Question Kaspersky without HTTPS Scanning - Still safe?

Please provide comments and solutions that are helpful to the author of this topic.

Virtuoso

Level 3
Feb 21, 2022
100
Sorry didn't notice this at first. One of the easiest ways would be to search something like "Norton Crack" on Google and it will find many fake Norton craks. Most of the sites are blacklisted by most products. The site themselves usually don't contain any malware hence they are allowed by Google Safe Browsing, SmartScreen and may even bypass some AV product's blacklisting. So, it's safe to visit them on your main PC but preferably in browser's private/incognito mode.
Lately I'm staying away from ESET after realizing that it writes about 1.1 GB data on disk on each signature update.

Bitdefender has the same issue about signature update size, which Antivirus are you using now?
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,658
I had no idea of that, especially since their update files are usually so small.
Yeah, it's a strange one. The whole ESET product is less than 1 GB. Some things don't add up. I need to investigate further. Ignore my comment for now.
Bitdefender has the same issue about signature update size, which Antivirus are you using now?
Yes, Bitdefender writes about 400-500 if one update is missed, 800 if multiple updates are missed. I may have seen even F-Secure writing 400 MB in the past (with Avira engine). So, these values are probably more common than we realize for some products.
But most people probably won't care since modern SSDs have very high TBW values. Two best ways to reduce SSD writes IMO are turning off fast startup and moving web browser's cache to an HDD (if you have any) or to a RAM disk. This should save more than what AV products write.

Sorry guys @cofer123 @Virtuoso @Jonny Quest @mlnevese @roger_m @Gandalf_The_Grey @brambedkar59
Probably a false positive on the ESET data write info. On my VM it wrote about 400 MB. Something on my main PC caused it to write 1 GB. I should investigate and contact support if required to identify the root cause. Tagging you all since you liked my post and sharing a somewhat wrong (situational in this case) info is not my intention as it can damage a product's reputation.
 

Virtuoso

Level 3
Feb 21, 2022
100
Sorry guys @cofer123 @Virtuoso @Jonny Quest @mlnevese @roger_m @Gandalf_The_Grey @brambedkar59
Probably a false positive on the ESET data write info. On my VM it wrote about 400 MB. Something on my main PC caused it to write 1 GB. I should investigate and contact support if required to identify the root cause. Tagging you all since you liked my post and sharing a somewhat wrong (situational in this case) info is not my intention as it can damage a product's reputation.

It's ok, happens sometimes. Which Antivirus are you using now apart from ESET?
 

Jonny Quest

Level 17
Verified
Top Poster
Well-known
Mar 2, 2023
799
Sorry guys @cofer123 @Virtuoso @Jonny Quest @mlnevese @roger_m @Gandalf_The_Grey @brambedkar59
Probably a false positive on the ESET data write info. On my VM it wrote about 400 MB. Something on my main PC caused it to write 1 GB. I should investigate and contact support if required to identify the root cause. Tagging you all since you liked my post and sharing a somewhat wrong (situational in this case) info is not my intention as it can damage a product's reputation.
You're a class act to follow-up like that @SeriousHoax (y) No problem :)
 

