KIS for Mac interferes with SSL and Homebrew

[cosmos]

Hi, 

I am using KIS on Mac. I am not able to install programs via homebrew. I see the following SSL error:

brew install neofetch
...
curl: (35) LibreSSL SSL_connect: SSL_ERROR_ZERO_RETURN in connection to d29vzk4ow07wi7.cloudfront.net:443

KIS’ interference with SSL appears to be a known issue: https://github.com/libressl-portable/portable/issues/515

I am able to get around this by disabling protection.

How can I add a rule to allow homebrew operations? What’s the preferred solutions?

[Flood and Flood's wife]

 Hello @cosmos, 

Welcome!

1. Read before you create a new topic!, by @Danila T. , please action as per his directions?
2. Have you logged a case with Kaspersky Technical Support → they will ask for Traces, Logs & other data?
3. References: 
4. Website certificate problem detected by Kaspersky Internet Security for Mac and Kaspersky Security Cloud for Mac
5. Add a website of a bank, payment system, or online store to Safe Money protection

• Please share the outcome, with the Community, when it’s available?

Thank you🙏

Flood🐳 +🐋

[cosmos]

Thanks, Flood.

Here is some additional information:

Version of my operating system: macOS 11.2.3 20D91 arm64

Name and version number of the Kaspersky application: Kaspersky Internet Security 21.1.0.150

I filed a technical support request. 

Will update if I get a solution.

[Wesly.Zhang]

Thanks, Flood.

Here is some additional information:

Version of my operating system: macOS 11.2.3 20D91 arm64

Name and version number of the Kaspersky application: Kaspersky Internet Security 21.1.0.150

I filed a technical support request. 

Will update if I get a solution.

Hello,

We will wait for your reply.

Regards.

[Flood and Flood's wife]

Thanks, Flood. Here is some additional information:

1. operating system version macOS 11.2.3 20D91 arm64
2. KIS version 21.1.0.150 
3. I filed a technical support request. 
4. Will update if I get a solution.

Hello @cosmos, 

Thank you👌

KIS/MAC Hardware and software requirements are: macOS 10.14, 10.15 & 11, please ask TS if 11.2.3 20D91 is supported?

Please let us know, it may be a documentation issue? 

Thank you🙏

Flood🐳 +🐋

[DMConklin]

I am also having this issue.

M1 Mac mini / Big Sur 11.2.3

KIS 21.1.0.150
Homebrew 3.1.2

 

Whenever I try to install a package with KIS enabled I get
curl: (35) error:1400443E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert inappropriate fallback

[cosmos]

Support suggested adding the application to the trusted zone:
 

You may add the application under the Trusted Zone. You may follow the steps on the link below on how to do that:

• https://support.kaspersky.com/KIS4Mac/20.0/en-US/166599.htm

But I haven’t had a chance to try this yet, as I haven’t installed any packages since. My past workaround was to disable protection while installing packages via homebrew.

I would try to add homebrew there, and see if that helps. But this is an error with curl, and I’m not sure if Kaspersky considers curl a separate application. In that case, adding curl to the list of trusted applications may help.

 

[DMConklin]

@cosmos 

I’m not even really sure where I would find homebrew to add it to the trusted list tbh but if you know what file / folder I should be adding please update me. Also tried adding several variations of https://ghcr.io/v2/homebrew/core/gettext/manifests/0.21 to the trusted web addresses with no luck. 

If you come to a solution please update me, this is an annoying problem to have lol

[Danila T.]

Hi All!

 

Please contact with support team: https://my.kaspersky.com/en/support about this problem.

[cosmos]

So I think I have found the root of the issue:

First, I found where the brew and curl binaries are by running ‘which brew’ and ‘which curl’. I added both `/opt/homebrew/bin/brew` and `/usr/bin/curl` to the Trusted Zone, but this did not fix the problem. 

However, disabling “Check Secure Connections (HTTPS) for Safe Money and Private Browsing” under Preferences > Protection > General solves the issue.

It seems that “checking secure connections (HTTPS)” interferes with curl SSL requests. Unsecured curl still works. 

I will forward this info to support. 

[Danila T.]

Hello,

 

Issue already fixed in the KIS\KSC 21.1.0.150 patch C. Update base of KIS\KSC 21.1.0.150 and restart macOS.