Jump to content

Kaspersky safe browsing breaks .NET Blazor stream rendering


Go to solution Solved by harlan4096,

Recommended Posts

wwh1004
Posted (edited)

Kaspersky Standard v21.17.7.539

Windows 10 x64 22H2 19045.4412

 

When Kaspersky enabled, stream rendering doesn't work. Open the devtools and I find the "Waiting for server response" time is 5 seconds which is same as the delay I set in code. And page rendering is not expected which a "Loading..." string displays first then the table displays after 5 seconds.

When I disable Kaspersky safe browsing. Everything went as expected.

GIF.thumb.gif.7a48699a3736c525eb05d5982523403a.gif

In this gif, you can see when safe browsing is disabled, weather page will show immediately and then content will be loaded after 5 seconds. And when I turn on safe browsing, weather page doesn't show until the whole page is downloaded.

 

A simple way to repro:

1. Download .NET SDK 8 from Microsoft. (e.g. dotnet-sdk-8.0.301-win-x64.exe)

2. Open a terminal.

3. Run "dotnet new blazor -o test1"

4. Open "test1\Components\Pages\Weather.razor" and change "await Task.Delay(500);" to "await Task.Delay(5000);" to make the problem more obvious.

5. Run "cd test1"

6. Run "dotnet run"

7. Open the displayed url in a browser. (e.g. http : //localhost:5141)

image.thumb.png.857adda33a6de1dffc84f3f789d14066.png

 

Edited by Berny
  • Solution
harlan4096
Posted

Welcome to Kaspersky Community.

 

Did You try to add that local URL Trusted list:

 

image.thumb.png.08c535d8ddae7f3186ce41d74e8339be.png

If still not go, You can try also to add an exclusion in Encrypted Connections Scan Trusted list:

 

image.thumb.png.a5e898c2b549b4fdff20545c3aec7792.png

wwh1004
Posted

Yes, .NET Blazor stream rendering works when I add the url to trusted addresses. But It's really complex that I should manually add the trusted domain name for each .NET Blazor website. Is it a bug in safe browsing that breaks general HTTP stream response? Or downloading all chunks inside Kaspersky to scan then returning to the client are by design?

  • Like 1
harlan4096
Posted

Can You post the added Exclusions, please? I would like to see the exact URL added.

 

It's not a bug I guess, the problem here is that K. tries to scan the encrypted connections, and it breaks / blocks the connections if not a proper certificate.

 

Ok, You can try these 2 additional workarounds:

 

1.- Disable completely Scanning Encrypted Connection setting, but this is a very radical solution, that would lower the security in different K. modules.

 

2.- We can try to exclude the scanning of encrypted connections for the browser where You run the tests, but only for localhost.

 

3.- We can try to create a mask that would include all the URL tested, if there is a common pattern in all of them.

wwh1004
Posted

Not TLS/SSL decryption causes stream response not working. Even I use the fully http version of this demo website, when safe browsing is enabled, Kaspersky will also make this website not loading properly.

I can just add "localhost" to trusted urls to get my local development experience right. But this also let other local endpoints escape from detection.

The most important of which is Kaspersky default settings can make this website not loading properly. I have never modified network related settings before.

  • Like 1
harlan4096
Posted

Is it Safe Browsing module actually the problem? If You disable only that module, the URL is loading fine?

 

Then the problem is because not using https, anyway it seems the exclusion of K. in scanning encrypted connections does the trick so...

  • Like 1
wwh1004
Posted

If I use the http version of this example. It works when safe browsing is disabled (including adding to trusted urls).

If I use the https version of this example. It works when encryption connection scanning is disabled or safe browsing is disabled (including adding to trusted urls).

  • Like 1
harlan4096
Posted

What about if You try this Intrusion Prevention exclusion in Your daily browser (example with FF and KES, but similar in Kaspersky in Standard):

 

image.thumb.png.76438c063f6014f43d19a7a2fa3c3c02.png

I added 127.0.0.1 that usually is localhost 🤔

  • Like 1
wwh1004
Posted

This does not work for the http version.

harlan4096
Posted

Previously to that, You should remove all the previous exclusions.

 

What about the same rule but changing "Do not scan encrypted traffic" to "Do not scan all traffic" ?

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...