Kaspersky AV network attack blocker feature hinders the use of a end-to-end encrypting proxy

[Cyri]

W10 x64 build 19045 - KAV 21.3.10.391 (k)

When accessing to internet through a proxy with end-to-end encrypting enabled (that is to say that communications between the client and the proxy use tls) and establishing a connection to a server secured by tls (typically requesting a ressource from an url starting with https://), it is necessary to make use of tls-in-tls by first wrapping the socket used to send the connect request to the proxy and then wrapping again this socket to communicate with the server. Unfortunately, Kaspersky antivirus unexpectedly closes the connection of the underlying socket during the transfer of data, and after further examinations, it appears that it is the network attack blocker module which is responsible of this issue. Disabling the protection or adding the ip address of the proxy indeed solves the problem. It seems that the detection method applied leads to wrongly interpreting the packets as malicious because their content is not what it considers it should be, as a response to a http request, due to the opacification induced by the nested encryption. I could very easily reproduce the malfunction with proxy.py and a python script.

Thanks in advance.

[harlan4096]

Welcome to Kaspersky Community.

 

Your best bet is to report the issue via K. Support