esetUsr1

Hi, What's the changelog for ESS 9.0.402.0 ?

I see. So it seems the cause of failed HTTPS connection is due to the VPN application/server not verifying ESET self-signed SSL root certificate that is used to perform local man-in-the-middle activity between the client (firefox) and proxy server (VPN) for scanning purpose (HTTPS scanner). Well that's a bummer. Anyhow thanks for the info.

That's quite odd because the plug-in does honor CA certificates in the Firefox trusted root CA certificate store when HTTPS scanning disabled. The issue only happens when I enable HTTPS scanning. That is why I suspect HTTPS scanner causes the issue and not the plug-in. Unfortunately, neither of the plugins and non-plugins previously mentioned support importing custom CA certificates. Why does the ESET root SSL certificate is self signed when it should be signed/issued by other trusted CA for validity?

Just like what I've mentioned in my previous posts, ESS has a bit of problem granting VPN applications access to HTTPS sites. This probably has something to do with the HTTPS scanning option that keeps refusing to verify the authenticity of the certificate used by the application to connect the browser to the proxy server with certificate/s that is/are issued by trusted certificate authority. For now, I will keep the certificate exclusions on tab since that's the most efficient and secure way for me rather than turning of SSL protocol filtering and/or HTTPS scanner. I hope that this issue will be fixed in future release of ESS.

So in other words, what you mean here is, if SSL protocol filtering is enabled with HTTPS scanner disabled, the scanning of malware on HTTPS is ignored while the other communications (i.e. POP3S and IMAPS) will still be scanned for malware. Am I correct? Just to be absolutely sure. I see. I did not know that it is relative to Parental Control. Thanks for the new info. And what about the HTTPS connection issue that occurs during the use of VPN application? Does HTTPS scanning supposed to work with VPN application in which it doesn't to me? Does anyone else encounter this problem or am I the only one? I guess I just have to stick with excluding the certificates used by the application from scanning.

It seems that what you said about the toggling of ssl protocol filtering and https scanning is opposite to ESS configuration. Just as I have mentioned in previous post, the ssl protocol filtering is the one that controls the toggle for https scanner. If it is disabled, the https scanner will also be disabled whereas if enabled, the https scanner can be toggled on and off which is also described in the ESET help article that quotes "Encrypted communication will be not scanned. To enable the scanning of encrypted communication and view the scanner setup, navigate to SSL/TLS in Advanced setup section, click Web and email > SSL/TLS and enable the Enable SSL/TLS protocol filtering option." which is also what ESS9 that i'm using is configured to follow. Again as I mentioned earlier, I cannot enable https scanning if ssl protocol filtering is disabled, hence I'm unable to follow what you suggested. Besides, there's also a separate option for enabling non-secure http scanner described in the mentioned ESET help article.

So let's say if the ssl communication that went through ekrn contains malware, will it be ignored if https scanning disabled? Will there be another layer of protection by ESS to detect the malware after being ignored by https scanner? What is the use of having those communications go through ekrn if their not scanned for malware? If nothing, then does that mean enabling ssl protocol filtering (or in other words making https, pop3s and imaps communication go through ekrn) is useless when disabling https scanning (or in other words ignore those communications for malware)? Please correct me if I'm wrong. I would love to keep both settings (ssl protocol filtering and https scanning) enabled for more security. However, i find it quite troublesome due to the https connection issue it causes on vpn applications. Please tell me that it's still safe if I only disable https scanning and keep enabling ssl protocol filtering. I apologize in advance if my words seems offensive as i have no intention to do so. Just trying to be straightforward as much as possible for clarity sake. I'm new about these anti-malware related terms and stuff. Thank you again.

I'm using ESS 9.0.381 on win 8.1 64bit with firefox browser. I'm having trouble accessing secure sites (https) that gives a firefox error page "Secure Connection Failed" when using vpn/proxy applications. At first I thought this was caused by firefox's vpn addon, so i tried using another vpn addon from firefox's official addon site (e.g. hoxx, zenmate) and another that is non-addon (e.g. betternet, zenmate windows version) but still unsuccessful. However, fortunately non-secure (http) sites can be accessed whether using the vpn application or not. After days of web searching, I came upon this eset forum post that addresses about firefox addon update problem which does not occur to me. However, thanks to the post, i got the hint that my problem is due to ESET's certificate handling when ssl protocol filtering is enabled. I solve this issue by turning the ssl protocol filtering mode to interactive and then to wait for eset to pop out prompts when i enable/run the vpn application to manually ignore and remember action for the certificates used by the proxy application. For non-tech savvy or advanced user such as I, the solution is somewhat a hassle and troublesome thing to do. Therefore, there's another easier solution which is to entirely disable the ssl protocol filtering under "web and email" or https checking under "web access protection" which is also not a favourable method to those who care a lot about extra security which I also am because by doing so will "remove a layer of security and could expose your system to security risks", which was mentioned in here. I noticed that when you disable ssl protocol filtering, the https checking slide bar is grayed out (not toggleable). Therefore, what happens when I enable ssl protocol filtering but disable https checking? What difference does it make compared to disabling ssl protocol filtering? May I remind once more that this only occur when i'm using a vpn application/program to access sites that happen to be secure and trusted such as google, yahoo mail, youtube etc. Is this a problem/matter that has not yet been addressed by ESET? If so, please fix this issue in the upcoming versions of the software. Thank you.