How to add self signed router to exceptions?

[Timur Born]

Hello. KTS keeps warning me about my routers using self-signed certificates, so I tried to add them to the list of trusted URLs, but do not succeed making KTS trust the router’s site.

I tried:

<IP>

<IP>/*

https://<IP>

https://<IP>/*

How do I add my router to the list of trusted sites?

[harlan4096]

Welcome to Kaspersky Community.

 

What about to add Your IP router here:

 

 

[Timur Born]

I will try that. Why are there two lists?

[harlan4096]

That one is specially to exclude encrypted connection scanning :)

 

The one You tried (in Web AV module) in a more general one, to avoid a site to be detected as malware, for example...

[Timur Born]

This list seems to work:

This list does not work:

Could someone explain the difference and why the second list does not work?

[Timur Born]

The second list says to “not scan web traffic”, so its exception list should work even better than the Network Settings one.

[Timur Born]

According to Reports the detection of self-signed certificates is part of “Web Anti-Virus”, so when I add my router to its trusted sites I expect its site not to be scanned at all (neither encrypted nor unencrypted).

 

[harlan4096]

I think already explained the difference in my previous post…

 

WebAV setting:

 

https://support.kaspersky.com/KIS/21.3/en-US/85992.htm

 

NetWork Settings (related to scanning encrypted connections):

 

https://support.kaspersky.com/KIS/21.3/en-US/201001.htm

[Timur Born]

Yes, thanks for the explanation. But the WebAV exception settings should work, too.

 

WebAV: don’t scan trusted site 10.0.0.1 = WebAV does not scan unencrypted and/or encrypted site.

Network: don’t decrypt trusted site 10.0.0.1 = WebAV does not scan encrypted site, but scans unencrypted site.

 

This seems like a bug to me.

[Timur Born]

I reported this as bug. WebAV should not examine websites that are added to its list of trusted sites, regardless of encryption. Disallowing the decryption of said site is just a workaround.

 

Thanks for pointing it out, though. ;)

[Timur Born]

Support suggested a different but more convoluted way to adding the exception: using application control to set exceptions to firefox.exe

Needless to say that this is the least desired way of handing a simple certificate exception.

So unless someone can think of another way it currently seems like KAV does not really want users to add exceptions for self-signed certificates other than via workarounds.