[NOD32 modifies Javascript files]

Thanks it works. So what's next steps? How to fix it permanently without our users need to exclude our domain from checking? Should I report this issue somewhere else?

[NOD32 modifies Javascript files]

I've attached diagnostics when trying to access our latest release. Is there anything that could help you solve the issue? Is there some workaround for our user other than completely disabling Web access protection? If I try Web access protection -> Url address management -> edit -> list of allowed addressess -> edit -> add "*.budgetbakers.com/*" and check "Notify when applying", then I see that URL was matched but the issue remains. What's the correct way to exclude our domain?

Diagnostics.zip

[NOD32 modifies Javascript files]

@Posolsvetla any update on this? Current release of https://web-board.budgetbakers.com causes the issue again. When I deploy the same release (the same Docker image) on another domain then it works fine.

[NOD32 modifies Javascript files]

The issue is related to Chrome as well and I reproduced the issue in Virtualbox with Nod32 trial and fresh installation of Chrome and Firefox. I see in Chrome and Firefox that the certificate is valid but it is wrong certificate.

But even in case of wrong/invalid certificate Nod32 should not silently modify resources. Nod32 should keep it as is and delegate validity check to a browser or display some warning, right?

 

[NOD32 modifies Javascript files]

2 minutes ago, itman said:

I tried to access the web site: https://web-board.budgetbakers.com/ in IE11. A web page displayed stating that only FireFox and Chrome are supported.

Sorry, old habbit, by IE I mean Edge, IE11 is generally unsupported browser.

[NOD32 modifies Javascript files]

15 minutes ago, itman said:

This has nothing to do with Eset. I disabled Internet Security Web Access protection and received the same spinning wheel behavior.

It might be an Issue with FireFox and you can contact Mozilla about that. I don't have Chrome installed, so I could not not test with it.

No, I'm sure that it it caused by Nod32, I have bug reports from our users and also I checked it by myself. Until I installed Nod32 then everything was ok and I also made some tests with or without Web Access protection that confirmed my suspicion. The issue happens on Firefox, Chrome and IE. Nod32 is favorite security software on Windows and we have no such report from Linux or Mac users. If it were browser bug we had more bug reports but we don't.

Your behavior could be result of cached Javascript file with that garbage. Plese try it again with cache disabled.

 

[NOD32 modifies Javascript files]

46 minutes ago, Posolsvetla said:

Not sure if this is important and would make any difference, but there is missing charset=utf-8 in the content-type header sent by the server.

I'm not sure too because this issue happens only on one domain web-board.budgetbakers.com of 5 domains we use (including test environment), the resource modified is random even if we have no new release. Also behavior is different for different users. If it were caused by missing charset or other configuration then all resources would be modified, right? We use Docker images so all servers on all our domains have the same configuration.

[NOD32 modifies Javascript files]

2 minutes ago, itman said:

This time all I get in FireFox is a spinning circle on the displayed web page.

That's the issue, it is consequence of modified Javascript resource that caused fatal error which prevents app to start and hide the spinner. Also it is unfortunatelly the nondeterministic behavior of Nod32, it modifies Javascript resource on one machine but it works perfectly on another. @itman please could you upload log files as requested by @Marcos? I cannot reproduce the issue on my machne now.

 

 

[NOD32 modifies Javascript files]

Now the web application works but the issue is visible on other resource, see attached screenshot where you can find some garbage at the end of source map request. Strange thing is that we don't have source maps on production. It might be some clue that the issue happens soon in the browser. When I try to download the resource with curl or wget the content is as expected but IE, Firefox, Chrome contains some garbage.

 

I also packed Wireshark capture session and also found that Nod32 creates some Wireshark files. Is Wireshark files required or content of C:\ProgramData\ESET\ESET Security\Diagnostics is enough?

eav_logs.zip web_access_protection_disabled.zip web_access_protection_enabled.zip

[NOD32 modifies Javascript files]

On 4/3/2020 at 9:03 PM, itman said:

I can't connect to this domain in FireFox:

extra dot at the end? try https://web-board.budgetbakers.com

[NOD32 modifies Javascript files]

Hi,

I've noticed that Nod32 modifies our Javascript resources and appends some garbage characters to the end (see attached screenshot) which causes Javascript syntax error and our web app does not start because of it. The resource could be downloaded from https://web-board.budgetbakers.com/3.board-669dedc0633412a24830.js but the link might be broken on next release so I've attached the file as well. Nod32 does not warn about some threat, if I submit the file manually it passeess the test. We have also web app on https://web.budgetbakers.com and some test environment domains but the issue is only on the production domain https://web-board.budgetbakers.com. The issue has random behavior on different releases (different Javascript bundles), sometimes it works fine, affected module changes and the garbage changes. Whitelisting our domain does not work. I have to pause Internet protection to make our web app work but it is unacceptable.

So what's wrong and how to fix it? Where could I report this?

3.board-669dedc0633412a24830.js.txt