Get Windscribe
Why do Anti-Virus applications conflict with VPNs?
HELP
technical-issues

There are quite a few reasons why Anti-Virus applications conflict with VPN connections. For the most part, the three main contenders are:

  • TLS/SSL type scanning on port 443
  • DNS Injection
  • Deep Packet Inspection

One of the 'features' from Anti-Virus applications is called SSL Port Monitoring/Scanning. The purpose of this 'feature', as advertised by Anti-Virus application developers, is to prevent your PC against malware and or viruses delivered by TLS and SSL encrypted HTTPS traffic; this typically occurs over port 443.

Lets say that you were using the Windscribe desktop client with IKEv2 on port 500. When you first initiate the connection, you are still using port 443. Once the connection has been established, all ports other connection protocol's port are closed.

Following this example, in order to connect to the Windscribe VPN, you need to ensure that access to port 443 remains unrestricted. If your Anti-Virus application is actively monitoring for encrypted traffic on port 443, it's unlikely you will be able to establish a VPN connection. What happens is that the Windscribe application will make an API call and send/receive encrypted traffic. Then, the Anti-Virus application detects the encrypted traffic and attempts to stop it. Thus, it is recommended that you disable this type of scanning on the Anti-Virus application before attempting another connection.

The second main reason why you are unable to connect to the VPN, or experience repeated disconnections, is due to the Anti-Virus's ability to inject their own DNS service. In order to use the Windscribe VPN, or any VPN for that matter, you need to use the VPN provider's DNS. Therefore, the presence of third party DNS services, such as ones injected by the Anti-Virus application, will break the VPN connection.

Finally, the third main reason why Anti-Virus applications conflict with VPN connections is through Deep Packet Inspection. A lot of Anti-Virus applications contain mechanisms to monitor internet traffic. Once connected to the VPN, the Anti-Virus application detects encrypted traffic and as a result, its DPI mechanisms become activated. What happens thereafter is the Anti-Virus application trying to slow down or halt all internet traffic in order to inspect each packet. As a result, the VPN connection breaks.

Essentially, you have two mutually exclusive and competing goals that was always in conflict. On one side, you have the Anti-Virus application trying to look for 'malicious' content but, on the other, you have Windscribe and other VPN services trying to anonymize your traffic. The best solution is to disable the Anti-Virus application completely via Task Manager. This ensures that the application does not have anything running in the background.

COMMUNITY
Talk to Garry
Feeling completely lost? Contact Support.
r/Windscribe
Find solutions, discuss ideas and share your feelings on our subreddit.
Get in touch
Windscribe
Company
forground_icon© 2024 Windscribe Limited