Kaspersky AV Conflicts with Google Chromecast

Kaspersky

Since the end of January, Kaspersky Antivirus users have been complaining that when they open Chrome Kaspersky displays numerous alerts stating that a self-signed certificate is having a problem.

It turns out that this is caused by a conflict on their network with a Chromecast device that they may not even know existed. These alerts state that Kaspersky “cannot guarantee the authenticity of the domain to which the encrypted connection is established” is due to a “self-signed certificate,” as shown below.

kaspersky-warning

These errors are displayed by the engine of Kaspersky, which allows encrypted SSL traffic to scan for malicious content. In a new bug report opened today by Chromium, a Google employee says that Windows users have experienced an increase in Chromecast discovery problems and that it appears to be related to antivirus software.

“Reports of device discovery have suddenly increased,” the bug report states. “Reviewing the reports showed that it is common on the Windows platform.

And reviewing the logs shows a commonality of authentication errors in the cast channel, which can often be attributed to anti-virus / security software.”

In further investigation, he noted that Kaspersky users have complained about these problems since the end of January, which appears to be the same period as Ch. Google said they reached Kaspersky to solve the problem. BleepingComputer fired a virtual machine to test this and installed Kaspersky Total Security free trial.

Kaspersky cert

I opened Chrome after installation and was immediately welcomed with the same error that Kaspersky users saw.

Not only was I once welcomed with this error, but I have been shown several times as shown in the Kaspersky report below.

When reviewing the 12-page topic in the Kaspersky forums, several users reported that this started after upgrading to Chrome 72 and appear to be a conflict between Chromecast and the SSL scanning engine of the antivirus software.

To solve this, users have discovered that they can either deactivate SSL scanning or find the Chromecast device IP address and add it to the SSL scanning as exclusion. It is not suggested that SSL scanning be disabled to properly protect your computer.

Instead, users should follow the following steps to exclude SSL scanning from offending IP addresses:

  1. Open the main interface of Kaspersky and select More Tools – > My network – > Network Monitor
  2. Click on the port column header to sort by port when the network monitor is opened.
  3. Check each row and write down any IP address using port 8009. You can see several devices using this port on my network below.
  4. Close the Network Monitor after writing down each IP address and click on the gear to open the Settings of Kaspersky. Then click on Additional-> Threats and Exclusions-> Specify Trusted Applications-> Add-> Click on the search icon in the top right corner-> type Chrome-Now double-click on Google Chrome in the search results.
  5. Click “Don not scan all traffic” and select “Do not scan encrypted traffic
  6. Now insert a checkmark in “Specified IP addresses only” and enter the IP addresses you wrote in step 3. If you have multiple IP addresses, enter each space separated.
  7. Now insert a checkmark in “Specified ports only” and enter 8009.
  8. Click on save, that’s it

When you open Chrome, you should no longer receive Kaspersky’s self – signed certificate errors. With Google reaching out to Kaspersky to solve this problem, you can hopefully reverse these changes soon.

You might say, “But I don’t have Chromecast on my network!” I said the same thing until I followed the steps above and found out I actually had multiple Chromecast – supporting devices.

New SmartTVs have now included ChromeCast so you can cast them from your browser or other compatible devices. I didn’t know that Chromecast was supported by my Vizio TV, which I now know I can see by clicking the Chrome menu and selecting Cast.

What causes these errors is a hidden Chrome extension called the Chrome Media Router, which automatically scans a Chromecast device network when the browser starts.

This causes the SSL scanning engine of Kaspersky to kick in and give the self-signed SSL certs errors. If you have multiple Chromecast devices on your network, you will see more of these alerts when you discover each Chromecast device.

Now that Google and Kaspersky are working on this, hopefully, the problem will soon be a thing of the past.

Image credit : Kaspersky

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.