, It is Kaspersky error in code somewhere and waiting for fix or changing AV is only solution. 

I have to say that I am one of the lucky ones here, I just get errors, and cast is messed up after that (no matter if I click "Disconnect" or "Ignore") but all other things are working. At least I am not getting  DC which needs restart like some ppl here reporting. Still, this is too much.

Also, if I exit Kaspersky and open Chrome 1st and then load KAV I can work until next Chrome restart, still this is too much 

Personally I just downloaded Malwarebyte 14 days trial with hope that it will be solved in those 2 weeks. 

Agreed. And it shows a shocking level of incompetence when such a bug goes for weeks without resolution.

Share this post


Link to post
18 hours ago, K-SNAFU said:

Hey Kh2,

Do you have a certificate [Certification Tab] (3rd tab) image please?

Note the "issued to" & "issued by" are identical & the dates from 21/2/19 to 23/2/19.

Are you able to look in Kaspersky application [Reports], export for the last 7 days,  do a search on that date period to see if Kaspersky application is reporting the issue via it's reports.

Cheers!

image.png.f0b84be8c07845e0394b7c4973cbecfd.png

Here is the entry from the reports - I don't think there is any more info there. You can see I had to allow it 4 times to get past it.

image.png.af9992a14c3a3800c5e491b8ea40ff5f.png

Share this post


Link to post
17 hours ago, kh2 said:

 

Here is the entry from the reports - I don't think there is any more info there. You can see I had to allow it 4 times to get past it.

 

Hey Kh2,

Thank you:)!

I wasn't expecting "more" really just chking to see if the similarities mirrored others who've also been impacted. It does! I can see the multiple times you needed to action:huh: 

Also, (thinking aloud) wondering about the status of BR# 3214641:huh:?

Share this post


Link to post
On 2/19/2019 at 1:35 AM, roy-marquez said:

As Teke said,  I noticed that I did have the Kaspersky Protection extension installed--but it was not switched on  so I flipped the toggle on to enable the extension, this works fine for me too.

this worked for me too. ty    Ignore that, error after 10 mins!!!!!

Edited by Ray5on
did not work

Share this post


Link to post

Strangely I never get the error whilst browsing. I get one sometimes when I first start the browser, then only when I leave the browser alone for 10 mins+

Still very annoying, and so funny that when I got to a site with an ACTUAL invalid certificate, Kaspersky doesn't say a word!

Share this post


Link to post

The pop-ups that I've been getting lately (see attached) are apparently similar to those others have apparently encountered.  However, it's concerning to me that I can't tell what the URL is pointing to.  Solutions seem to be workarounds that basically allow connections to sites without scanning by making the sites "trusted", but I certainly wouldn't want to go that route with an unknown URL.  Can anyone help me figure out what's causing the issue in my case?  This URL doesn't seem to follow a standard format, from what I've found online so far.

KIS popup - self-signed certificate details.PNG

self-signed certificate.cer

KIS popup - self-signed certificate, unknown URL.PNG

Share this post


Link to post
Quote

Cannot guarantee authenticity of the domain to which encrypted connection is established

This warning is flashing up continually on my screen despite the fact that I am only looking at Google or Lloyds Bank or some such well established domain. This has only started recently but is getting very tedious. Can anyone tell me how to get rid of it permanently? Failing that I will just have to get rid of Kasperky.

Share this post


Link to post

Are you using the Chrome browser?  If so, you might want to follow this thread:  https://forum.kaspersky.com/index.php?/topic/408030-chrome-self-signed-certificate-cannot-guarantee-merged/

Share this post


Link to post
12 hours ago, captsteel said:

Solutions seem to be workarounds that basically allow connections to sites without scanning by making the sites "trusted", but I certainly wouldn't want to go that route with an unknown URL. 

Can anyone help me figure out what's causing the issue in my case?  This URL doesn't seem to follow a standard format, from what I've found online so far.

Hey Capsteel, 

The majority of "solutions" offered thus far are workarounds.

Your decision to not set Kaspersky software to "trust" an  unknown URL is wise.

Kaspersky have an open bug request, BR#3214641, status work in progress:( 

Share this post


Link to post

So let me get this straight.  I use my Computer to cast to my TV through a Chromecast 100% of the time that the TV is in use.  But now to do that, I need to turn off Encryption, which doesn't allow me to use Safe Money, which I use to browse and shop on Amazon, Ebay, Paypal, and all of my banking.  

