Jump to content
Jeff-22

Chrome self signed certificate, Cannot guarantee... ... [merged]

Recommended Posts

Salk,

Fyi:  Mefodys has provided the requested information.

Not entirely sure what your point is re using "free" Kaspersky, many of us are fully paid Kaspersky subscribers, makes no difference to the support service, Kaspersky does not discriminate.

Share this post


Link to post

Hello, 

Same problem here with "Chrome self signed certificate" on 3 windows PC. I applied the workaround to not scan port 8009 on chrome and it works.
I'm waiting for an official fix to support this chrome feature.

regards

Share this post


Link to post

I am one of the multitude who have this problem. It seems quite outrageous that such a serious issue has not yet generated a fix by Kaspersky. I looks to me that it's time to use a different security solution.

However

Not having read every post I'd like the following question answered. Does using "Edge" for the time being solve the issue? Or even, in desperation, Firefox?

Are Kaspersky anticipating a fix for this or are they relying on their customers to research and solve it? Which is a distressingly common policy these days.

Share this post


Link to post

I'm glad to see I am not alone!  And I am pretty frustrated at this point.  I've searched for two weeks trying to find out why this advisory has suddenly started appearing, and I consider myself lucky to have found this thread. </rant>

  • Could this also explain why I am now having trouble with casting to my TV? 
  • How long has this been an issue?  (Version, etc)
  • How soon will it be fixed? (Active/Analysis/Pending/Will-not-fix)
  • How can it be mitigated in the mean time?

 

Share this post


Link to post

Welcome. K-Lab is working on this issue , please see above Post from Mefodys

Share this post


Link to post

I'm yet another user with the same issue. 

It has been bugging me for days and I too am also waiting for Kaspersky to find a real fix.  I'm quite disappointed that there isn't one yet.

For the record I am using a fully paid version of Kaspersky....and have been since 2012.

 

Screenshot - 14_02_2019 , 7_50_38 AM.jpg

Share this post


Link to post

Are you running the latest version of Kaspersky? Bring forward the certificate details by pressing "View Certificate" and show us what you have.

This is just user forum, please open an official support ticket and KL know via my.kaspersky.com. The more reports the issue is going to be fixed.

Share this post


Link to post

 Hear is the solution that Kaspersky support sent me. Too soon to know if it fixed this issue but so far so good so, it looks promising. Safe money still seems to work after applying this fix so fingers crossed.

There was no listing of a port 8009 in my case so I followed the bottom 11 steps. 

Kaspersky Fix.pdf

Share this post


Link to post
1 hour ago, frazzle said:

 Hear is the solution that Kaspersky support sent me. Too soon to know if it fixed this issue but so far so good so, it looks promising. Safe money still seems to work after applying this fix so fingers crossed.

There was no listing of a port 8009 in my case so I followed the bottom 11 steps. 

Kaspersky Fix.pdf

This worked on the free version as well. 

However, is this SSL problem a bug or a real security  concern?

The fix simply stops KIS from scanning encrypted SSL connections, thus you don't get the notification, but as i see it, the connections are still taking place. Is there any potential security risk in letting this SSL connections go trough? 

Share this post


Link to post

As been mentioned before, it ONLY stops scanning SSL traffic on port 8009, and the internal IP adress YOU specify.

ALL other ports, IP adresses and devices are scanned as before !!

Share this post


Link to post

I'm having the same issue when using chrome for the past many days.  Very frustrating.

 

Shutting off scanning or blocking scanning of a particular related port is not an acceptable solution in my view.  it "covers up" the real problem.

 

I am not using chromecast... this is on my computer.  It seems to have started  when my license key updated. recently

 

 

Kasp-2019-02-14_1632.png

Kasp-2019-02-14_1632_001.png

Edited by jjflash7
add pictures

Share this post


Link to post

Following on from what several people have mentioned in here, i've had this same problem going on for a while now with this 'Cannot guarantee authenticity... certificate' dialog.  I managed to fix the problem using the following method.

I'm running Win 7 SP1 with KTS 19.0.0.1088

Closed off Chrome then opened up TCPView

Started Chrome and waited for all the Chrome connections to show up in TCPView, then copied the Chrome entries in TCPView into a spreadsheet and grouped the IP addresses so I can see what the outbound connections were.

Looked at all the LAN IP addresses and found an address in there that was for my Chromecast device which Chrome was connecting to on ports 8008 and 8009.

