alpe

I created a rule on SSL filtering for "*/firefox.exe" and marked as scan, and it worked. I removed it, and it keeps working. I'm almost certain I already tried this before, but now it worked. I possibly created a rule for "*/firefox.exe" a long time ago and marked as ignore for test purposes, and somehow it turned invisible, and creating this rule again with other value overwrote it.

Here. This is on a new windows user (new firefox profile, by extension), that I created on my pc just to run the test. Some explanations: 1) At 0:29 I leaved "Exclude communications with trusted domains" unmarked, so that everything is checked. Same reason it is in policy mode. 2) 0:34 the warning that dropbox display is because SSL filtering is in policy mode, so everything is filtered. Dropbox checks the certificate issuer, so it should be marked as "ignore" which it isn't on this test. 3) At 01:46 and 02:36 pages load from cache first, then I press CTRL-F5 to update. I forgot to do this on the recording, but after it I checked and firefox was on the list of ssl/tls filtered applications. I marked it as "scan" and rerun the test with the same results. eis_logs.zip recording.zip

No.

Yes.

Tried too. Nothing. Setting it to "scan" too, no change. :/ Really weird, it's like there's an invisble rule set to "ignore" for "firefox.exe" (regardless of path) that takes precedence over this.

Creating a new windows user don't solve it either.

Haven't tried. Probably no. It's probably something on my current installation. What is weird is that it persist after a clean install of both nod32 and firefox (with registry and installation folders cleanup) and only when the exe is name firefox.exe. Guess I'll just have to use it with the exe renamed. Edit: I'm using normal Firefox. I only tried portable to see if it would work on it.

It is. And even if it was not, it should display the unknown issuer warning, which doesn't happen. It happens if I rename the exe.

On http it is, on https no. Only after the download is made that it removes it.

Eset Internet Security 11.2.49.0. I tried all firefox versions from 56 to 63.0a1. On portable, the pages just load normally even without the root certificate, bypassing nod32 protocol filtering completelly. If I rename the exe to anything else, then it works, displaying the error of untrust issuer. I'm not sure how to provide steps. But I tried making a clean eset and firefox install, making sure all folders/registry entries of them were removed betweeen installs. What is weird is that it don't work only if the exe name is "firefox.exe". Like if there was a rule marked to "ignore" it. But there is no such rule, as it's a clean install and I even tried adding a rule to force "scan". Already tried changing SSL filtering mode to "policy". The window asking what to do never shows up, unless I rename the exe. It's like "firefox.exe" specifically is completelly invisible to the protocol filtering.

It doesn't work on firefox. All pages go through unfiltered, ignored. I already tried using firefox portable (with new profile), resetting configs, clean install (including using the eset uninstaller), remove every folder that has eset or nod32 in name and every registry entry related to it too. Already tried to add firefox to the protocol filtering rules with "scan" action. Nothing. But if I rename firefox.exe to anything else (like firefox2.exe) the protocol filtering works. That doesn't make sense. Any help?