How to configure asuswrt merlin to block any traffic to gc.kis.v2.scr.kaspersky-labs.com?

StrikerXXX

Occasional Visitor
Hello guys! Friends, I need to block any traffic to this address, gc.kis.v2.scr.kaspersky-labs.com. This link refers to the infamous javascript that kaspersky plus installs in browsers.

I went to test Kaspersky Plus, to see if it had improved a little due to the fact that it is super intrusive, I was wrong, it is worse than before.

I removed it, formatted windows and did a fresh install. But I used a copy of my browser's profile, so I didn't have to reconfigure everything again. The problem that several sites I try to access keep trying to access this gc.kis.v2.scr.kaspersky-labs.com, causing terrible slowdowns on the sites, it's horrible.

I'm using a palliative solution, which was to add 0.0.0.0 gc.kis.v2.scr.kaspersky-labs.com, in the windows hosts file, thus blocking any call to this script, but I prefer to block gc.kis. v2.scr.kaspersky-labs.com directly on the router. How do I set this up in merlin?
 

ColinTaylor

Part of the Furniture
I'm using a palliative solution, which was to add 0.0.0.0 gc.kis.v2.scr.kaspersky-labs.com, in the windows hosts file, thus blocking any call to this script, but I prefer to block gc.kis. v2.scr.kaspersky-labs.com directly on the router. How do I set this up in merlin?
Do the same but put it in /jffs/configs/hosts.add. Make sure custom scripts are enabled in the GUI.

This technique won't work for devices that don't use the router for their DNS. You can use DNSFilter to try and prevent that happening. Also, set "Prevent client auto DoH" under WAN - Internet Connection to Yes.
 
Last edited:

StrikerXXX

Occasional Visitor
Do the same but put it in /jffs/configs/hosts.add. Make sure custom scripts are enabled in the GUI.

This technique won't work for devices that don't use the router for their DNS. You can use DNSFilter to try and prevent that happening. Also, set "Prevent client auto DoH" under WAN - Internet Connection to Yes.
Thanks for the info, it's helping me a lot. The hosts.add and Prevent client auto DoH part has already been configured as explained by you. But I don't know how to do it in the dnsfilter part, could you explain how I configure it?
 

ColinTaylor

Part of the Furniture
But I don't know how to do it in the dnsfilter part, could you explain how I configure it?
This:
Untitled.png
 

SomeWhereOverTheRainBow

Part of the Furniture
Keep in mind, this method previously described only blocks the dns resolvability of the address. However, it does not block a direct connect possibility to ip addresses associated with the same address. Example, let's say client cannot use gc.kis.v2.scr.kaspersky-labs.com to establish connection, but it already knows the ip address associated with the hostname; then, it will be able to directly connect via those ip addresses. For this, I would also recommend a firewall traffic gatekeeper such as skynet, unless you know how to add the firewall block rules your self.
 
Last edited:

drinkingbird

Very Senior Member
Hello guys! Friends, I need to block any traffic to this address, gc.kis.v2.scr.kaspersky-labs.com. This link refers to the infamous javascript that kaspersky plus installs in browsers.

I went to test Kaspersky Plus, to see if it had improved a little due to the fact that it is super intrusive, I was wrong, it is worse than before.

I removed it, formatted windows and did a fresh install. But I used a copy of my browser's profile, so I didn't have to reconfigure everything again. The problem that several sites I try to access keep trying to access this gc.kis.v2.scr.kaspersky-labs.com, causing terrible slowdowns on the sites, it's horrible.

I'm using a palliative solution, which was to add 0.0.0.0 gc.kis.v2.scr.kaspersky-labs.com, in the windows hosts file, thus blocking any call to this script, but I prefer to block gc.kis. v2.scr.kaspersky-labs.com directly on the router. How do I set this up in merlin?

You can also use the URLFilter in the firewall, which should block more than just DNS resolution, and is pretty easy to set up via the GUI. It lets you use keywords so you can filter more than just one site too.

Just tested it, it blocks everything, can't even do a DNS lookup for whatever is blocked.

Obviously as mentioned this only blocks stuff accessing via URL and not IP but that should take care of your issue since I doubt Kaspersky is using hardcoded IPs.

But personally I would want to find and remove whatever is still making calls to that - since blocking it may just slow things down even more.
 

StrikerXXX

Occasional Visitor
Keep in mind, this method previously described only blocks the dns resolvability of the address. However, it does not block a direct connect possibility to ip addresses associated with the same address. Example, let's say client cannot use gc.kis.v2.scr.kaspersky-labs.com to establish connection, but it already knows the ip address associated with the hostname; then, it will be able to directly connect via those ip addresses. For this, I would also recommend a firewall traffic gatekeeper such as skynet, unless you know how to add the firewall block rules your self.

Thanks for the information, especially about skynet. But installing skynet would be too complicated? I used openwrt on my 3g router for some time, I think I can gradually learn how skynet works. Is there any tutorial on the forum teaching him step by step in the installation and configuration part?

You can also use the URLFilter in the firewall, which should block more than just DNS resolution, and is pretty easy to set up via the GUI. It lets you use keywords so you can filter more than just one site too.

Just tested it, it blocks everything, can't even do a DNS lookup for whatever is blocked.

Obviously as mentioned this only blocks stuff accessing via URL and not IP but that should take care of your issue since I doubt Kaspersky is using hardcoded IPs.

But personally I would want to find and remove whatever is still making calls to that - since blocking it may just slow things down even more.

I'm using urlfilter as indicated by you, it works fine. I also wanted to remove everything that kaspersky plus installed in the browser, but from what I researched it would be very difficult to remove the injected scripts, I would need very advanced knowledge and I don't have that.

