Why Kaspersky Causes TCP Timeout Errors in Chrome
Kaspersky Internet Security implements a TLS inspection engine that intercepts HTTPS connections to scan for malware. When Kaspersky’s TLS inspection is active, it terminates the TLS connection from Chrome, re-signs the certificate with its own CA, and forwards the traffic to the destination. If Kaspersky’s inspection engine is overwhelmed (common during peak activity periods), it may not complete the TLS handshake before Chrome’s TCP timeout expires, resulting in ERR_CONNECTION_TIMED_OUT.
Kaspersky also implements an ATP (Advanced Threat Protection) module that monitors for suspicious network behavior and may block Chrome’s connection attempts if it detects an unusual number of simultaneous TCP connection requests (a behavior sometimes associated with bot activity).
Resolving Kaspersky-Induced TCP Timeouts
Disabling Kaspersky TLS Inspection
Open Kaspersky → Settings → Protection → Secure Connection. Toggle Secure Connection scanning to Off. This disables TLS inspection for all HTTPS connections from Chrome, preventing Kaspersky from intercepting and delaying the TLS handshake.
Adding Chrome to Kaspersky Trusted Applications
Open Kaspersky → Settings → Protection → Firewall → Application rules. Find Google Chrome and set the Network access to Allow. If Chrome is not listed, click Add and browse to C:Program FilesGoogleChromeApplicationchrome.exe. Also ensure that Trusted application is checked to prevent Kaspersky’s ATP module from blocking Chrome connections.
Disabling Kaspersky’s Network Attack Defense
Open Kaspersky → Settings → Protection → Network Attack Defense. Toggle it to Off. This feature monitors for SYN flood attacks and may incorrectly flag Chrome’s multiple simultaneous TCP connection requests as an attack, blocking the connections before the handshake completes.
Call to Action
Use the webs.ninja gateway to run a TCP handshake latency diagnostic with Kaspersky temporarily disabled to confirm whether Kaspersky is the source of the timeout. If the diagnostic shows successful handshakes without Kaspersky, apply the TLS inspection disable and trusted application fixes above.