Since the installation of Kaspersky AntiVirus 2016 every website I visit contains this line in <head>:
<script type="text/javascript"
src="http://gc.kis.scr.kaspersky-labs.com/23A3B72C-FE8A-4F09-AD30-70296D9718F4/
main.js"
charset="UTF-8">
</script>
On every site, the same GIUD is used. How can I disable this behaviour?
The code is injected in SSL pages, too.
I found a solution that worked for me:
Kaspersky application
Settings Page
select "Additional" section on left side
select "Network" settings
Monitored Ports
[ ] Monitor all network ports
[X] Monitor selected ports only Select...
Click the Select... link
Close the Network Ports window
Close the settings window
Restart your browsers...
you can add these to C:\Windows\System32\drivers\etc\hosts
0.0.0.0 gc.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Google Chrome
0.0.0.0 ff.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Mozilla Firefox
0.0.0.0 ie.kis.scr.kaspersky-labs.com # Kaspersky anti-injection for Internet Explorer
As a quick workaround you can just disable that host in hosts file.
Put
127.0.0.1 gc.kis.scr.kaspersky-labs.com
to
C:\Windows\System32\drivers\etc\hosts
You will need admin rights and maybe notepad++ to edit this file.
How it works
Kaspersky AV seem to transparent proxy the traffic. If they do that on https pages too this means that Kaspersky AV have also installed root certificate to your system.
By putting the line to hosts you are blocking the connection to that hosts, so JS file is not loading (but the code would still be on that page).
I am not familiar with Kaspersky AV options, but if there is no option in settings you'd better don't fight with software that you installed yourself on your pc. If you don't like it - change it, otherwise accept it.
Because even if you remove root certificate - the software would install it again. And I don't know the way how you can block transparent proxy if there is no such option in settings.
Also another tips:
I personally prefer old antivirus versions (with newest database updates of course), because they do only what they should do and nothing more. They are not uploading "suspicious" files to their servers and not injecting anything.
Also I recommend anyone to buy only "AntiVirus", but not "InternetSecurity" or something like that, because that things cost a lot, don't work, slows your browser, and sometimes do some really suspicious things.
I've found the source of these JS files. They are in plugins_facade.dll in Kaspersky dir. Just go ahead and delete the dll file. I did it and it worked!
This worked for me!
In Kaspersky 16.0.0.614 select
Settings -> Additional -> Network -> Do not scan encrypted connections
AND make sure this option is checked
Monitor selected ports only
From the "Select..." option make ports 80/443 edit -> inactive
I had to make both these changes for it to work. Also make sure to restart the browser for the changes to take effect.
I couldn't find the 'Inject scripts into web traffic to interact with web pages' option which may be available in newer versions.
I wouldn't recommend the "hosts" solution since it doesn't stop the script from being injected in the first place which is the main problem for web developers.
I contacted customer support. They understood the concerns that web developers have with injected Javascript. They had no timeframe for a fix. I asked for and got a refund.
The easiest way to block these injection is to install a plugin called Privacy Badger.
