Question Kaspersky without HTTPS Scanning - Still safe?

Please provide comments and solutions that are helpful to the author of this topic.

F

ForgottenSeer 100397

Kaspersky has been my go-to antivirus for years on two systems. I use the browser extension, but not HTTPS, Safe Money, or additional features. Kaspersky has always run smoothly for me, with no slowdowns. The only primary protections on these systems are Kaspersky and uBlock Origin. I believe that browser protection is sufficient, so I only use a security extension if the security software installed includes one.
 
Last edited by a moderator:

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,623
How about selecting the middle option: "Scan encrypted connections upon request from protection components." Maybe this will resolve the problem.
This middle option is the default settings.
An update:
I never bothered to install Kaspersky's Firefox add-on. However, upon installing it on Firefox, this page loading slowdown behavior disappears completely and Kaspersky behaves as fast as Eset even with HTTPS scanning enabled.

Does anyone have any idea why?
Interesting. Like I said in my earlier comment, if the extension is not installed, then browser have to wait for Kaspersky to inject a script into every webpage which in theory could take some additional time. I guess the lack of waiting with the extension installed increased your browsing speed. I never properly tested it as having the extension highly increases CPU usage of Kaspersky on some websites for me. But great to know that it helps with the speed. Try testing with and without the extension on multiple sites to be 100% sure, and let us know what you find. In AV-Tests, website loading section Kaspersky has always been one of the slowest. But maybe the performance has improved very recently.
 
Last edited:

cofer123

Level 2
Thread author
Sep 7, 2021
89
Yes, it's possible. For Kaspersky and other products, adding sites to trusted list means that it won't block the site even if it's malware as well as not do HTTPS scanning. But if I remember correctly, for ESET you can do the above while there's also an option to make ESET not decrypt HTTPS traffic for specific sites without putting them to whitelist. That's how to do it.
View attachment 279607
While I had this working for a few weeks without trouble, yesterday I noticed that one site where I had added a certificate scan exception updated its certificate, thus nullifying this configuration. Meanwhile, on the machine running Kaspersky, this continued to work since I could add the exception based on the URL, instead of the certificate.

Are you aware of any other way of configuring Eset so that I can add a URL to prevent HTTPS scanning?

I never properly tested it as having the extension highly increases CPU usage of Kaspersky on some websites for me. But great to know that it helps with the speed.
After running Kaspersky with Firefox and its extension for a few weeks, I can say it does speed things up compared to without the extension. I've also not observed any CPU usage spikes, so I can also say it's working properly.

However, Eset with HTTPS scanning is still faster than Kaspersky in a very noticeable way.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,623
Are you aware of any other way of configuring Eset so that I can add a URL to prevent HTTPS scanning?
Don't have ESET on my VM at the moment so unable to verify by myself. You may follow this guide. In the guide below it shows the method of putting addresses into "List of addresses excluded from content scan". Instead you put your sites in the "List of allowed address" section and see if it does what you're looking for.
I believe Kaspersky has more sophisticated technologies compared to ESET, which may cause slightly longer check times.
No, this is not related to more sophisticated technologies. Different engine, different technology, different filtering driver, different optimization many things can contribute to this. We can not know for sure. But in simple term, ESET's HTTPS scanning is more optimized for their product. Avast in my experience is the fastest at HTTPS scanning, then ESET then Kaspersky.
 

cofer123

Level 2
Thread author
Sep 7, 2021
89
Don't have ESET on my VM at the moment so unable to verify by myself. You may follow this guide. In the guide below it shows the method of putting addresses into "List of addresses excluded from content scan". Instead you put your sites in the "List of allowed address" section and see if it does what you're looking for.
[KB2960] Exclude a safe website from being blocked by Web Access Protection in ESET Windows home products
Thanks. Unfortunately, that doesn't exclude the url from being intercepted by the HTTPS scanner, as the certificate issuer changes to ESET's instead of the original provider.

I guess outside of the certificate rules section there's nothing else short of disabling HTTPS scanning altogether.
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,623
Thanks. Unfortunately, that doesn't exclude the url from being intercepted by the HTTPS scanner, as the certificate issuer changes to ESET's instead of the original provider.

I guess outside of the certificate rules section there's nothing else short of disabling HTTPS scanning altogether.
Yeah, that's what I thought too. I guess websites won't change certificates until it's near the expiry date.
 
F

ForgottenSeer 100397

No, this is not related to more sophisticated technologies. Different engine, different technology, different filtering driver, different optimization many things can contribute to this. We can not know for sure. But in simple term, ESET's HTTPS scanning is more optimized for their product. Avast in my experience is the fastest at HTTPS scanning, then ESET then Kaspersky.
I meant the sophisticated technologies you stated—different but intricate. And maybe Kaspersky is running more checks or seeking additional factors that could lead to a small decrease in performance. However, I agree with you; we cannot know for sure.
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
459
From 2017:


Users might be vulnerable while accessing secure HTTPS websites, and their antivirus is to blame. A thorough research, conducted by experts at Mozilla Firefox, Google, Cloudflare and three American universities, shows that several popular antivirus software “drastically reduce connection security” and expose users to decryption attacks. This isn't new by any means and the HTTPS interception technique used by anti-viruses has been the subject of debate for several years.

...

Meanwhile, our advice is to just disable the HTTPS scanning feature of your antivirus. This functionality contradicts the very idea of TLS/HTTPS point-to-point security and gives the users a false sense of security.

From 2023:


When accessing a HTTPS connection with an untrusted certificate, a security warning will still be displayed as long as the certificate is issued by a different issuer, known as "avast! Web/ Mail Shield Untrusted Root".

Therefore, there is no requirement to conduct a scan for disable HTTPS .

The 2017 study:


Advice given in the first link for Kaspersky products:

Settings > Additional > Network > Encrypted connections scanning > Do not scan encrypted connections

Note: By default it is scan encrypted connections upon request from security components which isn't so intrusive as with other products.
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
459
I forgot to add that the issue was also discussed here:


with references to browser extensions that might have similar issues.

Also, I'm not sure if the Kaspersky extension works with the free version of the AV because it remains de-activated with the latter. Given that, one will have to use extensions from other AV companies.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top