Question Kaspersky without HTTPS Scanning - Still safe?

Please provide comments and solutions that are helpful to the author of this topic.

cofer123

Level 3
Thread author
Sep 7, 2021
134
One of the main "issues" I have had with Kaspersky is that it always slows down page loading. It's a small difference, but noticeable, and sometimes even annoying, since page loading doesn't behave as snappy as with Defender or Eset. However, after recently experimenting with HTTPS scanning disabled, Kaspersky behaves just as fast as if it wasn't there.

But what is the cost of having that disabled? Can other of Kaspersky's modules make up for losing that layer of defense? Anyone has experimented this before?
 

cofer123

Level 3
Thread author
Sep 7, 2021
134
I don't use K but you should be fine disabling HTTPS scanning. A number of K users on MT disable that setting. Make sure you use an ad blocker and your browsers phishing protection, e.g. Safe Browsing, Smartscreen, etc.
Thanks. Firefox + uBlock Origin since forever here, so it should be good.

I've also noticed I can set trusted addresses, apparently disabling connection scans for those domains. I will run some tests to check if I can still keep the performance boost for my most visited sites while having scanning working for everything else.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
This browsing speed slow-down is the reason why I can never settle on Kaspersky and I also prefer not to disable a product's core protection feature. Without it Kaspersky would miss infected javascripts, infected html, malicious redirects, etc. Sometimes, some remnants can even remain on browser cache without detection. But of course if you don't visit suspicious sites, then that's not a problem. If you do online shopping then you should enable it when you do because lately seeing a lot of smaller shopping sites getting infected via stealer malware that can't be detected without the HTTPS scanning feature.
 

cofer123

Level 3
Thread author
Sep 7, 2021
134
I've ran some tests with trusted addresses and it works as expected.

This is what YouTube looks like with default settings on Firefox:
1699386849630.png


And after adding it as a Trusted Address in Kaspersky:
1699386796474.png


The MITM scanning doesn't even trigger for these sites, and the speed difference is there. Pages open fast and are snappy as if HTTPS scanning was disabled globally.

Now going a bit off-topic, but does anyone know if this degree of control is also possible on Eset? I've written a review a few months ago where I reported issues with some sites randomly breaking layout/images, and lately I've identified that it's because of its HTTPS scanner. I've tried adding addresses to Eset's excluded content scan list, but it still seems to MITM connections and change certificates.
 
Last edited:

Ink

Administrator
Verified
Jan 8, 2011
22,490
IMO, it is safe to turn off HTTPS scanning.

For reference, Need Advice - Does Windows Defender does HTTPS scanning?
Not to forget the billions of phone devices without any sort of HTTPS scanning interference.

Browsers are very secure these days, and include a few passive features such as Google Safe Browsing. The rest of things are easy to maintain:
  • Keep your OS up-to-date
  • Regular checks on Browser updates (preferably latest stable builds)
  • Must use a content-blocker (ie. AdGuard Ad-Blocker, uBlock Origin)
  • Optional use of security extensions (ie. Malwarebytes Browser Guard) -- if compatible.
  • Optional use of DNS-based content filtering (ie. NextDNS)
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Now going a bit off-topic, but does anyone know if this degree of control is also possible on Eset?
Yes, it's possible. For Kaspersky and other products, adding sites to trusted list means that it won't block the site even if it's malware as well as not do HTTPS scanning. But if I remember correctly, for ESET you can do the above while there's also an option to make ESET not decrypt HTTPS traffic for specific sites without putting them to whitelist. That's how to do it.
1699437866932.gif
 

cofer123

Level 3
Thread author
Sep 7, 2021
134
Yes, it's possible. For Kaspersky and other products, adding sites to trusted list means that it won't block the site even if it's malware as well as not do HTTPS scanning. But if I remember correctly, for ESET you can do the above while there's also an option to make ESET not decrypt HTTPS traffic for specific sites without putting them to whitelist. That's how to do it.
View attachment 279607
Thanks, that's what I was looking for.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
In Kaspersky, You can only exclude sites only for HTTPS:

View attachment 279608
This puts them on whitelist/trusted list resulting in not dong HTTPS scanning also as a bonus. It's different from what I showed above for ESET that exclude sites from HTTPS scanning only (decrypt the connection to scan website content) without putting them into trusted/whitelist.
 

