Kaspersky safe browsing breaks .NET Blazor stream rendering

[wwh1004]

Kaspersky Standard v21.17.7.539

Windows 10 x64 22H2 19045.4412

 

When Kaspersky enabled, stream rendering doesn't work. Open the devtools and I find the "Waiting for server response" time is 5 seconds which is same as the delay I set in code. And page rendering is not expected which a "Loading..." string displays first then the table displays after 5 seconds.

When I disable Kaspersky safe browsing. Everything went as expected.

In this gif, you can see when safe browsing is disabled, weather page will show immediately and then content will be loaded after 5 seconds. And when I turn on safe browsing, weather page doesn't show until the whole page is downloaded.

 

A simple way to repro:

1. Download .NET SDK 8 from Microsoft. (e.g. dotnet-sdk-8.0.301-win-x64.exe)

2. Open a terminal.

3. Run "dotnet new blazor -o test1"

4. Open "test1\Components\Pages\Weather.razor" and change "await Task.Delay(500);" to "await Task.Delay(5000);" to make the problem more obvious.

5. Run "cd test1"

6. Run "dotnet run"

7. Open the displayed url in a browser. (e.g. http : //localhost:5141)

 

Edited May 31 by Berny

[harlan4096]

Welcome to Kaspersky Community.

 

Did You try to add that local URL Trusted list:

 

If still not go, You can try also to add an exclusion in Encrypted Connections Scan Trusted list:

 

[wwh1004]

Yes, .NET Blazor stream rendering works when I add the url to trusted addresses. But It's really complex that I should manually add the trusted domain name for each .NET Blazor website. Is it a bug in safe browsing that breaks general HTTP stream response? Or downloading all chunks inside Kaspersky to scan then returning to the client are by design?

[harlan4096]

Can You post the added Exclusions, please? I would like to see the exact URL added.

 

It's not a bug I guess, the problem here is that K. tries to scan the encrypted connections, and it breaks / blocks the connections if not a proper certificate.

 

Ok, You can try these 2 additional workarounds:

 

1.- Disable completely Scanning Encrypted Connection setting, but this is a very radical solution, that would lower the security in different K. modules.

 

2.- We can try to exclude the scanning of encrypted connections for the browser where You run the tests, but only for localhost.

 

3.- We can try to create a mask that would include all the URL tested, if there is a common pattern in all of them.

[wwh1004]

Not TLS/SSL decryption causes stream response not working. Even I use the fully http version of this demo website, when safe browsing is enabled, Kaspersky will also make this website not loading properly.

I can just add "localhost" to trusted urls to get my local development experience right. But this also let other local endpoints escape from detection.

The most important of which is Kaspersky default settings can make this website not loading properly. I have never modified network related settings before.

[harlan4096]

Is it Safe Browsing module actually the problem? If You disable only that module, the URL is loading fine?

 

Then the problem is because not using https, anyway it seems the exclusion of K. in scanning encrypted connections does the trick so...

[wwh1004]

If I use the http version of this example. It works when safe browsing is disabled (including adding to trusted urls).

If I use the https version of this example. It works when encryption connection scanning is disabled or safe browsing is disabled (including adding to trusted urls).

[harlan4096]

What about if You try this Intrusion Prevention exclusion in Your daily browser (example with FF and KES, but similar in Kaspersky in Standard):

 

I added 127.0.0.1 that usually is localhost 🤔

[wwh1004]

This does not work for the http version.

[harlan4096]

Previously to that, You should remove all the previous exclusions.

 

What about the same rule but changing "Do not scan encrypted traffic" to "Do not scan all traffic" ?