Jump to content

Cannot guarantee authenticity of the domain to which an encrypted connection is being established Outolook 365


MirceaForce

Recommended Posts

Hello,

 

seems, there is a problem with certificate on .fp.measure.office.com 

The certificate most likely was issued to another domain and names do not match. You can see it in “Details” Tab of the Certificate.

The field: “Issued to:” must contain the same domain name, which Outlook tries to connect to. 

 

Related topics: https://community.kaspersky.com/kaspersky-total-security-14/how-to-allow-microsoft-office-upload-upload-fp-measure-office-com-certificate-authorization-cancelled-8688

 

https://community.kaspersky.com/kaspersky-small-office-security-management-console-29/ms-access-flagged-ea30ebbddc424967ae29246485221c62-fp-measure-office-com-moved-2661

 

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_other-mso_2016/invalid-name-of-certificate/8b663a2a-e1d4-4fb5-980c-4aaa646271aa

 

Workaround: to add problematic domain to SSL-check exclusions: in Settings => Network Settings => Encrypted Connections Scanning => Trusted addresses. 

 

 You can also contact to Microsoft support in order to inform them about certificate problem. 

Thank you.

Link to comment
Share on other sites

Hello,

 

seems, there is a problem with certificate on .fp.measure.office.com 

The certificate most likely was issued to another domain and names do not match. You can see it in “Details” Tab of the Certificate.

The field: “Issued to:” must contain the same domain name, which Outlook tries to connect to. 

 

Related topics: https://community.kaspersky.com/kaspersky-total-security-14/how-to-allow-microsoft-office-upload-upload-fp-measure-office-com-certificate-authorization-cancelled-8688

 

https://community.kaspersky.com/kaspersky-small-office-security-management-console-29/ms-access-flagged-ea30ebbddc424967ae29246485221c62-fp-measure-office-com-moved-2661

 

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_other-mso_2016/invalid-name-of-certificate/8b663a2a-e1d4-4fb5-980c-4aaa646271aa

 

Workaround: to add problematic domain to SSL-check exclusions: in Settings => Network Settings => Encrypted Connections Scanning => Trusted addresses. 

 

 You can also contact to Microsoft support in order to inform them about certificate problem. 

Thank you.


The idea I receive this when not using the pc for more then 3 days or more….do you have any idea

Link to comment
Share on other sites


Hello,


the domain office.com belongs to Microsoft Corporation and seems Outlook connects to .fp.measure.office.com servers periodically. It is better to contact to Microsoft support in order to clarify details/reasons of such connections.


Thank you.

 

What to add here ?

 

 


You can try to add this particular:
56122e78a9b544b193273cf8cf0a0d4b.fp.measure.office.com

 

and if the problem does not resolve by this exclusion or similar notifications with other fp.measure.office.com will appear, then add: fp.measure.office.com

 

Thank you.

 

 

 

Link to comment
Share on other sites


Hello,


the domain office.com belongs to Microsoft Corporation and seems Outlook connects to .fp.measure.office.com servers periodically. It is better to contact to Microsoft support in order to clarify details/reasons of such connections.


Thank you.

 

What to add here ?

 

 


You can try to add this particular:
56122e78a9b544b193273cf8cf0a0d4b.fp.measure.office.com

 

and if the problem does not resolve by this exclusion or similar notifications with other fp.measure.office.com will appear, then add: fp.measure.office.com

 

Thank you.

 

 

 


Will try and come up with feedback

 

Thank you

Link to comment
Share on other sites


Hello,


the domain office.com belongs to Microsoft Corporation and seems Outlook connects to .fp.measure.office.com servers periodically. It is better to contact to Microsoft support in order to clarify details/reasons of such connections.


Thank you.

 

What to add here ?

 

 


You can try to add this particular:
56122e78a9b544b193273cf8cf0a0d4b.fp.measure.office.com

 

and if the problem does not resolve by this exclusion or similar notifications with other fp.measure.office.com will appear, then add: fp.measure.office.com

 

Thank you.

 

 

 


for the moment still not working with 56122e78a9b544b193273cf8cf0a0d4b.fp.measure.office.com or others

 

I’ve added fp.measure.office.com hope to fix this will test and come with feedback

 

 

Event: SSL connection with invalid certificate detected
User type: Not defined
Application name: OUTLOOK.EXE
Application path: C:\Program Files\Microsoft Office\root\Office16
Component: Web Anti-Virus
Result description: Blocked
Object name: d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com
Reason: Invalid name of certificate. Either the name is not on the allowed list, or was explicitly excluded.

Link to comment
Share on other sites

I noticed that this exclusion list does not seem to work as expected.

Adding “askmrrobot.com” in the list does *not* exclude “www.askmrrobot.com”, so “fp.measure.office.com” might not work for you because of the same issue.

If it does not then I am curious how completely disabling encrypted scanning works for your problem?!

Link to comment
Share on other sites

I noticed that this exclusion list does not seem to work as expected.

