appie

Hello Wesly.Zhang, It is not good to assume people are not having knowledge about technology. I do understand the way how encrypted traffic has to be terminated by the scanner to see what is inside before forwarding it. But the problem in this case is not that traffic is not allowed to be terminated, it is the way it seems to be impossible to configure Kaspersky to make a difference between traffic which has to be scanned and traffic which is not allowed. KTS gives an impression it can be configurated but is NOT. If you like I can explain to you how SSL inspection should work and how it should be possible to exclude traffic if needed. This has nothing to do with lack of knowledge of me (I was able to make a succesfull test showing the strange behaviour of KTS after) I can make a differentiation-diagnosis of the problem, I have a far above average deepgoing understanding of TCP-IP traffic including all protocols but I have absolute not a Clue anymore in how KTS is working today but it's behaviour makes me loose faith in it. And I don't think this is due to lack of knowledge at my side but like you stated yourself: "As for what you said about manual trust again and again, this is a problem of product design and the optimization of workflow logic, which I agree with you. " KTS is not a good stable product anymore and the behaviour is different every time. And I agree: there is a problem of product design. And I don't need to read articles about the way KTS should be working. I want it to work like it should. P.S. Yes, I can configure KTS to not scan encrypted traffic but like I mentioned before, the mainstream of traffic on internet today is encrypted so disabling it makes the webscanner of KTS obsolete.(And makes KTS obsolete)

Hello Schulte. Thank you for your reply. The website ripe.net is not in the exception-list and was scanned in MSEdge before I imported the certificate. After I imported the certificate in KTS it was not scanned in MS-Edge but it was still scanned in Chrome and Opera. So maybe Ripe.net should be in the list? I can not configure this list and I can not add it to list with scan-errors. When KTS is sometimes scanning and sometimes not and this is does not matter if it's in the exceptionlist or not how can I trust on KTS doing what it supposed to do. If I can not trust on Kaspersky Total Security it is degraded to Kaspersky Sometimes Security...and that's not a good thing. It's all about trust.

The problem with the certificates is even worse. The behaviour of KTS scanning secure connections is different for Edge/Chrome/Opera. When I open the site of ripe.net in MSedge browser it does not have the KTS personal root certificate in it's cert-path. When I parallel open ripe.net in chrome or opera KTS puts the Kaspersky personal root certificate in between. (all browser are reopened at the same time) On the right is Chrome-browser opening ripe.net. Left is Edge Browser opening ripe.net. No modifications on the browsers. Same moment, same root-certificate store and there is no different setting in KTS for Edge or Chrome (or is there a setting I have not found yet?) Why is the trusted certificate-list working in Edge for ripe.net and why is it not working in Opera or Chrome? Untrusty behaviour. Ripe.net is a worldwide organisation with valid certificates and used by internet people all over the world. This should be handled the same way every time.

I disagree the problem I solved is a very rare one case. Amazon.com is a very common website with valid certificates which should be accepted in any way they are imported in KTS and when they are imported and it would be "nice" when KTS is keeping it's promise that you will not be bothered again by KTS when you visit a site when its certificate is imported. Same for the not solved self-signed certificate problem: when Kaspersky is not scanning secure connections the self-signed certificate is valid in the browser. When KTS is scanning secure connections ths certificate is still mentioned valid in the browser but.....I get always the landing-page of KTS stating the site is Untrusty and I have to agree to go any further. And more annoying...when scanning secure connections...after some time I am thrown back to the warning-landing-page wher I have to agree again to go back to the site. Not very nice when you are adminstrating a device and in the middle of a configuration...you don't have to log in again (also strange) but you can start over with the configuration. After decenia of IT experience I am able to find solutions where I have the rights to adminstrate the products. KTS is not working right not giving the possabilities to administrate it in a good behaviour. Making it do were it should protecting me for: Denial of (many) Service(s)

Hello Wesley.Zhang, I don't know what you mean with The root certificates of amazon are allready in the root certificate store of Windows so these don't have to be installed again right? The self signed certificates were all installed in the windows system root certificate store. Windows was able to handle these....KTS ignores them. The solution I found for Amazon with the filenames is kind of strange. Windows is handling certificates by content not by filename. Why is KTS caring about filename?

