CSP error caused by Kaspersky

January 17, 2023

It's kinda a tricky question. My production web server running on Outsystem at the front -end receive an error as below,

Source
CSPReport
Message
Content Security Policy blocked 'https://gc.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js?attr=6Bhssj4c9_yPKq6_BbVfBHV3CaLZqy6nyzCb_srXejD_V5sjzVAiwCGaq8osBhivkCJdHVmPpsDkPvWR897FjNPtByAgONX5cuiJPoTlZ5hqg-RSAT0d3yqRGN7SKK6dtdPa-p7mBSVR_FRSnp8JCfOFlt5F7ppTYy9hTRQ8JH-Z0UuSzcX-V2b7UdYPreUU8Ac3ZUVC9ah44vXmqjqpejJDfxypgFPaM2gzKjeTXg4'.

I know this is related to CSP but for your information, there was no Kaspersky antivirus running on these servers. How do I confirmed if gc.kis.v2.scr.kaspersky-labs belong to Home Products maybe installed on the user side.

Thank you

January 17, 2023

This is a shared mandatory profile that is causing the issue -- I suspect it something in it is causing issues but not sure what.

January 18, 2023

Most likely, there is some kind of injection on the web page. Since the web server only accept return value of CSP to strict, the web server will drop any 'tampering'. Am I right?

Edited January 18, 2023 by Amir Yusoff

CSP error caused by Kaspersky

Recommended Posts

Amir Yusoff

rehel

Amir Yusoff

Please sign in to comment

Forum

Products

Support

Personal Account