Adding “askmrrobot.com” in the list does *not* exclude “www.askmrrobot.com”, so “fp.measure.office.com” might not work for you because of the same issue.

If it does not then I am curious how completely disabling encrypted scanning works for your problem?!

 

If you disable the encrypted connection no protection running for this ….so it’s not ok

Link to comment
Share on other sites

I noticed that this exclusion list does not seem to work as expected.

Adding “askmrrobot.com” in the list does *not* exclude “www.askmrrobot.com”, so “fp.measure.office.com” might not work for you because of the same issue.

If it does not then I am curious how completely disabling encrypted scanning works for your problem?!

 

You also can add the mask:

*.fp.measure.office.com

to Web Anti-Virus Trusted URLs and the product will not scan web traffic from fp.measure.office.com and subdomains.

 

Thank you.

 

 

 

Link to comment
Share on other sites

Are you sure that *.abc will include the main domain abc without the subdomain “.”?

 

Hello,

 

the main idea is to exclude all subdomains of:  fp.measure.office.com from WebAV scan.

The exclusion by this mask:

*.fp.measure.office.com

must exclude all addressed like d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com

from WevAV traffic check.

 

 

Link to comment
Share on other sites

Are you sure that *.abc will include the main domain abc without the subdomain “.”?

 

Hello,

 

the main idea is to exclude all subdomains of:  fp.measure.office.com from WebAV scan.

The exclusion by this mask:

*.fp.measure.office.com

must exclude all addressed like d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com

from WevAV traffic check.

 

 


this will not compromise security ?

Link to comment
Share on other sites

Are you sure that *.abc will include the main domain abc without the subdomain “.”?

 

Hello,

 

the main idea is to exclude all subdomains of:  fp.measure.office.com from WebAV scan.

The exclusion by this mask:

*.fp.measure.office.com

must exclude all addressed like d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com

from WevAV traffic check.

 

 


this will not compromise security ?


I have written above, that fp.measure.office.com - are Microsoft servers. So, it will not compromise the security. But we suggest you to contact to Microsoft and inform them about certificate problem on their servers anyway.

 

 

Link to comment
Share on other sites

Are you sure that *.abc will include the main domain abc without the subdomain “.”?

 

the main idea is to exclude all subdomains of:  fp.measure.office.com from WebAV scan.

The exclusion by this mask:

*.fp.measure.office.com

must exclude all addressed like d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com

from WevAV traffic check.

 

 

 

 

Link to comment
Share on other sites

Are you sure that *.abc will include the main domain abc without the subdomain “.”?

 

the main idea is to exclude all subdomains of:  fp.measure.office.com from WebAV scan.

The exclusion by this mask:

*.fp.measure.office.com

must exclude all addressed like d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com

from WevAV traffic check.

 

 

 

 

You need to add this mask in Advanced settings of Web AntiVirus in Trusted URLs:

 

Link to comment
Share on other sites

  • 2 weeks later...

Are you sure that *.abc will include the main domain abc without the subdomain “.”?

 

the main idea is to exclude all subdomains of:  fp.measure.office.com from WebAV scan.

The exclusion by this mask:

*.fp.measure.office.com

must exclude all addressed like d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com

from WevAV traffic check.

 

 

 

 

You need to add this mask in Advanced settings of Web AntiVirus in Trusted URLs:

 


I did tried this but the error is still pop up so no fix

Link to comment
Share on other sites

Answer by Kaspersky support concerning sub-domain masks in the Trusted Addresses dialog:

A little clarification, we consider something a bug, when the product does not work to some requirement. For Kaspersky Internet Security, there was no such a requirement (to be able to exclude by masks), that's why we initiated a new requirement to be implemented in future versions of Kaspersky Internet Security, so that excluding by masks is possible.

Regarding the example.com being given as a proper example, we agree, it may be misleading, as usually websites include the www. part and there can be sub domains as well. We added this information in the requirement, so that in the future the example part is more clear and up to the point.

Link to comment
Share on other sites

Are you sure that *.abc will include the main domain abc without the subdomain “.”?

 

the main idea is to exclude all subdomains of:  fp.measure.office.com from WebAV scan.

The exclusion by this mask:

*.fp.measure.office.com

must exclude all addressed like d85c2b9cab3749a094cd25c7d408a1a5.fp.measure.office.com

from WevAV traffic check.

 

 

 

 

You need to add this mask in Advanced settings of Web AntiVirus in Trusted URLs:

 


I did tried this but the error is still pop up so no fix


Hello,

 

In this case please create the request to technical support: https://my.kaspersky.com/

and send the number of the incident to me.

 

Thank you.

 

Link to comment
Share on other sites

Answer by Kaspersky support concerning sub-domain masks in the Trusted Addresses dialog:

A little clarification, we consider something a bug, when the product does not work to some requirement. For Kaspersky Internet Security, there was no such a requirement (to be able to exclude by masks), that's why we initiated a new requirement to be implemented in future versions of Kaspersky Internet Security, so that excluding by masks is possible.

