untrusted root center, Site Blocked "Connection not protected" and can't exclude it. "I understand the risks" is not available. [Solved][Closed]

[gsotoa]

I just installed a pbx virtual machine with a self-signed certificate. Kaspersky Total Security is blocking the site "Connection not protected" However, I am not getting the option to bypass it. The link with "I understand the risks and wish to continue" is not there. Detailed Report reads: 26.04.2019 08.54.57;SSL connection with invalid certificate detected;192.168.0.3;192.168.0.3;This certificate or the certificate chain is built on an untrusted root center.;Firefox;04/26/2019 08:54:57 It is not a browser problem. The same thing happens with Firefox 66.0.3, Google Chrome 73.0.3683.103 and with IE 11. I tried the the solution of excluding the website from encrypted connections scan scope as listed here but that still did not help. https://support.kaspersky.com/common/safemoney/12489#block4 Any suggestion is appreciated. Thank you, Gerardo

[harlan4096]

Welcome to the new Kaspersky Community! :) Did You try also in NetWork -> Encrypted Connection Scanning -> Advanced Settings -> enabling -> Do not decrypt SSL connections with EV certificates ?

[gsotoa]

Hi harlan4096. Thank you for your suggestion. Disabling decryption of EV certificates does not help. Thank you, Gerardo

[harlan4096]

Please provide more info about the system environment: a virtual machine in VirtualBox? which system? the KTS (version?) where You get certificate issues is running inside that virtual machine? Thanks.

[Igor Kurzin]

Hi, the resolution would be to add 192.168.0.3 to exclusions. In Kaspersky product open Settings -> Application Control -> Manage applications -> search for Chrome (or another browser) -> in the search results below double click on Chrome (or another browser) -> in the opened window go to tab Exclusions -> click "Do not scan all traffic" and select the option "Do not scan encrypted traffic" -> check the option "Only for specified IP addresses" -> enter the IP address 192.168.0.3 -> Save.
Restart Chrome and check.

Update:

On September 30, 2021 Let’s Encrypt root certificate DST Root CA X3 expired (more information can be found here: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/). Since this certificate was used on several websites worldwide a certificate expiration warming message could be displayed accessing those websites in browsers. If Kaspersky product is installed it shows its own html page with untrsuted certificate warning instead of original browser’s one. Most of users with the latest and up to date versions of operating systems and browsers should not face this issue because new valid root certificate is installed automatically.

Workaround: 

In case you see such warning on attempt to open a website (especially if this warning was not displayed before September 30, 2021) on Windows 7 or older operating systems it’s recommended install all availabe Windows updates.

 

[gsotoa]

Hi Igor, Sorry for the delay getting back to you. Your solution worked perfectly! Thank you very much for your help! Regards, Gerardo

[billyber]

Hello Kaspersky Team, I face the same issue with Kaspersky Security Cloud. Could you assist? Thank you in advance

[Flood and Flood's wife]

I face the same issue with Kaspersky Security Cloud. Could you assist?

Hello billyber, Welcome!

1. Have you followed Igor Kurzin instructions?

IF "yes", please provide the following: 1⃣ Operating system: (a) full name? (b) version? (c) build? (d) release? To find Operating system information: type winver in (Windows) search bar, press enter, the required information is displayed. 2⃣ KSCLOUD (a) version? (b) patch(x)? x=letter, (c) free? or licensed? {see note at the end of my reply} 3⃣Any other Kaspersky software: IF "yes": (a) Full name? (b) version? (c) patch(x)? x=letter, (d) free? or licensed? 4⃣ Go to KSCloud application, select More Tools, select Reports, select Detailed Reports, leave ALL Events as default, select the shortest time frame the alerts are shown, preferably 24hrs or 7days, select Export, save the file as a TEXT file, upload to your post, using the Upload icon Thank you:pray_tone3:. Note: Kaspersky free software has (config) limitations, advertising & no Technical Support. If we know this, we ensure we never waste your time, advising you, for example: "contact Technical Support".

[billyber]

:one: Operating system: (a) Windows 10 Pro (b) 1903 (c) OS Build 18362.356 (d) N/A To find Operating system information: type winver in search bar, press enter, the required information is displayed. :two: KSCLOUD (a) 20.0.14.1085(d)? (b) (d), (c) Licensed {see note at the end of my reply} :three:Any other Kaspersky software: IF "yes": No (a) Full name? (b) version? (c) patch(x)? x=letter, (d) free? or licensed? :four: Go to KSCloud application, select More Tools, select Reports, select Detailed Reports, leave ALL Events as default, select the shortest time frame the alerts are shown, preferably 24hrs or 7days, select Export, save the file as a TEXT file, upload to your post, using the Upload icon See attachment

[Flood and Flood's wife]

Windows 10 Pro, 1903, 18362.356, KSCLOUD 20.0.14.1085(d) (Premium), Report attached.

Hello billyber, Thanks for posting back and the report:pray_tone3:. Please wait for my reply.

1. You may also wish to contact Kaspersky Technical Support and ask their advice.

Thank you

[Flood and Flood's wife]

Hello billyber,

1. Is the issue happening irrespective of the browser chosen?
2. Have you also installed / activated Virtual environments/software?
3. Did the issue exist before Teamviewer was installed and used?

Please run GSI & Windows Logs, upload the zip folder to cloud and PM the link to me please? Thank you.

[dirtrunner]

Hello, i have the same problem. It started around two weeks ago, option to bypass "Connection not protected" - "I understand the risks and wish to continue" was gone. I used the option and 10 minutes later i wanted to use the option to bypass again and it was not there anymore. So i talked to the support and they told me to upgrade vom KIS 19.xx to 20.xxx . The Version im currently using is 20.0.14.1085 (d) on Microsoft Windows 10 x64 Build 17763. After upgrading KIS the option was back and usable. Today, to weeks later, i was working on my homeserver and tried to connect to it, i saw the message "Connection not protected" , i clicked "I understand the risks and wish to continue" - worked fine. Ten minutes later i tried to connect again and the message "Connection not protected" showed up, but again, the same as two weeks ago, the bypass option didn't appear. I using Firefox 69.0.3 (64-Bit). I also tried it with a second computer also with KIS, Win10 and Firefox and on this computer everything worked fine. Can you help me? I want the bypass option to appear again. Greetings Dirtrunner

[Flood and Flood's wife]

Hello dirtrunner, Welcome! I've replied to your Topic. Thank you.

[cguanes]

Hi, the resolution would be to add 192.168.0.3 to exclusions. In Kaspersky product open Settings -> Application Control -> Manage applications -> search for Chrome (or another browser) -> in the search results below double click on Chrome (or another browser) -> in the opened window go to tab Exclusions -> click "Do not scan all traffic" and select the option "Do not scan encrypted traffic" -> check the option "Only for specified IP addresses" -> enter the IP address 192.168.0.3 -> Save.
Restart Chrome and check.

Hi I have the same problem but on MS Edge, this work with Chrome, but MicrosoftEdge is not showing in the list of applications so I cannot setup the exclusion. How can I add MicrosoftEdge to the list of “Manage Applications”

[Flood and Flood's wife]

Hello  @cguanes,

Welcome!

Edge is not supported in some situations, to know specifically for your issue and so we can guide you, please tell us:

Windows Operating system name & version ?

Kaspersky software name, version & patch ? 

Edge full name and version ? 

Please post back?

Thank you🙏

[Gnommon]

how do I do this for my whole subnet ?