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,658
Out of curiosity, a little off topic, what was annoying about Microsoft Defender?
Well like last month every time at system startup, it was notifying me that a threat was detected. If I click the notification or open Windows Security, then there was nothing there, nothing in protection history also. It was happening on every system startup and reboot. I was pretty sure that my system was not infected but of course it worried me a bit. Multiple second opinion scans didn't find anything. Thinking it was another Windows Security UI bug, I tried to delete files in "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service" which is a trick to delete Defender's protection history. In the past you could delete these just by turning off Tamper Protection but that doesn't work anymore. So, self-defense has improved, I guess. Deleted the files by rebooting to safe mode. Still one log file couldn't be deleted. Anyway, I rebooted my PC normally, same notification from MD but this time I could see what it has detected. It's an app from NirSoft Utillities named, "Wireless Network Watcher". This time MD detected and auto deleted it but of course not before I applied the trick of deleting protection history which not many people know about. I had a shortcut for it on start menu, that's why it could detect it at system startup even though I had it in my HDD drive. It's a helpful app that let me see what devices are connected to my network without having to log into the router. I can even name the devices whatever I wish. Nice little tool. Microsoft has recently added it to the PUP list something which ESET also has added to their secondary PUA detection. Maybe it was used in some attacks? But it's completely safe to use. Maybe you already know about it.
So, what if it was a real malware that MD could not delete for whatever bug that going on? Users could get infected.
Cloudflare Warp app runs with 3 seconds delay. I had to put the exe into exclusion to make it run fast. One portable downloader that I sometimes use still occasionally runs with 2-3 seconds delay even though I put it into exclusion. Lately even archives opened by 7zip beta opening after 2 seconds. There are some apps like this that I have to add to exclusion to make them run quickly which is not required for any other products except with F-Secure there was maybe still is an issue where it runs any unsigned app several seconds later after every signature update. MD also often deletes password malware zips downloaded from public malware sharing sites which is frustrating.
So, there goes my list of annoyance with Microsoft Defender.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,823
Well like last month every time at system startup, it was notifying me that a threat was detected. If I click the notification or open Windows Security, then there was nothing there, nothing in protection history also. It was happening on every system startup and reboot. I was pretty sure that my system was not infected but of course it worried me a bit. Multiple second opinion scans didn't find anything. Thinking it was another Windows Security UI bug, I tried to delete files in "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service" which is a trick to delete Defender's protection history. In the past you could delete these just by turning off Tamper Protection but that doesn't work anymore. So, self-defense has improved, I guess. Deleted the files by rebooting to safe mode. Still one log file couldn't be deleted. Anyway, I rebooted my PC normally, same notification from MD but this time I could see what it has detected. It's an app from NirSoft Utillities named, "Wireless Network Watcher". This time MD detected and auto deleted it but of course not before I applied the trick of deleting protection history which not many people know about. I had a shortcut for it on start menu, that's why it could detect it at system startup even though I had it in my HDD drive. It's a helpful app that let me see what devices are connected to my network without having to log into the router. I can even name the devices whatever I wish. Nice little tool. Microsoft has recently added it to the PUP list something which ESET also has added to their secondary PUA detection. Maybe it was used in some attacks? But it's completely safe to use. Maybe you already know about it.
So, what if it was a real malware that MD could not delete for whatever bug that going on? Users could get infected.
Cloudflare Warp app runs with 3 seconds delay. I had to put the exe into exclusion to make it run fast. One portable downloader that I sometimes use still occasionally runs with 2-3 seconds delay even though I put it into exclusion. Lately even archives opened by 7zip beta opening after 2 seconds. There are some apps like this that I have to add to exclusion to make them run quickly which is not required for any other products except with F-Secure there was maybe still is an issue where it runs any unsigned app several seconds later after every signature update. MD also often deletes password malware zips downloaded from public malware sharing sites which is frustrating.
So, there goes my list of annoyance with Microsoft Defender.
Reminds me of the time last year it deleted everybody’s links on the status bar or whatever. It was the one time recently I wasn’t using MS Defender. Your problems actually sound a bit disconcerting as I just saw a similar complaint of a mysterious warning on Reddit (it wasn’t you).
 
Last edited:
A

Azazel

If I disable Kaspersky's HTTPS Scanning would my PC be vulnerable or have similar protection with defender who doesn't have any HTTPS Scanning.
 

likeastar20

Level 8
Verified
Mar 24, 2016
369
As long as Kaspersky developers insist on injecting scripts into web pages as a fallback for the scenario where the user rejected installing their extensions, protecting access to their internal API seems to be a lost cause. They appear to have come to the same conclusion, so they don’t even try. Instead, they try to protect the more powerful API calls which are used exclusively by browser extensions. This still leaves way too much functionality accessible to web pages however.

Especially the out-of-bounds read vulnerability is troubling. This particular vulnerability “only” seems to have the potential to crash the application, something that leaves users without antivirus protection. But I noticed large chunks of code using data structures without built-in memory safety there. Much of that code is accessible to web pages, thanks to the issues described here, and it is reasonable to expect more memory safety issues to pop up.

By now I’ve looked into a bunch of other antivirus solutions already (F-Secure, McAfee, Norton, Avast/AVG). All of them rely exclusively on browser extensions for the “web protection” component. Maybe Kaspersky is so attached to scripts injected directly into web pages because these are considered a distinguishing feature of their product, it being able to do its job even if users decline to install extensions. But that feature also happens to be a security hazard and doesn’t appear to be reparable. So I can only hope that they will eventually come around and get rid of it.
2018-12-21: Sent three reports on API hijacking via Kaspersky bug bounty program: affecting injected scripts, Internet Explorer extension and Chrome/Firefox extension respectively.
2018-12-24: Kaspersky confirmed the vulnerabilities and stated that they were working on a fix.
2019-07-29: Kaspersky marked the issues as resolved.
2019-07-29: Requested the reports to be disclosed.
2019-08-05: Kaspersky denied disclosure request, stating that users needed time to update from older versions. Additional discussion results in “around November” being given as a timeline.
2019-08-19: Sent two more reports to Kaspersky via email: internal API still accessible to web pages and leaking private information, and denial-of-service attacks possible by passing invalid URLs. Disclosure deadline: 2019-11-25.
2019-08-19: Notified Kaspersky that I plan to publish a blog post covering older issues on 2019-11-25.
2019-08-19: Kaspersky confirmed receiving the new reports, promising further communication after the initial analysis is complete (that communication never happened).
2019-08-23: Sent a follow-up email noting that the internal API can also be misused in various ways, such as manipulating ad blocking configuration.
2019-11-07: Kaspersky notified me about the issues being resolved in 2019 (Patch I) as well as 2020 (Patch E) family of products.
2019-11-15: Evaluated the fixes and notified Kaspersky about the incomplete crash fix.
2019-11-20: Kaspersky notified me about an upcoming patch to fix the crash completely, supposed to become available by 2019-11-28.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top