With Chrome left open, I rebooted Chromecast from my phone and within 6 seconds of Chromecast rebooting, the security dialog appeared.  Repeated this test 5 more times and each time same result so I knew this was the culprit.

The fix:

Kaspersky > More Tools > My Network > Network Monitor

Find Google Chrome parent item in the list, then right click 'Application Network Rules'

Click on Exclusions tab

Tick: 'Do not scan all traffic' and 'Only for specified ports'

Enter port range: 1-8007,8010-65535  (this will exclude ports 8008 and 8009)

Save and close Kaspersky settings.

Closed Chrome off, opened Chrome and rebooted Chromecast several times and problem has disappered.

I have a Win 10 machine on the network as well running the same version of KTS but it doesn't seem to have the above security issue.

Hope this helps someone!

Capture.PNG

Share this post


Link to post
14 minutes ago, XsiliconX said:

A) Not a fix, a workaround.
B) Some have no Chromecast.
C) That compromises security (from Jan-09-2019):  https://gizmodo.com/dual-upnp-chromecast-exploit-allows-hacker-to-hijack-de-1831446345 .
D) Etcetera: https://www.speedguide.net/port.php?port=8009

Yeah, point taken.  

I've disconnected my Chromecast from WiFi and got one of those UGreen LAN to Chromecast adaptors off ebay and UPnP is disabled on the network too so hopefully the first security issue you mention is mitigated to some degree.

Not sure about the other issue on port 8009 though and what problems that may present.

 

Share this post


Link to post

Hey,

last post if February 2016, any update on this topic???????????????? official fix? 

I have just started experiencing the exact same issue described in the first message. And I also get the notification with a problem of the self signed certificate google chrome uses.

Turning scan encrypted connections off works. I didn't test adding Chrome to Trusted Applications. Making the application which I use to access the dangerous internet seems like a very very bad idea to me.

Turning off  Kaspersky Lab 19.0.0.1088 (d) completely works too, but neither of those things is a solution to the problem!

 

Share this post


Link to post

I have also started to experience a total block of Chromecast activity. I have had problems before with the connection being dropped, and I now wonder whether those were due to Kaspersky intervention, but at the moment it does not work at all -- "No Cast destinations found". Please fix this!

 

Edit: I just tried the Chromecast option that appeared recently in Opera - and that still works fine!

Edited by PaulRW
more info

Share this post


Link to post

Good Morning,
since yesterday, Kaspersky ask me about this certificate (Found: SSL connection with invalid certificate; 0118cc8c-ab00-0a05-01a8-e33530ceb948; 0118cc8c-ab00-0a05-01a8-e33530ceb948; Self-signed certificate; Google Chrome; 02/16/2019 11: 08:10), without having any page open, only the searching page from duckduckgo is open.
I really dont know what to do.

Thanks for help,

greetings.

P.S.: Using kaspersky internet security 19.0.0.1088(d).

Topic can be closed ! Found the a answer on another thread!!! Sorry guys!

 

Edited by HulkHodn

Share this post


Link to post

So ... the solution still recommended by Kaspersky is "Do  not scan encrypted connections"...This doesn't work for me as a solution, it reduces protection.

Is this the best that Kaspersky can do? This issue has been out there for the last two months. I'm getting the same issue as everyone else .. I open up chrome, I go to the google home page, I don't have a chromecast connected anywhere, I get the error message all the time.

I suggest people simply install another product

Edited by GR
spelling

Share this post


Link to post

Yep,all of a sudden I am getting the same error and as the previous poster has pointed out I am not disabling the scan option.

Kaspersky error.JPG

Share this post


Link to post

"Seems" to be fixed now. I have 'blocked' Chromecast from my network I have in my living room TV and the pop-up hasn't happened since.

Share this post


Link to post

Not scanning ports is not a solution.  Stop saying it's a "fix".   It's nothing more than an out-of-site out-of-mind solution which leaves a security hole.

 

 

Kaspersky are there any updates on this issue?  It's becoming more widespread.  I see on the chrome forums that Chrome says it's a Kaspersky issue now.

 

mY TICKET NUMBER IS INC000010174467  i SENT REPORT

Edited by jjflash7
ADDED TROUBLE TICKET NUMBER

Share this post


Link to post

I have reported this too and now have a ticket number but not had a response as yet. I have been having the same issues now for 4 days. 

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.