37
12
Since the installation of Kaspersky AntiVirus 2016 every website I visit contains this line in <head>:
<script type="text/javascript"
src="http://gc.kis.scr.kaspersky-labs.com/23A3B72C-FE8A-4F09-AD30-70296D9718F4/
main.js"
charset="UTF-8">
</script>
On every site, the same GIUD is used. How can I disable this behaviour?
The code is injected in SSL pages, too.
tjati
Posted 2015-10-04T09:21:52.690
Reputation: 569
42
There is a setting to disable script injection in the newest Kaspersky version (>16.0.1):
Settings -> Additional -> Network -> Inject scripts into web traffic to interact with web pages.
Alisa
Posted 2015-10-04T09:21:52.690
Reputation: 436
If you can't find it: Update 16.0.1 (Maintainance Release 1) is currently only available in English. – marcovtwout – 2016-02-22T13:55:49.917
Latest English version is 16.0.0.614abcd: https://i.imgur.com/EXkon6Q.jpg
1http://products.kaspersky-labs.com/english/homeuser/kav2016/ – Ramon Bakker – 2016-04-30T21:39:49.250
this did not do the trick and the script is yet injected on every web page – behz4d – 2016-11-03T14:21:42.560
@behz4d - You must be using a different version than the author. – Ramhound – 2017-11-08T13:55:45.087
10
I found a solution that worked for me:
Kaspersky application
Settings Page
select "Additional" section on left side
select "Network" settings
Monitored Ports
[ ] Monitor all network ports
[X] Monitor selected ports only Select...
Click the Select... link
Close the Network Ports window
Close the settings window
Restart your browsers...
bksi
Posted 2015-10-04T09:21:52.690
Reputation: 201
This one helps when using Kaspersky < 16.0.1 – thasmo – 2016-04-15T22:05:35.420
I have tried this solution in KIS 16 and it works after restarting the browser (chrome as well as firefox). Dont forget "Bottom of the list, UNCHECK Monitor all network ports...". This is the last time I bought this AV. – Stefan – 2016-10-27T09:12:42.183
8
you can add these to C:\Windows\System32\drivers\etc\hosts
0.0.0.0 gc.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Google Chrome
0.0.0.0 ff.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Mozilla Firefox
0.0.0.0 ie.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Internet Explorer
Behrouz.M
Posted 2015-10-04T09:21:52.690
Reputation: 271
Now you also need to add gc.kis.v2.scr.kaspersky-labs.com because instead of solving the problem, they clung to that suspicious practice and changed the script URLs. – RedGlyph – 2020-01-18T23:38:46.600
5
As a quick workaround you can just disable that host in hosts file.
Put
127.0.0.1 gc.kis.scr.kaspersky-labs.com
to
C:\Windows\System32\drivers\etc\hosts
You will need admin rights and maybe notepad++ to edit this file.
How it works
Kaspersky AV seem to transparent proxy the traffic. If they do that on https pages too this means that Kaspersky AV have also installed root certificate to your system.
By putting the line to hosts you are blocking the connection to that hosts, so JS file is not loading (but the code would still be on that page).
I am not familiar with Kaspersky AV options, but if there is no option in settings you'd better don't fight with software that you installed yourself on your pc. If you don't like it - change it, otherwise accept it.
Because even if you remove root certificate - the software would install it again. And I don't know the way how you can block transparent proxy if there is no such option in settings.
Also another tips:
I personally prefer old antivirus versions (with newest database updates of course), because they do only what they should do and nothing more. They are not uploading "suspicious" files to their servers and not injecting anything.
Also I recommend anyone to buy only "AntiVirus", but not "InternetSecurity" or something like that, because that things cost a lot, don't work, slows your browser, and sometimes do some really suspicious things.
POMATu
Posted 2015-10-04T09:21:52.690
Reputation: 203
I would just stay with 2015 unless there is another reason to get 2016. I usually wait until the beginning of the labelled year, which also allows for some patches to get released. Or ask them if it is possible to disable, though I imagine they would say "Sorry". – user3169 – 2015-10-05T03:24:21.453
4
I've found the source of these JS files. They are in plugins_facade.dll in Kaspersky dir. Just go ahead and delete the dll file. I did it and it worked!
Behrouz.M
Posted 2015-10-04T09:21:52.690
Reputation: 271
3
This worked for me!
In Kaspersky 16.0.0.614 select
Settings -> Additional -> Network -> Do not scan encrypted connections
AND make sure this option is checked
Monitor selected ports only
From the "Select..." option make ports 80/443 edit -> inactive
I had to make both these changes for it to work. Also make sure to restart the browser for the changes to take effect.
I couldn't find the 'Inject scripts into web traffic to interact with web pages' option which may be available in newer versions.
I wouldn't recommend the "hosts" solution since it doesn't stop the script from being injected in the first place which is the main problem for web developers.
dimpen
Posted 2015-10-04T09:21:52.690
Reputation: 31
1
I contacted customer support. They understood the concerns that web developers have with injected Javascript. They had no timeframe for a fix. I asked for and got a refund.
InterestedinTuscon
Posted 2015-10-04T09:21:52.690
Reputation: 19
2They have no timeframe for a fix == They're never going to fix this. Kaspersky stick its nose too deep in its customers' computers, and this way they lose customers, like you in this case. I once tried to completely uninstall all traces of Kaspersky and found it an impossible task. – Joris Groosman – 2015-11-07T19:33:54.217
1Heh. tldr: You can't for now and for the foreseeable future. Seems like a valid answer to me. – Journeyman Geek – 2015-11-07T23:02:27.303
-1
The easiest way to block these injection is to install a plugin called Privacy Badger.
loneranger
Posted 2015-10-04T09:21:52.690
Reputation: 99
It's not the easiest way. See the accepted answer for the proper solution. – DavidPostill – 2016-08-20T07:34:52.600
Please read How do I recommend software for some tips as to how you should go about recommending software. You should provide at least a link, some additional information about the software itself, and how it can be used to solve the problem in the question.
– DavidPostill – 2016-08-20T07:35:01.780
I wonder how Kaspersky Labs explain this... AntiVirus software became too much clever. BTW do they inject this on SSL pages too? – POMATu – 2015-10-04T09:40:59.677
2Yep, SSL pages are injected, too. – tjati – 2015-10-04T09:52:32.613
1Disable the option that protects SSL traffic, doing so, will likely also disable it modifying insecure traffic as well – Ramhound – 2015-10-04T12:28:26.360
This is either "SSL Inspection," or a Man-In-The-Middle (MiTM) attack, depending on how you feel about your AV seeing every password & credential you send over HTTPS. – Mac – 2018-05-29T12:23:51.933
But perhaps the most compelling reason to disable Kaspersky's scanning of encrypted connections is because it drops the connection down from TLS 1.3 to 1.2 – Mac – 2018-05-29T12:27:34.197