Jump to content
Jeff-22

Chrome self signed certificate, Cannot guarantee... ... [merged]

Recommended Posts

I too am having this issue.

 

No chromecast either - But I do have a Roku TV and Apple TV.

 

Hoping this is resolved soon. Very much a nuisance.

Share this post


Link to post

I'm not familiar with Apple TV, but if you can cast from Google Chrome directly to Apple TV, which I think you can, then that still makes sense. And I know you can cast to Roku. It isn't just Chromecast, it's any streaming device.  The new Google Chrome version will only cast to streaming devices over https.  That is where the self-signed certificates are coming from. Kaspersky by design is setup to flag any attempts to make a secure (https) connection using a self-signed cert.  And the problem is, that Google Chrome, even when not in use, is always scanning for nearby streaming devices. 

Share this post


Link to post
Just now, Brion said:

I'm not familiar with Apple TV, but if you can cast from Google Chrome directly to Apple TV, which I think you can, then that still makes sense. And I know you can cast to Roku. It isn't just Chromecast, it's any streaming device.  The new Google Chrome version will only cast to streaming devices over https.  That is where the self-signed certificates are coming from. Kaspersky by design is setup to flag any attempts to make a secure (https) connection using a self-signed cert.  And the problem is, that Google Chrome, even when not in use, is always scanning for nearby streaming devices. 

Matbe not... I have a Panasonic TV that I can cast  to that is still active. My problem went away when I powered down the Chromecast device.

Share this post


Link to post

My Samsung TV isn't causing issues either, but it appears as if all media streaming dongles are.  Maybe the TVs have a different type of cert that is trusted.  As soon as I set Kaspersky to ignore my Google Chromecast and Google Home IP addresses, it took care of the cert popups.

Share this post


Link to post
22 minutes ago, Brion said:

I'm not familiar with Apple TV, but if you can cast from Google Chrome directly to Apple TV, which I think you can, then that still makes sense. And I know you can cast to Roku. It isn't just Chromecast, it's any streaming device.  The new Google Chrome version will only cast to streaming devices over https.  That is where the self-signed certificates are coming from. Kaspersky by design is setup to flag any attempts to make a secure (https) connection using a self-signed cert.  And the problem is, that Google Chrome, even when not in use, is always scanning for nearby streaming devices. 

Makes sense. Sounds like a complex solution is in store.. I also use Google Home. I may just do what you just mentioned in last post and ignore the devices in Kasperky settings: can you tell me where you went to block the IP's? Or better yet, How you located and then blocked them?

Share this post


Link to post

You can either go into the Google Home app and click each device, click the gear at the top to go into the device settings, scroll to the bottom, and it will show the IP.  Or, you can log into your router and it will list all the devices and their IP addresses. 

Once I got the list of IPs, I went into Kaspersky > more tools > manage applications > application control > manage  applications > Google > Google Chrome > (right clicked and selected details and rules) > exclusions > checked do not scan traffic > checked only for specified IP addresses.  I included all my Chromecast and Google Home IP addresses, and then restarted my PC.

Share this post


Link to post

I am not computer illiterate! I actually do web design for a living! But you my friend are a great help and you're much appreciated! - I will use this temporary fix until Kaspersky (hopefully) resolves this issue!

In what ways, if any does this make me more susceptible to a security threat?

 

Share this post


Link to post

It should be safe, since you're only telling Kaspersky to ignore private IP addresses that are only accessible from inside your network. It still analyzes all external connections you make to websites. 

Share this post


Link to post
2 hours ago, Brion said:

You can either go into the Google Home app and click each device, click the gear at the top to go into the device settings, scroll to the bottom, and it will show the IP.  Or, you can log into your router and it will list all the devices and their IP addresses. 

Once I got the list of IPs, I went into Kaspersky > more tools > manage applications > application control > manage  applications > Google > Google Chrome > (right clicked and selected details and rules) > exclusions > checked do not scan traffic > checked only for specified IP addresses.  I included all my Chromecast and Google Home IP addresses, and then restarted my PC.

Dude...Thanks so much. This absolutely worked for me. I spent almost an hour troubleshooting why I couldn't cast to my Chromecast...I was certain I hadn't changed any settings. The google Chromecast troubleshoot guide helped narrow it down to KIS and after disabling KIS, I knew it was the culprit. Quick Google search brought me here. Thanks!!! Almost pulled my hair out. 

Share this post


Link to post

I made an "status of BR#3214641" enquiry, this is the response:

quote:

"Kaspersky Lab Technical Assistance,Tuesday, 26 February 2019 17:58

1. We log some issues that customers are experiencing as bugs before they're confirmed as bugs due to the way our bug tracking system works. However the "Cannot guarantee authenticity.." notification is not a bug. It is by-design behavior of our product that notifies customers about self-signed certificates.

2. This behavior doesn't affect devices' safety, it doesn't affect the way the product works, as this behavior is by-design, i.e correct.

