Björn Pfander

Hello, we use jsf / primefaces for an application. the communication between server and client is done by ajax-requests and the response is a xml with cdata-content. since the end of december last year more and more customers complain that the application stop working. this happens in production environment only and it took a while to figure out the problem. If our customers have installed Kaspersky Internet Securitiy in some cases (not always) the server response get enhanced with leading javascript. <script type="text/javascript" src="https://ff.kis.v2.scr.kaspersky-labs.com/XYZ/main.js This causes the error. The workaround: ‘Settings->Additional->Network' and disable 'Inject script into web traffic to interact with web pages'. works. But I cannot recommend this to our customers, cause I don’t know the exact meaning of this option. Setup (as fare as we know) The Problem exists under the following circumstances OS: Windows 10 (Premium + Home), lastest Security-Updates Browser: Chrome (88.0.4324.96), Firefox (85.0), Edge (88.x) Kaspersky Internet Security: 20.0.14.1085 Question Whats wrong with the server-response? I mean, that happened never before. What else can we do to avoid this behavior? Any ideas and/or suggestions? greetings björn