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,908
Hum I'm not sure, it's a separated list of Trusted URLs in module Safe Browsing...

1699696197685.png


1699696160232.png

If You add one URL in one of the those lists, did not appear in the other...

Also, when You add a full URL in 1st one (Encrypted connections), automatically it only adds main domain, not the full URL as it does Safe Browsing Trusted URLs option.

I guess not exactly the same...🤔
 

Bot

AI-powered Bot
Apr 21, 2016
4,362
One of the main "issues" I have had with Kaspersky is that it always slows down page loading. It's a small difference, but noticeable, and sometimes even annoying, since page loading doesn't behave as snappy as with Defender or Eset. However, after recently experimenting with HTTPS scanning disabled, Kaspersky behaves just as fast as if it wasn't there.

But what is the cost of having that disabled? Can other of Kaspersky's modules make up for losing that layer of defense? Anyone has experimented this before?
Disabling HTTPS scanning in Kaspersky can improve page loading speed, as you have observed. However, it is important to understand the potential consequences of disabling this feature.

HTTPS scanning is designed to inspect encrypted connections for potential threats or malicious content. By disabling it, you may be limiting Kaspersky's ability to detect certain types of malware or protect against phishing attacks that are transmitted over encrypted connections.

While other modules in Kaspersky's security suite can provide additional layers of defense, such as real-time scanning, firewall protection, and behavior monitoring, it is worth noting that HTTPS scanning adds an extra level of security.

Ultimately, the decision to disable HTTPS scanning should be based on your individual risk tolerance and the importance you place on page loading speed versus enhanced security. If you engage in safe browsing practices and visit trusted websites, the risk may be minimal. However, if you frequently visit unfamiliar or potentially risky websites, it may be advisable to keep HTTPS scanning enabled for enhanced protection.
 
  • +Reputation
  • Applause
Reactions: Nevi and vtqhtr413

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
Hum I'm not sure, it's a separated list of Trusted URLs in module Safe Browsing...

View attachment 279669

View attachment 279668

If You add one URL in one of the those lists, did not appear in the other...

Also, when You add a full URL in 1st one (Encrypted connections), automatically it only adds main domain, not the full URL as it does Safe Browsing Trusted URLs option.

I guess not exactly the same...🤔
I just did a test, and they are different indeed. I was only partially right.

1) The Trusted Address option in the network settings put the sites completely in whitelist so, No detection even if malware + No HTTPS scanning. If you check the website's certificate, then it's not Kaspersky, it's the actual certificate used by the site. This is equivalent to ESET's whitelist option.

2) The option "Do not scan web traffic from trusted URLs" available in Safe Browsing option means, No detection even if it's malware + HTTPS scanning. So Kaspersky still decrypt the connection to scan. If you check the website's certificate, then it's Kaspersky's. It is kind of equivalent to ESET's "Found malware is ignored" option. With this option, you would still have the performance impact caused by HTTPS scanning. Without going into full details, ESET's equivalent option more useful, capable and makes more sense than this one.

So still what I initially said is not seems to be present in Kaspersky that is present in ESET and that is only ignore HTTPS scanning but still block the site if available on their blacklist. So Kaspersky has two ways to whitelist, ESET has three, and ESET's number 2 is more useful than Kaspersky's number 2. I can explain why if required in another topic/comment.
 

Virtuoso

Level 3
Well-known
Feb 21, 2022
109
This browsing speed slow-down is the reason why I can never settle on Kaspersky and I also prefer not to disable a product's core protection feature. Without it Kaspersky would miss infected javascripts, infected html, malicious redirects, etc. Sometimes, some remnants can even remain on browser cache without detection. But of course if you don't visit suspicious sites, then that's not a problem. If you do online shopping then you should enable it when you do because lately seeing a lot of smaller shopping sites getting infected via stealer malware that can't be detected without the HTTPS scanning feature.

How about selecting the middle option: "Scan encrypted connections upon request from protection components." Maybe this will resolve the problem.
 
  • Like
Reactions: vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top