Script injected in xml-response

[Björn Pfander]

Hello,

we use jsf / primefaces for an application.

the communication between server and client is done by ajax-requests and the response is a xml with cdata-content.

since the end of december last year more and more customers complain that the application stop working.

this happens in production environment only and it took a while to figure out the problem.

If our customers have installed Kaspersky Internet Securitiy in some cases (not always) the server response get enhanced with leading javascript.

<script type="text/javascript" src="https://ff.kis.v2.scr.kaspersky-labs.com/XYZ/main.js

This causes the error.

The workaround:

‘Settings->Additional->Network' and disable 'Inject script into web traffic to interact with web pages'. works.

But I cannot recommend this to our customers, cause I don’t know the exact meaning of this option.

Setup (as fare as we know)

The Problem exists under the following circumstances

OS: Windows 10 (Premium + Home), lastest Security-Updates

Browser: Chrome (88.0.4324.96), Firefox (85.0), Edge (88.x)

Kaspersky Internet Security: 20.0.14.1085

 

Question

Whats wrong with the server-response? I mean, that happened never before.

What else can we do to avoid this behavior?

 

Any ideas and/or suggestions?

 

greetings björn

[Flood and Flood's wife]

Hello @Björn Pfander,

Welcome!

1. KIS is up to v21.2.16.590(b), please update & recheck, if the issue persists, please follow step 3.
2. Even tho you've found unchecking Inject script into web traffic to interact with web pages, to be an effective workaround, it's only suggested as a test, to see if the original issue resolves; it’s not a recommended solution. Inject script into web traffic to interact with web pages: if the check box is selected, Kaspersky Internet Security injects a web page interaction script into web traffic. This script ensures the operation of such components as Safe Money, Private Browsing, Anti-Banner, and URL Advisor.
3. Please log a case with Kaspersky Technical Support, fill in the  Application malfunction, Other template: in the problem description provide a detailed history & the URL for this topic; Support will request Traces, collected as the issue is replicated, Logs & or other system data, they will guide you:

• After submitting the case, you’ll receive an automated email with an INC+12digits reference number, then, normally, within 5 business days, a Kaspersky Technical Support human will be in touch, also by email, you may continue to engage with the Kaspersky Technical Team via email or by updating the INC in your MyKaspersky account.
• Please share the outcome with the Community when it’s available? 

Thank you🙏

Flood🐳 +🐋