KAspersky Endpoint Security 11.1.0.15919 blocks some legitimate web sites

[Bob]

hi. I don't understand why Kaspersky endpoint security 11.1.0.15919 blocks some web sites. Older version 11.0.1.90 works perfect. It doesn't block any legitimate web sites. We have updated from 11.0.1.90 to 11.1.0.15919 and blocking issue arised. please help me to solve this issue.

[Demiad]

What is the error message you are seeing in the internet browser? You can check Critical (deny) events in the Reports window for find reason.

[Bob]

Hi Demiad. It is simple error message like ERR_CONNECTION_RESET. When I enter cisco or other real web sites, Kaspersky blocks them. How can I check event in Reports? I checked almost all event in event viewer but failed to find.

[Demiad]

Bob Try uncheck "Scan encrypted connections" in "General Settings"\ "Network settings". KB article (RU only) https://support.kaspersky.ru/15215

[Bob]

Thank you Demiad. Could you please tell me whether Kaspersky recommend to uncheck "Scan encrypted connection" ? now it is checked in our server but I afraid to uncheck it because of security issue

[Demiad]

"Scan encrypted connections" enable Full SSL inspection. https://securebox.comodo.com/ssl-sniffing/ssl-inspection/

If the check box is selected, the Web Threat Protection, Mail Threat Protection, and Web Control components scan encrypted traffic that is transmitted over the following protocols:

1. SSL 3.0.
2. TLS 1.0 / TLS 1.1 / TLS 1.2.

https://help.kaspersky.com/KESWin/11.1.1/en-us/178483.htm

[Bob]

So as I understood that it is a functionality that shouldn't be turned off. instead when web pages got blocked we have to add to TRUSTED DOMAIN list. right?

[Demiad]

Yes, problem sites must be add to "Trusted domains" Some sites already added to the Kapersky Lab global list.

[Bob]

Thank you so much. I appreciate your help

[alchemistIT]

We are having the same problem since the latest upgrade. The 'Machine Learning' is blocking about 10-20 sites a day that are safe and legitimate. We should not have to spend our working day whitelisting domains.

[Guest #37]

Hi, This is because of the new module included in version 11.1 of the analysis of encrypted connections. This module can be found in the following section of the directive> general configuration> network configuration. If when analyzing a url, it does not find in a clear way a signed security certificate, it emits that message, the solution is to add the domain to Trust. Regards