Please help us test a new feature on the release version of Kaspersky MR20.
-
Hello! Colleagues ask for help testing a new feature for traffic checking without changing certificate - SuperMITM , on the release product MR20.
You will only need to enable the functionality in the registry, and then continue using the browser as before. After enabling SuperMITM, the product will no longer check the validity of site certificates in the browser, this check will be performed by the browser itself.
In case of any problems with video, downloading files, opening pages, please create a report with the MITM mark in the MR21 Traffic checking section. (Please collect traces from the start of the product.)
Attention:
This functionality only works for Chrome and FireFox browsers, there is no impact on any applications.How to enable SuperMITM
- Disable self-defense
- Unload the product
- In the registry, in the branch HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\AVP21.20\environment add the string value component.tp.protocollers.ssl.enable_supermitm = 1
- Launch the product
- Enable self-defense and reboot the PC
-
i love you sooooooooooo much
will test tonight -
Hum in 21.20 but not in 21.21? 🤔
Does this work also in KES 12.8?
-
Hello Dmitriy~~
I have tested this function and it looks alright.
my test machine:
ThinkPad T490 with 64bit windows 10 Pro 22H2 19045.2965 (will test win11 later)
K Standard zh-cnbut why Edge not supported?
and also there are many third party not-well-known chrome-based broswers, K do not support them with MITM and https traffic scanning from the beginnig. I wish all https traffic could be scanned by this technology in the near future. After that there will be no broswer limitations. All broswer and all https traffic will be scanned. -
Hello Dmitriy~~
I have tested this function and it looks alright.
my test machine:
ThinkPad T490 with 64bit windows 10 Pro 22H2 19045.2965 (will test win11 later)
K Standard zh-cnbut why Edge not supported?
and also there are many third party not-well-known chrome-based broswers, K do not support them with MITM and https traffic scanning from the beginnig. I wish all https traffic could be scanned by this technology in the near future. After that there will be no broswer limitations. All broswer and all https traffic will be scanned.@xzz123 said in Please help us test a new feature on the release version of Kaspersky MR20.:
I have tested this function and it looks alright.
I have run more sofisticated test
which I download malicious file via chrome.
The result is that the original certificate not replaced and the malicious file is blocked by web-av.
"
事件: 检测到恶意对象
用户:????
用户类型: 发起者
应用程序名称: chrome.exe
应用程序路径: C:\Program Files\Google\Chrome\Application
组件: 安全浏览 safe broswering
结果描述: 检测到
类型: 木马
名称: HEUR:Backdoor.MSIL.XWorm.gen
精确度: 启发式分析 Heuristic
威胁级别: 高
对象类型: 文件
对象名称: 2.exe
对象路径: https://bbs.kafan.cn/forum.php?mod=attachment&aid=MzQ0ODEwNnwzZGFmMWNkNXwxNzQwMTI4MjAwfDk3NTc3MnwyMjc5MzY3//
对象的 MD5: D32B2CDCCEACD71FFA5039A0DC8E2D45
原因: 机器学习→reason: machine learnning
数据库发布日期: 今天,2025/2/21 下午3:03:00you can see from the log that https scanning without repalce certificate is accomplished. the malicious file with https was blocked.
-
It is normal that in general with FF, own certs are shown, but in Gloogle sites, it is still shown this: Verified by AO Kaspersky Lab ?
-
@Dmitriy-Pisarets sir,
I would like to report a possible conflict between K and Baidu search website (https://www.baidu.com/).
When I enable SuperMITM, Baidu site can not load properly using chrome. No effect to other unsupport broswer.
the main page and search result page will not open and chrome told me 'error, connection reset.'
please see my traces files with screen record in it.
https://cloud.qainfo.ru/index.php/s/z3AZBo0UdXiBkJN
the password for the link is 1234 -
Hum in 21.20 but not in 21.21? 🤔
Does this work also in KES 12.8?
@harlan4096 said in Please help us test a new feature on the release version of Kaspersky MR20.:
Offline
harlan4096
wrote about 9 hours ago
last edited by
#6
Hum in 21.20 but not in 21.21? 🤔Does this work also in KES 12.8?
Hello!
Nobody says that it doesn't work in 21.21, but we need data from MR20.
And it should work in KES 12.8 . -
Ok, then in KES 12.8 I guess it should be created here:
\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES.21.20\environment
Since I could not find a similar entry as in K21.20 🤔
-
Ok, I added that key in my main system with KES 12.8 here:
\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES.21.20\environment
And it seems it is working, now in my FF, when I check every secure connection info in every site, it shows the certifying entity, and not: Verified by AO Kaspersky Lab... BUT! still in some specific sites, such as all belonging to Google and others, it is showing the generic message: Verified by AO Kaspersky Lab... is this a normal behavior? 🤔
I tested also with KPremium 21.20, and same behavior...
-
In addition to what @harlan4096 mentioned about not changing the status of the certificate check in some sites, such as Google products, I got many server errors in many sites.
I also felt some slowdown in internet speed and ping rate -
In addition to what @harlan4096 mentioned about not changing the status of the certificate check in some sites, such as Google products, I got many server errors in many sites.
I also felt some slowdown in internet speed and ping rate@Darking said in Please help us test a new feature on the release version of Kaspersky MR20.:
In addition to what @harlan4096 mentioned about not changing the status of the certificate check in some sites, such as Google products, I got many server errors in many sites.
I also felt some slowdown in internet speed and ping rateHello!
-
Can you please choose 1 website with problem and collect traces from application start. And create a report?
-
About ping, can you please make video with proofs and examples? We will double check it in lab, but it shouldn't affect speed at all.
