Windows 10 News and info | Forum
May 21, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Kaspersky AV Having Certificate Conflicts with Google Chromecast  (Read 65 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30029


I Do Windows


WWW Email
« on: March 01, 2019, 01:52:25 PM »
ReplyReply



Users of Kaspersky Antivirus have been complaining since the end of January that when they open Chrome Kaspersky displays numerous alerts stating that there is a problem with a self-signed certificate. It turns out this is being caused by a conflict with a Chromecast device on their network that they may not know even existed.

These alerts state that Kaspersky "Cannot guarantee the authenticity of the domain to which encrypted connection is established" and are due to a "Self-signed certificate" as shown below.


Kaspersky Alert

These errors are being displayed by Kaspersky's engine that allows it to scan encrypted SSL traffic for malicious content.

In a new Chromium bug report opened today, a Google employee states that there has been an increase in Chromecast discovery issues from Windows users and that it appears to be related to antivirus software.

"There's been a sudden increase in device discovery reports," states the bug report. "Reviewing the reports indicated that it's common on the Windows platform. And reviewing of the logs show a commonality of cast channel authentication errors, which can often be attributed to Anti Virus/security software."

When investigating further, he noted that Kaspersky users have been complaining about these problems since the end of January, which appears to be the same period that the Chromecast discovery reports started to increase. Google has stated that they have reached out to Kaspersky to resolve the issue.

To test this, BleepingComputer fired up a virtual machine and installed a free trial of Kaspersky Total Security. After being installed, I opened Chrome and was immediately greeted with the same error that the Kaspersky users have been seeing.


Caption

Not only was I greeted with this error once, but I was shown it multiple times as can be seen by the Kaspersky report below.


Invalid Self-Signed Certificate Errors

When reviewing the 12 page topic in the Kaspersky forums, multiple users reported this started happening after upgrading to Chrome 72 and appears to be a conflict between Chromecast and the antivirus software's SSL scanning engine.

To resolve this, users have discovered they can either disable SSL scanning or find the IP address for the Chromecast device and add it as an exclusion to the SSL scanning.

In order to properly protect your computer, it is not suggested that SSL scanning be disabled. Instead, users should follow the below steps to exclude the offending IP addresses from SSL scanning:

1. Open the main Kaspersky interface and select More Tools -> My Network -> Network Monitor

2. When the Network Monitor is opened, click on the Port column header to sort by the port.

3. Look through each row and write down any IP address that is using port 8009.  You can see multiple devices on my network below that are using this port.


Kaspersky Network Monitor

4. After writing down each IP address, close the Network Monitor and click on the gear to open Kaspersky's Settings. Then click on Additional -> Threats and Exclusions -> Specify trusted applications -> Add -> Click on the search icon in the upper right corner -> type Chrome - Now double-click on Google Chrome in the search results.

5. Click on "Do not scan all traffic" option and select "Do not scan encrypted traffic" as shown below.


Changing Traffic Scanning Option

6. Now put a checkmark in "Only for specified IP addresses" and then enter the IP addresses you wrote down in step 3. If you have multiple IP addresses, make sure to enter each one separated by a space.

7. Now put a checkmark in "Only for specified ports" and enter 8009.

8. When done, your screen should look like below.


Chromecast excluded in Kaspersky

9. When ready, click Save.

You should no longer receive the self-signed certificate errors from Kaspersky when you open Chrome. With Google reaching out to Kaspersky to resolve this issue, you will hopefully be able to revert these changes soon.

But I don't have Chromecast!

Now you may be saying, "But I do not have Chromecast on my network!". I said the same thing until I followed the above steps and found out that I actually had multiple devices that support Chromecast.

New SmartTVs now have ChromeCast built into them so that you can cast to them from your browser or other compatible devices. I had not known that my Vizio TV supported Chromecast, which I now know I can see by clicking on the Chrome menu and selecting Cast.



What is causing these errors is a hidden Chrome extension called Chrome Media Router that automatically scans a network for Chromecast devices when the browser starts.

This causes Kaspersky's SSL scanning engine to kick in and give the errors about the self-signed SSL certs. If you have multiple Chromecast devices on your network, you will see even more of these alerts as each Chromecast device is discovered.

Hopefully, now that Google and Kaspersky are working on this, the issue will soon be a thing of the past.

source
« Last Edit: March 01, 2019, 01:55:08 PM by javajolt » Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page May 08, 2019, 11:14:58 PM