3. Not every Chromecast user was affected by this issue. In case customers are affected by any issue, they can always get additional information about the issue by contacting support. There is no need to inform everyone about ongoing issues, because most of the people are not even affected by said issues and should not receive emails not specifically targeted to them."
unquote

:blink::huh::blink:Concerning on so many levels.

Edited by K-SNAFU

Share this post


Link to post
11 hours ago, K-SNAFU said:

I made an "status of BR#3214641" enquiry, this is the response:

... ... ... .... 

It's  a nuisance, but I'll try one of the last poster's fix to see if that'll work.

Share this post


Link to post

Yeah, I agree it's definitely a nuisance, but I had a feeling that was going to be the result.  Because even though we don't like the pop-ups, we want our anti-virus software to let us know if we are making some weird background connection to devices using self-signed certificates.  And the problem is, you can't tell by the certificates that it's a Chromecast connection, so there is really no good way (that I'm aware of) for Kaspersky to allow these certificates and still know to block malicious ones.   And Google isn't really doing anything wrong either, by forcing us to use HTTPS while casting.  It all kind of falls into a grey area where no one is really to blame, and there isn't an easy fix.  

On the bright side, the fix that I talked about in previous comments is still working, shouldn't create any vulnerabilities, and I've tested and can still Cast my Google Chrome to any of my Chromecast devices.  

Share this post


Link to post

Chromecast?

I'm experiencing the symptoms on one PC that has never even heard of Chromecast. And similarly on another laptop that has the Microsoft Display adaptor software (Chromecast related?).

As for Kaspersky just writing this problem off as "intentional", that's a joke even if the rationalisation is based on something valid. Unless they fix this problem via simple additional UI switch(es) or a documented Kaspersky-derived procedure (rather than expecting their victims to trawl through pages of well intentioned forum posts of uncertain validity) this will be the last time I renew the subscription - and I'm sure I'm not alone in this. 

There must be tens of thousands of people out here who haven't the slightest notion of what the alert actually means who are worried s4!tless about the possible security implications. Are they expected to simply dismiss the alert (endlessly)? In which case which other possible security alerts emanating from Kaspersky's software should also be ignored? All of them? Some of them?

A complete bl00dy mess. So much for the KGB/GRU/FSB's competence, assuming they ever had any.

Share this post


Link to post

@Brion, is there maybe also a workarround for users of Kaspersky Anti Virus (instead of Kaspersky Internet Security). I'm using Version 19.0.0.1088, it's NOT the free version!

I also get those messages, but I can't use your workarround, as these menu items don't exist in Anti Virus.

And I still have more then 550 days left in my license (for 3 devices), so it would be an absolute waste of money, if I would now have to purchase Internet Security...

Many thanks for all ideas in advance!

Share this post


Link to post
1 hour ago, totto973 said:

@Brion, is there maybe also a workarround for users of Kaspersky Anti Virus (instead of Kaspersky Internet Security). I'm using Version 19.0.0.1088, it's NOT the free version!

I also get those messages, but I can't use your workarround, as these menu items don't exist in Anti Virus.

And I still have more then 550 days left in my license (for 3 devices), so it would be an absolute waste of money, if I would now have to purchase Internet Security...

Many thanks for all ideas in advance!

Totto, don't bother buying KIS. We have KIS (for 3 computers too with more than a year left also) and its happening with KIS.

 

We have users of Kaspersky for many years.   This latest problem is irritating to say the least.  My husband has been onto Support and was given the 'workaround'.  Not going to renew our licenses, which also include paid app for 3 devices.

And for what its worth,  there would many thousands, like my hubby, who don't look at the forums when problems arise.  And vice versa, thousands who don't log an issue, but come to the forums.  So, Kaspersky's response that its not affecting many is, to me, typical geek speak.   Move along, nothing to see...

Kaspersky, I'm not happy, it's annoying, so fix it so that it stops happening. As an end-user, I don't care why its happening- Write some code to fix this!

Share this post


Link to post
2 hours ago, totto973 said:

@Brion, is there maybe also a workarround for users of Kaspersky Anti Virus (instead of Kaspersky Internet Security). I'm using Version 19.0.0.1088, it's NOT the free version!

I also get those messages, but I can't use your workarround, as these menu items don't exist in Anti Virus.

And I still have more then 550 days left in my license (for 3 devices), so it would be an absolute waste of money, if I would now have to purchase Internet Security...

Many thanks for all ideas in advance!

I'm sorry, but since I have KIS, I only know that workaround.  I am unable to get into the Anti Virus software to see how it's set up.  That being said, I would imagine there is some other way to get to application management and make similar changes, if you are having similar issues.  Just look at my instructions that I posted last night, and it might be able to point you in the right direction.  Sorry I am unable to help more than that.  Also, please don't listen to others that are complaining thinking that it is specifically Kaspersky's fault.  As I explained earlier, Kaspersky is flagging the cert issue because that is how it is designed.  If it was allowing something like that to happen in the background and wasn't notifying me, that is when I would be worried.  And not that Google is doing anything wrong by forcing a secure connection, but them using a self-signed cert to do so is what is causing the problem.  So sadly, we are stuck (hopefully temporarily) having to find a work around for this issue.  