-
-
Ok, I added that key in my main system with KES 12.8 here:
\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\protected\KES.21.20\environment
And it seems it is working, now in my FF, when I check every secure connection info in every site, it shows the certifying entity, and not: Verified by AO Kaspersky Lab... BUT! still in some specific sites, such as all belonging to Google and others, it is showing the generic message: Verified by AO Kaspersky Lab... is this a normal behavior? 🤔
I tested also with KPremium 21.20, and same behavior...
@harlan4096 said in Please help us test a new feature on the release version of Kaspersky MR20.:
is this a normal behavior?
Hello!
No. But we got such reports and will inspect this issue.Register branch is OK.
-
@xzz123 said in Please help us test a new feature on the release version of Kaspersky MR20.:
I have tested this function and it looks alright.
I have run more sofisticated test
which I download malicious file via chrome.
The result is that the original certificate not replaced and the malicious file is blocked by web-av.
"
事件: 检测到恶意对象
用户:????
用户类型: 发起者
应用程序名称: chrome.exe
应用程序路径: C:\Program Files\Google\Chrome\Application
组件: 安全浏览 safe broswering
结果描述: 检测到
类型: 木马
名称: HEUR:Backdoor.MSIL.XWorm.gen
精确度: 启发式分析 Heuristic
威胁级别: 高
对象类型: 文件
对象名称: 2.exe
对象路径: https://bbs.kafan.cn/forum.php?mod=attachment&aid=MzQ0ODEwNnwzZGFmMWNkNXwxNzQwMTI4MjAwfDk3NTc3MnwyMjc5MzY3//
对象的 MD5: D32B2CDCCEACD71FFA5039A0DC8E2D45
原因: 机器学习→reason: machine learnning
数据库发布日期: 今天,2025/2/21 下午3:03:00you can see from the log that https scanning without repalce certificate is accomplished. the malicious file with https was blocked.
@xzz123 said in Please help us test a new feature on the release version of Kaspersky MR20.:
The result is that the original certificate not replaced and the malicious file is blocked by web-av.
Hello! Blocking is OK. We should still check malicious files.
Is your post "everything ok, I had checked"
or there is question I had missed? -
Hello Dmitriy~~
I have tested this function and it looks alright.
my test machine:
ThinkPad T490 with 64bit windows 10 Pro 22H2 19045.2965 (will test win11 later)
K Standard zh-cnbut why Edge not supported?
and also there are many third party not-well-known chrome-based broswers, K do not support them with MITM and https traffic scanning from the beginnig. I wish all https traffic could be scanned by this technology in the near future. After that there will be no broswer limitations. All broswer and all https traffic will be scanned.@xzz123 said in Please help us test a new feature on the release version of Kaspersky MR20.:
but why Edge not supported?
Edge support is in progress, it should be already added to MR21 beta builds.
-
I'm getting this random error :
::::::::::::::::::::::::::::::
An error has occurred while connecting to www.speedtest.net. PR_END_OF_FILE_ERRORError code: PR_END_OF_FILE_ERROR
The page you are trying to view cannot be displayed because the authenticity of the data received could not be verified.
Please contact the website owners to inform them of this problem.
::::::::::::::::::::::::::::::In KES 12.8 + FF since I add that registry key, and using at the same time Kaspersky VPN 21.20, if I click in Retry, then site loads... I get this issue randomly and not always on the same page 🤔
-
@xzz123 said in Please help us test a new feature on the release version of Kaspersky MR20.:
The result is that the original certificate not replaced and the malicious file is blocked by web-av.
Hello! Blocking is OK. We should still check malicious files.
Is your post "everything ok, I had checked"
or there is question I had missed?@Dmitriy.Pisarets said in Please help us test a new feature on the release version of Kaspersky MR20.:
or there is question I had missed?
no more problem, sir
except those I already reported in MR21 traffic checking section. -
I'm getting this random error :
::::::::::::::::::::::::::::::
An error has occurred while connecting to www.speedtest.net. PR_END_OF_FILE_ERRORError code: PR_END_OF_FILE_ERROR
The page you are trying to view cannot be displayed because the authenticity of the data received could not be verified.
Please contact the website owners to inform them of this problem.
::::::::::::::::::::::::::::::In KES 12.8 + FF since I add that registry key, and using at the same time Kaspersky VPN 21.20, if I click in Retry, then site loads... I get this issue randomly and not always on the same page 🤔
@harlan4096 said in Please help us test a new feature on the release version of Kaspersky MR20.:
Error code: PR_END_OF_FILE_ERROR
Hello!
Can you please try to reproduce it with traces and make a report? -
@harlan4096 said in Please help us test a new feature on the release version of Kaspersky MR20.:
Error code: PR_END_OF_FILE_ERROR
Hello!
Can you please try to reproduce it with traces and make a report?The problem is that it is a random issue, and I never know when I will get it and with what URL 🤔
For example, today I did not still get it in any URL so far...
-
@Darking said in Please help us test a new feature on the release version of Kaspersky MR20.:
In addition to what @harlan4096 mentioned about not changing the status of the certificate check in some sites, such as Google products, I got many server errors in many sites.
I also felt some slowdown in internet speed and ping rateHello!
-
Can you please choose 1 website with problem and collect traces from application start. And create a report?
-
About ping, can you please make video with proofs and examples? We will double check it in lab, but it shouldn't affect speed at all.
@Dmitriy.Pisarets
I apologize for the delay in responding. I am a basic user and have no experience in sending and troubleshooting bug reports. I just wanted to share my experience with this wonderful feature -
