kav 2009 & root certificates problem

Discussion in 'other anti-virus software' started by peter7769, Jan 31, 2009.

Thread Status:
Not open for further replies.
  1. peter7769

    peter7769 Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    31
    Dear all
    I hope someone can help, over the past week or so i have noticed that kav has started asking me to confirm or deny certificates, most of the time they seem to be Microsoft certificates that have expired, for example, every time i start outlook 2007, it asks me to confirm the certificate for CONTACTS.MSN.COM if i view the certificate it tells me that it ran from 24/01/2008 to 23/01/2009, this seems to be the same for all the ms certificates, i also get a warning about certificates when i use windows update. I can get round it by turning off the scan encrypted connections on the network option screen, but i use this to scan my gmail so i dont really want to turn this off.

    Please can someone help as these pop ups from kav are starting to drive me nuts.

    I am using xp sp2, with kav 2009 version 8.0.0.506

    Thanks

    Pete

    P.s i have checked windows update on the custom settings and the only thing that i haven't installed is net framework 3.5, but i don't think that's the problem.
     
  2. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Try to add applications other than that you use to login to gmail to Trusted Zone...
    Settings > Threats&Exclusions > TrustedZone > TrustedApplication > Add...
    tick "Do not scan network traffic" and ensure it says "do not scan encrypted network traffic" (or toggle it so it says "encrypted")
     
  3. peter7769

    peter7769 Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    31
    Thanks for that, i have added outlook to the list of trusted applications and the certificate message has gone ;-) , i take it that my incoming e-mails will still be scanned??, also how can i get around the windows update certificate, surely if i add ie7 to the list then nothing is going to get scanned??

    Thanks again

    Pete
     
  4. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    If you selected "encrypted", the only emails comming via SSL will be skipped - all other emails will be scanned.
    File-AV and Application Filter will still intercept malware as per usual if you run it.

    I just tried to enable Kaspersky's scanning of encrypted connections now (never use it), but it seems to work without any alerts on Windows Updates.
    Try in Kaspersky to click Settings > Network > Install Certificate > Install Certificate > Next > Next > Finish > OK > OK.
    Then click Threats And Exclusions > Trusted Zone > Trusted Applications
    svchost.exe should be there and ticked as default. If its not there, add it again, someone may have removed it by accident.
    The rule should be as shown below:
    z.PNG

    If there are any other websites which are triggered and you want them to be skipped from kaspersky's scanning of encrypted connections, add a rule in Trusted Applications as follows:
    y.PNG
    Add the IP address of each website which triggers it and you want Kaspersky to skip from scanning encrypted connections.
     
  5. peter7769

    peter7769 Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    31
    Hi Again,
    Well thanks for all the suggestions, everything you have said is set up on my pc already, inc svchost.exe

    but what worries me is you say....

    "If you selected "encrypted", the only emails coming via SSL will be skipped - all other emails will be scanned."

    all my e-mails are via ssl as they are from gmail, so this means currently none of my e-mails are being scanned!!

    i just wish i could find out how to update the ms certificates and then everything would be back to normal

    Thanks again

    Pete

    P.s i have attached a screen shot that appears when i open outlook so you can see what i mean, i have also selected to view the certificate so you can see that also.
     

    Attached Files:

    Last edited: Feb 1, 2009
  6. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Try to click "install certificate" on the window on the left. and install Kaspersky's ceritificate

    And I presume you've already renewed Kaspersky's Certificate as shown below
    z.PNG
     
  7. peter7769

    peter7769 Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    31
    Hi Again :)

    Well my screen is slightly different as im using antivirus not internet security but yes i have done both those things already, but im still running into trouble, i have an e-mail in my inbox from Amazon, every time i open outlook it asks for permission for the certificate, yesterday it came up with an ip address so i added this to my trusted applications list under outlook, yet when i opened up outlook today it came up with the same message but a different ip address so i had to add that one, this is just getting crazy :(
     
  8. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
  9. peter7769

    peter7769 Registered Member

    Joined:
    Oct 31, 2007
    Posts:
    31
    Thanks for all your advice, i have already posted the problem on the kaspersky forum so i will wait and see, their advice to other people is to turn off scanning of encrypted pages (https), may be i will just give that a try, at least then my gmail should still be scanned ;)

    Pete
     
Loading...
Thread Status:
Not open for further replies.