Jump to content

jmparsons

Members
  • Posts

    4
  • Joined

  • Last visited

Kudos

  1. Upvote
    jmparsons gave kudos to ExcelIT2417 in SSL/TLS Protocol filtering breaking email and web browsing   
    Hello,
    Did some more testing on my end and I think I found the bug in Eset Endpoint Antivirus anyway when managed by 1 central ESMC that applies a policy to the endpoints.
    We have "Enable SSL/TLS filtering" enabled by ESMC policy, unable to be changed by the endpoint local settings.  We then have "Block encrypted communication utilizing the obsolete SSLv2" disabled by default on the clients, but not set by the ESMC policy. In the ESMC policy it is set to "Setting won't be set by this policy, it will be editable (unlocked) on the client". In that GUI screen, it shows the default setting as off. And indeed when viewing clients local Eset GUI advanced settings it shows the screenshot I posted earlier. It shows SSL enabled and locked, and Block disabled and unlocked. The bug is that in that state, Block is actually enabled under the hood but the GUI is not reflecting it and the engine is not respecting the GUI setting regardless of flipping it on and off locally.
    The way I ultimately had to resolve was to go back to the ESMC policy on the server and set Block to disabled explicitly by the policy and locked/uneditable on the client. *I do understand this is not ideal security-wise, but email must flow for now until I can change them all to TLS as suggested earlier.
     
    What is most curious to me though is that we have been running in the initial configuration (SSL on and locked, Block default off and unlocked) since V7 and it worked just fine. It was only 11/2/2020 that the bug kicked in(or perhaps over the weekend, but Friday was fine). We made no change to the policy or to the local config and no new windows updates since Oct Patch Tuesday and no Eset version upgrades for a few weeks. I'm not sure why and that's what I'd be looking at as Eset developers.
    I'm glad though as it showed me we have plenty of email clients running SSL apparently and not TLS. So that's a new project for this month. Still have no clue on the few Firefox browsers that break when Block is enabled, but Chrome worked fine in that scenario and the users can use that instead.




×
×
  • Create New...