I'm almost considering even a clean install of the browser again, to see if with it clean these connections with gc.kis.v2.scr.kaspersky-labs.com are still established.
 

drinkingbird

Very Senior Member
Thanks for the information, especially about skynet. But installing skynet would be too complicated? I used openwrt on my 3g router for some time, I think I can gradually learn how skynet works. Is there any tutorial on the forum teaching him step by step in the installation and configuration part?



I'm using urlfilter as indicated by you, it works fine. I also wanted to remove everything that kaspersky plus installed in the browser, but from what I researched it would be very difficult to remove the injected scripts, I would need very advanced knowledge and I don't have that.

I'm almost considering even a clean install of the browser again, to see if with it clean these connections with gc.kis.v2.scr.kaspersky-labs.com are still established.

Guess there is a reason the US Government doesn't allow Kaspersky products on any of their stuff.....

The fact that it is so hard to remove means you should be even more concerned about removing it.
 

StrikerXXX

Occasional Visitor
Could I use nextdns to do this blocking? I pay his monthly subscription, I took a test just now. I added the gc.kis.v2.scr.kaspersky-labs.com address to the nextdns blacklist. I made the settings on the router to add the nextdns dns on it.

I removed the changes I had made to merlin, even the ones I made to the hosts file. I restarted the router and did the test, I entered the site that made the connection with gc.kis.v2.scr.kaspersky-labs.com, I checked the nextdns records and it showed blocked, it's working. Using nextdns blocking, I can enter the site almost instantly, I found blocking it much better than using merlin's options. Can I let nextdns do the blocking?

For me, it would avoid a lot of unnecessary work, because I have no knowledge about configuring scripts in merlin, messing with advanced things, like skynet would be complicated at the moment, see that I have no time, for taking treatments for my health, which is bad at the moment.
 

drinkingbird

Very Senior Member
Could I use nextdns to do this blocking? I pay his monthly subscription, I took a test just now. I added the gc.kis.v2.scr.kaspersky-labs.com address to the nextdns blacklist. I made the settings on the router to add the nextdns dns on it.

I removed the changes I had made to merlin, even the ones I made to the hosts file. I restarted the router and did the test, I entered the site that made the connection with gc.kis.v2.scr.kaspersky-labs.com, I checked the nextdns records and it showed blocked, it's working. Using nextdns blocking, I can enter the site almost instantly, I found blocking it much better than using merlin's options. Can I let nextdns do the blocking?

For me, it would avoid a lot of unnecessary work, because I have no knowledge about configuring scripts in merlin, messing with advanced things, like skynet would be complicated at the moment, see that I have no time, for taking treatments for my health, which is bad at the moment.

You don't need any of that. The URLFilter is a stock option configured via the GUI. No scripts or anything needed, and it protects a bit more than DNS based filtering does. You can block a keyword so you can block the entire kaspersky-labs domain or scr.kaspersky, etc, it is very flexible. Get rid of whatever custom stuff you've done, it isn't needed (you're welcome to continue using nextdns if you want, unrelated to this particular issue).

But again, you need to get rid of that process, just blocking it from working may just slow things down and who knows what is coded into it, it may have a backup method of connecting out.
 

ColinTaylor

Part of the Furniture
But again, you need to get rid of that process, just blocking it from working may just slow things down and who knows what is coded into it, it may have a backup method of connecting out.
I agree with this. Fix the cause of the problem, don't try to hide it.

@StrikerXXX Have you disabled Settings -> Additional -> Network -> Inject scripts into web traffic to interact with web pages ?

EDIT: Sorry, my mistake. I just remembered that you removed Kaspersky and reformatted Windows. Which browser did you import the profile for? Chrome?
 
Last edited:

StrikerXXX

Occasional Visitor
I agree with this. Fix the cause of the problem, don't try to hide it.

@StrikerXXX Have you disabled Settings -> Additional -> Network -> Inject scripts into web traffic to interact with web pages ?

EDIT: Sorry, my mistake. I just remembered that you removed Kaspersky and reformatted Windows. Which browser did you import the profile for? Chrome?

I use firefox, it was the one that imported the profile.
 

ColinTaylor

Part of the Furniture
I use firefox, it was the one that imported the profile.
Ah, OK. I don't use Firefox so I don't know how it stores its profile information. I would try this:

1. Look to see if you have any Kaspersky directories in C:\Program Files and delete them.
2. Use regedit to search through the registry for any references that contain "kaspersky" and delete them.

If that doesn't help I'd go to the Firefox profile directory and search all the files for any that contain "kaspersky". You might find that using the free version of Agent Ransack makes that easier. If you do find any files you'll have to use your judgement whether it's best to delete the entire file or just edit it.

 

StrikerXXX

Occasional Visitor
Ah, OK. I don't use Firefox so I don't know how it stores its profile information. I would try this:

1. Look to see if you have any Kaspersky directories in C:\Program Files and delete them.
2. Use regedit to search through the registry for any references that contain "kaspersky" and delete them.

If that doesn't help I'd go to the Firefox profile directory and search all the files for any that contain "kaspersky". You might find that using the free version of Agent Ransack makes that easier. If you do find any files you'll have to use your judgement whether it's best to delete the entire file or just edit it.

Thanks for the new information, I'll do that right now, I'm sure there are still remnants of kaspersky inside the firefox profile.
 

ColinTaylor

Part of the Furniture
Thanks for the new information, I'll do that right now, I'm sure there are still remnants of kaspersky inside the firefox profile.
I forgot to mention that you'll probably have to have Firefox closed while making any changes to avoid it recreating them.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top