 

So what Kaspersky is telling me is that it's time for a competitor?  Clearly they can not provide the protection I need, none of the workarounds sound even remotely safe.  So maybe someone can help me out, since I'm not too technical.  I pay for Total Security because.... I want Total Security.  

Share this post


Link to post

Stupid question: chrome try to establish a connection with self-signed cert on every device that can "cast" (chromecast, some smart tv, google home, ecc)....why not simply download the cert and add on windows cert ?

I try this simple solution adding all cert of device in my home and no more problem....

Share this post


Link to post
On 2/21/2019 at 11:44 AM, cyberspaceman said:

I've received a response (below) from Kaspersky support. The good news is that they are aware and it looks like they're working on a fix, but the short-term workarounds are unchanged:

 

In the latest versions of Chrome, the option to 'cast' your current browsing to a Chromecast device has been added. There is no setting to disable this. It seems that there is an issue with encrypted connection scanning of the Chromecast certificate, hence the notification.
Kaspersky lab developers are working on improving this
behavior with the new version of Chrome. In the meantime we have two suggestions. 

A. Click on 'Continue' on the 'Cannot guarantee authenticity' notification.

Or

B. Disable encrypted connection scanning for the specific network port that is used for 'casting' to a device. Before you proceed with this step please make sure that Chrome is running.

1. Open the Kaspersky main window. If the main window of Kaspersky application is not on your desktop, bring it up by double-clicking the Kaspersky desktop shortcut (icon) or by
double clicking on the Kaspersky icon in the bottom right corner of the screen.
2. Click on 'More Tools' -> 'My Network' -> 'Network Monitor'.
3. Click on 'Port' to sort the list by network port. Find port 8009 and take note of the 'External IP address' specified.
4. Click on the Gear icon in the bottom left corner of the Kaspersky window.
5. On the left
side menu select 'Additional'.
6. On the right side menu select 'Threats and Exclusions'.
7. Under 'Exclusions' click on 'Specify trusted applications'.
8. Click 'Add', in the list of programs find, select Chrome and click on 'Next'.
9. Check option 'Do not scan all traffic', click on it to change to 'Do not scan encrypted traffic', check
option 'Only for specified IP address:' and add the IP address from step 3 and 'Only for specified ports:' and add port 8009
8. Set 'Status' to 'Active' and click on 'Add'.

Both of the above workarounds are safe to use. I will keep your request open and get back to you as soon as I receive confirmation that the issue has been resolved.

Thank you. 

 Thanks for the info @cyberspaceman

 

It would be good if in the "Kaspersky - Exclusions for applications" window as a tactical fix Kaspersky could modify the field "Only for specified IP addresses" to include a network range, subnet or have a checkbox for "local network". E.g. 192.168.0.0 or 192.168.0.0/24  The solution provided in the above post is still not ideal. Those like me that have several devices that support Chromecast on their network will have several IP addresses to enter. These devices get their IP address via DHCP, so could change upon being rebooted or if the local DHCP server (Router) is rebooted or the lease expires. I would rather not assign static IP addresses.

Kaspsersky- Exclusions for application.jpg

Share this post


Link to post
On 2/23/2019 at 2:11 PM, Si said:

Strangely I never get the error whilst browsing. I get one sometimes when I first start the browser, then only when I leave the browser alone for 10 mins+

Still very annoying, and so funny that when I got to a site with an ACTUAL invalid certificate, Kaspersky doesn't say a word!

I  never got the error while using Chrome even when left for 1 hour.

Share this post


Link to post

I stand corrected, this did MASK the problem successfully.  Just make sure you select this Chrome app when performing the steps

image.png.3e2e20201e3fad5ae1fe703996540d75.png

 

 

"Hello ,

Thank you for patiently waiting.

Please also add port 8010 in addition to 8009:

Afterwards open Kaspersky settings - protection - application control - manage applications;
In the search field type "chrome";
Double click the Google Chrome application and go to "Exclusions"
Tick the "Do not scan all traffic" and select "Do not scan encrypted traffic";
Tick on "Only for specified ports" - 8009, 8010;
Click Save.

Restart PC and check the problem reproduction."

Edited by jjflash7

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.