I think I have solved the Certificate issue myself. The file-name of the saved certificate is kind of a big deal in KTS. I saved the certificate for www.amazon.com as "www.amazon.com" and it did NOT work in KTS as supposed. I saved the same certificate for www.amazon.com as "DigiCert Global CA G2" and it DID work in KTS as supposed. The 2 certificates are exact the same but only a different filename. On the left the filename www.amazon.com and on the right the filename "Digicert Global CA G2" Seems like KTS is not looking at contents of the imported certificate but only at the filename?

And when everything is entered...... Kaspersky Anti-Virus Personal Root Certificate is still in the connection-chain

Hi Wesly.Zhang, Thank you for your reply. I have tried adding self-signed certificates in many ways. But KTS completely ignores it. To test I have even tried an official Amazon certificate and adding amazon in many forms (amazon.com, www.amazon.com etc. because * is NOT accepted) in the trusted addresses. Secure banking and parental control are switched off. But even in this case the Kaspersky root certificate is placing itself between the amazon-certificate. When I switch off "encrypted connection scan" and restart the browser I get the page with the certificate-path of Amazon without the Kaspersky root Certificate. But when I turn on "encrypted connection scan" and restart the browser the Kaspersky root certificate has nested itself again between all encrypted connections. Is turning off "encrypted connection scan" the only way to make an encrypted connection with a known and trusted site without having KTS in between? Encrypted connections are the standard today also on untrusty sites so "encrypted connection scan" is highly preferable at most of the connections. But it's kind of strange it seems to be so extremely difficult (or even impossible) to setup KTS for not scanning trusted sites (where interference of KTS is unacceptable) btw: forum.kaspersky.com does not have the Kaspersky Anti-virus personal root certificate inbetween.... that stated forced setting works always withoud any questions:

Hi Flood and Flood's Wife. Thank you for your reply. I have uninstalled several times but windows will not allow me to manage firewall or other security options cause it is "managed by my organisation" (or some alike error-message) This has started since the first KTS install. Never get rid of it...not with help of the support...after all I installed KTS again because Windows Firewall and anti-malware did not function. A clean windows install should work but if that's the only way to get configuration rights back on windows it will be the end of the very long relationship between Kaspersky Security products and me. On this moment when I start uninstall KTS it starts and the progression-bar fills until almost the end and than...I waited for about 30 minutes without any change and stopped the uninstall. Afterwards KTS was fully functional. I think after cancelling uninstall it performed a complete rollback? Seems like uninstall is not working the way it should. Or is an uninstall of more than 30 minutes usual?

As you can see it does Not work in KTS21.3.10.391(i) latest updated version. Screenshot dutch but the same page as you used. The certificate issue is getting worse and worse....suddenly Kaspersky TS is getting me in some loop where I can say I want to go further to the "untrusty" selfsigned-certificate page but when I agree......I land on the first page where is stated the site has no valid certificate...... And it ignores completely when I add trusted Base-certificates of put the addresses in trusted domain I am about to delete Kaspersky, it is behaving unstable and not reliable. Every day it behaves different and I can not do my work anymore. Can someone please help me solve this problem or help me delete KTS (because that seems also impossible. Uninstall hangs and will not continue)? Thanks in advance

Also it is very annoying I have to connect my PC always online because otherwise KTS is complaining all the time it can not be updated..... I don't want to have my system always online so I changed update to weekly so I hoped it wouldn't complain every day and I could update by hand every day when Online. But still KTS is complaining with many messages in the windows sidebar. And KTS is sometimes restarting.......giving messages in windows the Securitysuite has switched off... I suspects KTS does this because it was unable to connect to the servers to update.... Why is the setting weekly update there if it is also ignored? But please correct me when i'm wrong...

Thank you Harlan4096 for your quick reply. But * and ? is not accepted

Same problem here. Tried everything. Also the trusted certificates part is totally ignored. Tried settings, rebooting.... everything..... sometimes it had accepted...but after some logon's to the trusted server...the "untrusted page" message is there again. (And that's without rebooting the system or any other changes) Seems KTS is ignoring every setting I make...