Regarding the example.com being given as a proper example, we agree, it may be misleading, as usually websites include the www. part and there can be sub domains as well. We added this information in the requirement, so that in the future the example part is more clear and up to the point.

 

Hello,

 

yes, this is related to Encrypted connections in General(https). For this moment we do not have the feature in product, which allows to exclude domain by mask(for all components). But we can do this for Web Anti-Virus component, as I have written above. It helps, when other components do not request HTTPS-traffic decryption and it will not help, if another component checks HTTPS-traffic on problematic domain too.

 

Thank you.

 

Link to comment
Share on other sites

Answer by Kaspersky support concerning sub-domain masks in the Trusted Addresses dialog:

A little clarification, we consider something a bug, when the product does not work to some requirement. For Kaspersky Internet Security, there was no such a requirement (to be able to exclude by masks), that's why we initiated a new requirement to be implemented in future versions of Kaspersky Internet Security, so that excluding by masks is possible.

Regarding the example.com being given as a proper example, we agree, it may be misleading, as usually websites include the www. part and there can be sub domains as well. We added this information in the requirement, so that in the future the example part is more clear and up to the point.

 

Hello,

 

yes, this is related to Encrypted connections in General(https). For this moment we do not have the feature in product, which allows to exclude domain by mask(for all components). But we can do this for Web Anti-Virus component, as I have written above. It helps, when other components do not request HTTPS-traffic decryption and it will not help, if another component checks HTTPS-traffic on problematic domain too.

 

Thank you.

 


I did tried for the web antivirus no fix..still pop up is there any settings ?

Link to comment
Share on other sites

Answer by Kaspersky support concerning sub-domain masks in the Trusted Addresses dialog:

A little clarification, we consider something a bug, when the product does not work to some requirement. For Kaspersky Internet Security, there was no such a requirement (to be able to exclude by masks), that's why we initiated a new requirement to be implemented in future versions of Kaspersky Internet Security, so that excluding by masks is possible.

Regarding the example.com being given as a proper example, we agree, it may be misleading, as usually websites include the www. part and there can be sub domains as well. We added this information in the requirement, so that in the future the example part is more clear and up to the point.

 

Hello,

 

yes, this is related to Encrypted connections in General(https). For this moment we do not have the feature in product, which allows to exclude domain by mask(for all components). But we can do this for Web Anti-Virus component, as I have written above. It helps, when other components do not request HTTPS-traffic decryption and it will not help, if another component checks HTTPS-traffic on problematic domain too.

 

Thank you.

 


I did tried for the web antivirus no fix..still pop up is there any settings ?

 

We need to collect and analyze traces of the product with reboot and the problem reproduction in order to clarify this. That is why I asked you to create a request to technical support.

 

Link to comment
Share on other sites

  • 2 months later...

Answer by Kaspersky support concerning sub-domain masks in the Trusted Addresses dialog:

A little clarification, we consider something a bug, when the product does not work to some requirement. For Kaspersky Internet Security, there was no such a requirement (to be able to exclude by masks), that's why we initiated a new requirement to be implemented in future versions of Kaspersky Internet Security, so that excluding by masks is possible.

Regarding the example.com being given as a proper example, we agree, it may be misleading, as usually websites include the www. part and there can be sub domains as well. We added this information in the requirement, so that in the future the example part is more clear and up to the point.

 

Hello,

 

yes, this is related to Encrypted connections in General(https). For this moment we do not have the feature in product, which allows to exclude domain by mask(for all components). But we can do this for Web Anti-Virus component, as I have written above. It helps, when other components do not request HTTPS-traffic decryption and it will not help, if another component checks HTTPS-traffic on problematic domain too.

 

Thank you.

 


I did tried for the web antivirus no fix..still pop up is there any settings ?

 

We need to collect and analyze traces of the product with reboot and the problem reproduction in order to clarify this. That is why I asked you to create a request to technical support.

 

Where do I see my ticket status on the support page I did submitted, 

Link to comment
Share on other sites

❓1 Where do I see my ticket status on the support page I did submitted, 

Hello @MirceaForce

Kaspersky have redesigned the MyKaspersky incident management (ticket) portal → removing  incident management (ticket) feature completely. It’s no longer possible to use (your) MyKaspersky account to manage (your) tickets. 

Now, all incidents/tickets are:

  1. Created via the Consumer support link, either via: Chat, Email, Phone, or Kaspersky Technical Support remote access.
  2. All subsequent communications are done, either via Chat, Email, Phone, or Kaspersky Technical Support remote access.
  • Important note → Kaspersky appears to have an expectation that their subscribers will keep all emails related to any logged incidents/ticket as an archive. 

1 Contact  Consumer support, either by Chat, Email or Phone & request they provide you with a full case history of the ticket you’re concerned about. 

Thank you🙏

Flood🐳+🐋

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.


×
×
  • Create New...