Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
kaspersky_ssl [2017/08/31 09:35]
eServices Greece
kaspersky_ssl [2017/08/31 12:28] (current)
eServices Greece
Line 1: Line 1:
 {{tag>security kav kaspersky antivirus}} {{howhard>1}} {{tag>security kav kaspersky antivirus}} {{howhard>1}}
 ===== Kaspersky Antivirus SSL Interception ===== ===== Kaspersky Antivirus SSL Interception =====
-KAV has a "feature" that will intercept all <wrap em>https://.</wrap> traffic so that it can inspect it. In order to do that it essentially breaks the secure path between your client and the web service you visit by in effect doing a MITM "attack". Your client will always see the KAV SSL certificate (which has an expiration date of decades in the future...) and your "secure" connection will effectively be proxied by the Antivirus to the site. Excluding all the **severe** security implications this will also not allow you to inspect the actual sites certificate.+KAV has a "feature" that will intercept all <wrap em>https://.</wrap> traffic so that it can inspect it. In order to do that it essentially breaks the secure path between your client and the web service you visit by in effect doing a MITM "attack". Your client will always see the KAV SSL certificate (which has an expiration date of decades in the future...) and your "secure" connection will effectively be proxied by the Antivirus to the site. Excluding all the **severe** security implicationsthis will also not allow you to inspect the actual sites certificate. 
 + 
 +==== Connection Flowchart ==== 
 +{{ :misc:ssl-normalvskav.png?nolink& |}} 
 +[[http://d.esgr.xyz/file/mo3lAmpoGd21iOf9/sjpoKIOh456jPs8b/ssl-normalvskav.svg|SVG]]
  
 ==== Disable SSL Interception ==== ==== Disable SSL Interception ====
 Right Click on the Icon in KAV on your taskbar -> Settings -> Additional -> Network -> Do not scan encrypted connections Right Click on the Icon in KAV on your taskbar -> Settings -> Additional -> Network -> Do not scan encrypted connections
  
 +{{ :misc:kav-ssl.jpg?nolink& |}}