Timur Born

Support suggested a different but more convoluted way to adding the exception: using application control to set exceptions to firefox.exe Needless to say that this is the least desired way of handing a simple certificate exception. So unless someone can think of another way it currently seems like KAV does not really want users to add exceptions for self-signed certificates other than via workarounds.

I reported this as bug. WebAV should not examine websites that are added to its list of trusted sites, regardless of encryption. Disallowing the decryption of said site is just a workaround. Thanks for pointing it out, though. ;)

Yes, thanks for the explanation. But the WebAV exception settings should work, too. WebAV: don’t scan trusted site 10.0.0.1 = WebAV does not scan unencrypted and/or encrypted site. Network: don’t decrypt trusted site 10.0.0.1 = WebAV does not scan encrypted site, but scans unencrypted site. This seems like a bug to me.

According to Reports the detection of self-signed certificates is part of “Web Anti-Virus”, so when I add my router to its trusted sites I expect its site not to be scanned at all (neither encrypted nor unencrypted).

The second list says to “not scan web traffic”, so its exception list should work even better than the Network Settings one.

This list seems to work: This list does not work: Could someone explain the difference and why the second list does not work?

I will try that. Why are there two lists?

Hello. KTS keeps warning me about my routers using self-signed certificates, so I tried to add them to the list of trusted URLs, but do not succeed making KTS trust the router’s site. I tried: <IP> <IP>/* https://<IP> https://<IP>/* How do I add my router to the list of trusted sites?

Does it help to put the search string into quotation marks, like “empire”?

Participating in the Beta seems to be free to everyone. So curious users can take a peek themselves.

I do not want to pass the survey and thus closed the window via the X button and it did not come back yet. Additionally I disabled all three (3!) options to show Kaspersky “information” and “offerings” messages, so maybe it will not come back now. Anti-malware should be less obtrusive with these things and not need paying customers to find the opt-outs somewhat hidden in the preferences. On a side-note: a range of 0 - 10 seems too detailed for such a black/white kind of question. I’d suggest using only 3 or 4 levels and to give them descriptive names instead of numbers.

I am also confused by the “Minimum file size” option. According to help: “ If this check box is cleared, Kaspersky Total Security provides access to compound files only after unpacking and scanning files, regardless of their size. “ This reads as if compound files larger than the default 8 mb should be blocked by KAV due to not being scanned if the “Minimum file size” option is disabled?! But in my tests the large PDF and Office files are neither scanned nor blocked. They are just opened unscanned with a log entry stating their size being too large.

When the Word docx file is opened in Word then KAV also does not scan its contents as decompressed temporary files. The file-access you see in this screenshot is AVP checking the file-size and then deciding not to process it due to large size. Same goes for the PDF files, because as with Word the files is only decompressed and processed in memory, but not to disk.

Here is the log-file showing that neither PDF nor MSO (docx) files are processed when opened in their respective applications. “Scan files in Microsoft Office Format” is enabled.

They sure are identified as archives, but I am not convinced that they are scanned upon access. On the contrary, they are explicitly listed as *not* being scanned due to size in the log when being opened by a PDF application (or via Explorer.exe double-click).