Jump to content

Kaspersky AV network attack blocker feature hinders the use of a end-to-end encrypting proxy


Recommended Posts

W10 x64 build 19045 - KAV (k)

When accessing to internet through a proxy with end-to-end encrypting enabled (that is to say that communications between the client and the proxy use tls) and establishing a connection to a server secured by tls (typically requesting a ressource from an url starting with https://), it is necessary to make use of tls-in-tls by first wrapping the socket used to send the connect request to the proxy and then wrapping again this socket to communicate with the server. Unfortunately, Kaspersky antivirus unexpectedly closes the connection of the underlying socket during the transfer of data, and after further examinations, it appears that it is the network attack blocker module which is responsible of this issue. Disabling the protection or adding the ip address of the proxy indeed solves the problem. It seems that the detection method applied leads to wrongly interpreting the packets as malicious because their content is not what it considers it should be, as a response to a http request, due to the opacification induced by the nested encryption. I could very easily reproduce the malfunction with proxy.py and a python script.

Thanks in advance.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...