Share this post


Link to post

More from Kaspersky:

quote

From: Kaspersky Lab Support, Sent: Wednesday, 27 February 2019 13:40

Although the issue is not really a bug, the developer team is trying to come up with a solution to deal with the Chromecast connections automatically so that minimal user intervention is required.

unquote

:blink::huh::blink:

I've "reminded" the lab: issue is also impacting Kaspersky Customers who don't have/use ChromeCast devices.
Edited by K-SNAFU

Share this post


Link to post
On 1/30/2019 at 7:46 PM, Jeff-22 said:

============================================================

The issue occurs due to a self-signed certificate connection. You can read more about the nature of certificate warnings here:
https://support.kaspersky.com/12489#block3

Temporary workaround:

1. Open main Kaspersky window - More tools - My network - Network monitor;
2. Sort the table by Port.
3. Find the port 8009 and note down the local IP address used by it (like 192.168.x.x). There can be several IP addresses.
4. Afterwards open Kaspersky Settings - Additional - Threat and exclusions - Specify trusted applications - Add - click on the search icon in the upper right corner - type Chrome - double click on Google Chrome below in search results;
5. Tick the "Do not scan all traffic" and select "Do not scan encrypted traffic";
6. Tick on "Only for specified IP addresses" - enter the IP address from step 3. 
7. Tick on "Only for specified ports" - 8009
8. Click Save.

Restart the product, restart Chrome and check the issue. 

If the issue remains, please check the following: in the exclusion settings for Google Chrome untick the option "Only for specified ports", restart the product, restart the browser and check again. If the issue is resolved with the option "Only for specified ports" disabled, this means a different from 8009 port is used.

If the issue persists please collect traces: https://support.kaspersky.com/us/14550#block1

- enable traces
- exit product via right click on the systray icon
- start product again
- restart Google Chrome to reproduce the issue
- stop tracing
- send the logs to technical support (https://help.kaspersky.com/KPC/1.0/en-US/101731.htm)

Additionally please send the incident number to Mefodys or Igor Kurzin.

To prevent this important content from being rapidly buried, this topic is temporarily closed for a few hours. In a few hours, this topic will be re-opened. 

//Re-opened. Please help prevent re-closing of this topic. Please post only new, important content. 

// // Two posts are off-line, so the important content can remain readily discoverable. 

// // // Two more attempts to bury the important post are now off line, topic temporarily closed, again, so the important content can be easily discovered by forum users. 

// // // // Re-opened, again.  Please help prevent re-closing of this topic. Please post only new, important content. 

Edited by richbuff

Share this post


Link to post
On 2/26/2019 at 3:40 PM, totto973 said:

Is there also a workaround for users of Kaspersky Anti Virus

Many thanks for all ideas in advance!

Hey totto973,  for KAV, Kaspersky recommended "WORKAROUND" steps are:

  • Open Settings ->Additional -> Threats and Exclusions -> Specify trusted applications
  • Search for and add: chrome.exe.
  • Path should be:  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  • Tick "Do not scan all traffic" 
  • Select "Do not scan encrypted traffic"
  • Tick "Only for specified ports" 
  • Add [port] 8009
  • Click Save.

 *see attached image.

Cheers!

=================================================================

NOTE:  Kaspersky advised they are:

quote "aware of the risks associated with not scanning port 8009 & are trying to fix this." unquote

==================================================================

Therefore, any user who chooses to implement the workaround does so with full awareness.

==================================================================.

 Friday, 1 March 2019 15:04, Kaspersky advised: 

 quote "The status of BR#3214641 still in pending" unquote

BR3214641-KAV-KASPERSKY-recommended-workaround.jpg

Share this post


Link to post

K-SNAFU Thanks a lot for your help! I did as you said, but still KAV comes up with the message. Only one or two times (instead of six or seven times before).

Any idea what it could be? I have 3 Google Homes (2 Minis and one normal), 1 JBL Link 500 with intergrated Google Home Assistand and one Chromecast Stick. Further more I am using Google Back up & sync.

Many thanks in advance!

Share this post


Link to post
Posted (edited)

addendum:

I helped myself by not scanning by port, I added all IP adresses of the Google Homes and Cromecast to the list.

Now I don't get the error message anymore.

Do I assume right, that the risk of this workaround is comprehensible?

Edited by totto973
typo

Share this post


Link to post
Posted (edited)
2 hours ago, totto973 said:

addendum:

 "I added all IP adresses of the Google Homes and Cromecast to the list."

Did you assign fixed IP addresses to all your devices ? If your network uses DHCP than these IP addresses will change the next time you restart your Router/PC/Devices and the fix won't work anymore.

Quote

 

 

Edited by alex5723

Share this post


Link to post

None of the fixes mentioned in the last 12 pages have helped with my machine. I`m currently using videos via a web service for an up coming test. While viewing I get the error message! This causes a negative with the service and is affecting my scoring. Because I am not willing to muck around with a service (shouldn't have to, plus its paid for!!), I made the decision earlier today to move to another security provider,  all for under £10. Hey presto no more problems. 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.