kav 2009 & root certificates problem

Dear all
I hope someone can help, over the past week or so i have noticed that kav has started asking me to confirm or deny certificates, most of the time they seem to be Microsoft certificates that have expired, for example, every time i start outlook 2007, it asks me to confirm the certificate for CONTACTS.MSN.COM if i view the certificate it tells me that it ran from 24/01/2008 to 23/01/2009, this seems to be the same for all the ms certificates, i also get a warning about certificates when i use windows update. I can get round it by turning off the scan encrypted connections on the network option screen, but i use this to scan my gmail so i dont really want to turn this off.

Please can someone help as these pop ups from kav are starting to drive me nuts.

I am using xp sp2, with kav 2009 version 8.0.0.506

Thanks

Pete

P.s i have checked windows update on the custom settings and the only thing that i haven't installed is net framework 3.5, but i don't think that's the problem.

 

Try to add applications other than that you use to login to gmail to Trusted Zone...
Settings > Threats&Exclusions > TrustedZone > TrustedApplication > Add...
tick "Do not scan network traffic" and ensure it says "do not scan encrypted network traffic" (or toggle it so it says "encrypted")

 

Thanks for that, i have added outlook to the list of trusted applications and the certificate message has gone ;-) , i take it that my incoming e-mails will still be scanned??, also how can i get around the windows update certificate, surely if i add ie7 to the list then nothing is going to get scanned??

Thanks again

Pete

 

If you selected "encrypted", the only emails comming via SSL will be skipped - all other emails will be scanned.
File-AV and Application Filter will still intercept malware as per usual if you run it.

I just tried to enable Kaspersky's scanning of encrypted connections now (never use it), but it seems to work without any alerts on Windows Updates.
Try in Kaspersky to click Settings > Network > Install Certificate > Install Certificate > Next > Next > Finish > OK > OK.
Then click Threats And Exclusions > Trusted Zone > Trusted Applications
svchost.exe should be there and ticked as default. If its not there, add it again, someone may have removed it by accident.
The rule should be as shown below:


If there are any other websites which are triggered and you want them to be skipped from kaspersky's scanning of encrypted connections, add a rule in Trusted Applications as follows:

Add the IP address of each website which triggers it and you want Kaspersky to skip from scanning encrypted connections.

 

Hi Again,
Well thanks for all the suggestions, everything you have said is set up on my pc already, inc svchost.exe

but what worries me is you say....

"If you selected "encrypted", the only emails coming via SSL will be skipped - all other emails will be scanned."

all my e-mails are via ssl as they are from gmail, so this means currently none of my e-mails are being scanned!!

i just wish i could find out how to update the ms certificates and then everything would be back to normal

Thanks again

Pete

P.s i have attached a screen shot that appears when i open outlook so you can see what i mean, i have also selected to view the certificate so you can see that also.

 

Try to click "install certificate" on the window on the left. and install Kaspersky's ceritificate

And I presume you've already renewed Kaspersky's Certificate as shown below

 

Hi Again

Well my screen is slightly different as im using antivirus not internet security but yes i have done both those things already, but im still running into trouble, i have an e-mail in my inbox from Amazon, every time i open outlook it asks for permission for the certificate, yesterday it came up with an ip address so i added this to my trusted applications list under outlook, yet when i opened up outlook today it came up with the same message but a different ip address so i had to add that one, this is just getting crazy

 

I'm not sure how to stop it (other than adding to exclusions or disableing SSL scanning of course), whereby incomming emails from gmail wont be scanned, but File-AV and ApplicationFilter will still alert you of any detected malware.

If you dont want to do that, you can wait for someone to reply here or ask at Kaspersky's forum or contact Kaspersky Support: http://www.kaspersky.com/support/personalcabinet or http://support.kaspersky.ru/helpdesk.html?LANG=en

 

Thanks for all your advice, i have already posted the problem on the kaspersky forum so i will wait and see, their advice to other people is to turn off scanning of encrypted pages (https), may be i will just give that a try, at least then my gmail should still be scanned

Pete