Timur Born

Support suggested a different but more convoluted way to adding the exception: using application control to set exceptions to firefox.exe Needless to say that this is the least desired way of handing a simple certificate exception. So unless someone can think of another way it currently seems like KAV does not really want users to add exceptions for self-signed certificates other than via workarounds.

I reported this as bug. WebAV should not examine websites that are added to its list of trusted sites, regardless of encryption. Disallowing the decryption of said site is just a workaround. Thanks for pointing it out, though. ;)

Yes, thanks for the explanation. But the WebAV exception settings should work, too. WebAV: don’t scan trusted site 10.0.0.1 = WebAV does not scan unencrypted and/or encrypted site. Network: don’t decrypt trusted site 10.0.0.1 = WebAV does not scan encrypted site, but scans unencrypted site. This seems like a bug to me.

According to Reports the detection of self-signed certificates is part of “Web Anti-Virus”, so when I add my router to its trusted sites I expect its site not to be scanned at all (neither encrypted nor unencrypted).

The second list says to “not scan web traffic”, so its exception list should work even better than the Network Settings one.

This list seems to work: This list does not work: Could someone explain the difference and why the second list does not work?

I will try that. Why are there two lists?

Hello. KTS keeps warning me about my routers using self-signed certificates, so I tried to add them to the list of trusted URLs, but do not succeed making KTS trust the router’s site. I tried: <IP> <IP>/* https://<IP> https://<IP>/* How do I add my router to the list of trusted sites?

Does it help to put the search string into quotation marks, like “empire”?

Participating in the Beta seems to be free to everyone. So curious users can take a peek themselves.

I do not want to pass the survey and thus closed the window via the X button and it did not come back yet. Additionally I disabled all three (3!) options to show Kaspersky “information” and “offerings” messages, so maybe it will not come back now. Anti-malware should be less obtrusive with these things and not need paying customers to find the opt-outs somewhat hidden in the preferences. On a side-note: a range of 0 - 10 seems too detailed for such a black/white kind of question. I’d suggest using only 3 or 4 levels and to give them descriptive names instead of numbers.

I am also confused by the “Minimum file size” option. According to help: “ If this check box is cleared, Kaspersky Total Security provides access to compound files only after unpacking and scanning files, regardless of their size. “ This reads as if compound files larger than the default 8 mb should be blocked by KAV due to not being scanned if the “Minimum file size” option is disabled?! But in my tests the large PDF and Office files are neither scanned nor blocked. They are just opened unscanned with a log entry stating their size being too large.

When the Word docx file is opened in Word then KAV also does not scan its contents as decompressed temporary files. The file-access you see in this screenshot is AVP checking the file-size and then deciding not to process it due to large size. Same goes for the PDF files, because as with Word the files is only decompressed and processed in memory, but not to disk.

Here is the log-file showing that neither PDF nor MSO (docx) files are processed when opened in their respective applications. “Scan files in Microsoft Office Format” is enabled.

They sure are identified as archives, but I am not convinced that they are scanned upon access. On the contrary, they are explicitly listed as *not* being scanned due to size in the log when being opened by a PDF application (or via Explorer.exe double-click).

PDF files are more or less postSCRIPT files, close to text files. They are not compressed. This is what the content of a PDF file looks like: ?xpacket begin=' ' id='W5M0MpCehiHzreSzNTczkc9d' ?> <x:xmpmeta xmlns:x='adobe:ns:meta/'> <rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'> <rdf:Description rdf:about='' xmlns:xmp="http://ns.adobe.com/xap/1.0/"><xmp:Identifier><rdf:Bag><rdf:li>16853155</rdf:li></rdf:Bag></xmp:Identifier></rdf:Description> <rdf:Description rdf:about='' xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"><xmpMM:VersionID>1234334</xmpMM:VersionID></rdf:Description> </rdf:RDF></x:xmpmeta>

So I assume that the MS Office files are then scanned when opened in an application (and thus unzipped by the application)? What about PDF files? Why are these identified as compound files and are they scanned once opened via PDF application?

Is it correct that KAV identified PDF and MS Office X files (docx, xlsx) as “compound files” which then fall under the maximum size restriction for being scanned (aka “not processed” due to size limit)? According to my own log files and someone on Reddit this is currently happening.

I deleted the Outlook profile and recreated it, thus initiating all IMAP folder being redownloaded anew. The following measurements were done *during* initial download of IMAP folders (aka first time download): Outlook add-in enabled (4.16% = 1 core maxed out, peaked at around 3%): Outlook add-in disabled (add-in thread marked gray): This seems to suggest that the add-in does check mails during transfer, not just already downloaded mail in the PST/OST files. I was rather surprised that without the add-in there was no AVP load at all, as if transferred mail wasn’t checked? CPU load only happened during the first transfer, even when I clicked on folders that were not populated by the first transfer and thus downloaded afterwards. No maxed out thread/core today, so I assume that KAV still uses its cached results despite me having deleted and recreated the Outlook profile (including the OST file being deleted when the profile was deleted)!? Downloading the “All Mails” folder after initial transfer does not cause AVP load (with or without add-in), despite this folder being the largest of them all (gb of data). Rebuilding the index from scratch doesn’t cause AVP load. So overall it seems that the add-in does create extra load, at one point even considerably more on a single CPU core. But once everything is settled it doesn’t seem to make (that) much of a difference.

CPU consumption is surprisingly hard to compare. When I first checked this back and forth the difference was between one CPU core being maxed out with add-in vs. not being maxed out (peaking at maybe 70%). But last time I did an IMAP transfer without add-in the core was maxed out anyway, just like before with add-in. And in both cases it kept being loaded for some time. Just now I did the first Outlook IMAP transfer of the day with and without add-in and AVP load was hardly measurable at all, like close to zero. I think the initially high load and measured differences were caused by Windows search indexing going through all mail (as in being “accessed” for indexing). That is because I specifically set up Outlook for the first time on this installation for testing KAV. I will keep an eye on this, now knowing the difference between both settings. Currently I initiated Gmails “All E-Mails” folder being downloaded (does not happen automatically when Gmail is set up in Outlook). So let’s see what happens with indexing and KAV load once that is finished.

Hello everyone, how do I get rid of these and why does my antispam application spam me with an unwanted popup that is not part of its functionality?

Hi @Igor Kurzin , thanks for the explanation. Does the add-in check the files every time Outlook is started or new mail is transferred and is the whole file checked every time? These files easily grow into several gigabytes size, so I imagine this to cause quite some load (which seems single-threaded/core only).

I just switched from a KIS trial (no “Do not remind again” option) to a full 2 year KTS licence. Right afterwards the popup to sign in to the Kaspersky account appeared and it *did* have the third option to not being reminded again

Hello. I noticed the following while testing KIS with Outlook: There is an option called “Connect Microsoft Extension” (default enabled) and there is a corresponding add-in installed in Outlook. Disabling this option decreases KIS CPU load while IMAP transfer is happening. What benefits does the add-in/extension connection offer in return for the increased CPU load?

Thank you @Igor Kurzin , it’s well appreciated.