Is Eset Smart Security Corrupt

[itman 1,659]

If you do a Google search on this "Error code SSL-ERROR-BAD-MAC-ALERT," it is for the most part being generated by the targeted server during the SSL handshake process. Since you are receiving this error in all browsers, it leads me to believe that your ISP DNS servers are doing a bit more than just DNS address resolution. Appears to me that they are somehow detecting that Eset is proxying  your SSL traffic. I would call your ISP provider and explain the situation. They might be able to shed some light on what is going on.

Edited January 19, 2017 by itman

[ronnie 0]

Did as you asked and deleted Emsisoft Rebooted with SSL turned off then switched it on again after reboot

Still have the same problem.

Secure Connection Failed

An error occurred during a connection to www.emsisoft.com. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.

Now I do not get this problem when Eset Smart Security is uninstalled everything runs Ok

[ronnie 0]

I have been in contact with my ISP and they say there is nothing wrong with the DNS.But I will try them again.

I have changed the DNS myself just to see if any different but just the same.

So will install Emsisoft again and maybe remove eset again  then reinstall it.'

Just wondering if that could be the problem ,So far I have installed Eset 3 times doing factory resets and another couple of times trying to sort it out..

I have another computer no more than 6 inches away from me with Eset and Emsisoft running with no problems. If it was my ISP that had a DNS problem surely that computer would not work either.

I understand that they are replacing Eset Smart Security could that be the problem or is that in the future.

[itman 1,659]

Are you running Emsisoft Internet Security or Antimalware?

EIS and SS 10 is a non-no since they both contain firewalls. And there could also be problems with EAM and SS 10 because of possible conflicts with each realtime scanners and/or Eset's HIPS and EAM's behavior blocker.

-EDIT- Also are you running any other security type software? Perhaps something that is performing web filtering? Even if installed in the past and then uninstalled, software remnants may exist. Also when you uninstalled Emsisoft did you run its cleaner to make sure all of it was uninstalled?

Edited January 19, 2017 by itman

[ronnie 0]

itman.

Anti malware. I used revo uninstaller on setting 4 to remove it completely.

Like I said Eset  Smart Security and Emsisoft  Anti Malware running fine on my computer with no side affects.

There was one other problem I downloaded Malwarebytes premium trial then added my keycode for it and it worked fine but every couple of weeks it would revert back to the free version.

My thoughts with that is it was not communicating with the update server hence reverting back to the free version.

Now it was said on here that Eset is doing the same and is not getting back to acknowledge my keycode on there.

I am sure I got a few pop ups saying could not connect to the update server but not sure with what.

As for Malwarebytes I paid for it and it is free for life so tend to install it but ran it manually if and when needed. I got fed up it reverting back to the free version that I uninstalled that as well.

is there anything I can check that would fix any cannot connect to the update server problems.

 

Edited January 20, 2017 by ronnie

[Marcos 5,070]

SSL_ERROR_BAD_MAC_ALERT is returned by Firefox I assume. Is the error different in IE or Chrome?

Could you also check the trusted root CA certificate store that no ESET root certificate is present when SSL filtering is off?

[ronnie 0]

This page can’t be displayed

• Make sure that the web address https://www.malwarebytes.com is correct.
• Look for the page with your search engine.
• Refresh the page in a few minutes.
• That is for I/E
• Root certificate switches off when SSL is switched off

[itman 1,659]

With Eset SSL protocol scanning disabled and using IE, go to this web site: https://www.ssllabs.com/ssltest/viewMyClient.html

First, reply with what it states your overall browser support is e.g. "Good" and the highest TLS level supported e.g. "TLS 1.2".

Next scroll down to the "Protocol Features" settings and take a screen shot and post what is displayed there. Note: It might take a couple of screen shots to show every thing listed there.  

[ronnie 0]

Lets see if this helps as not sure how to do a screen shot.

https://www.ssllabs.com/ssltest/viewMyClient.html

[itman 1,659]

53 minutes ago, ronnie said:

Lets see if this helps as not sure how to do a screen shot.

On the keyboard, hold shift key and then press the Print Screen key. Then open Microsoft Paint. In Paint, select Paste. It will then copy the screen shot into Paint. You can then Crop or do additional editing options in Paint. When done, select Save as a .png and a location to save the file e.g. Desktop, wherever. You can then attach the file to your Eset forum reply.

[ronnie 0]

Thanks itman.

Do i still need to do that after posting the Web page result. If so will do it in the morning a bit late at night for me.

Take it that it is the Firewall that is causing the problems.

Edited January 21, 2017 by ronnie

[itman 1,659]

13 hours ago, ronnie said:

Do i still need to do that after posting the Web page result.

Yes.

Doing a bit more research into SSL_ERROR_BAD_MAC_ALERT, there were postings over in the Mozilla forum in regards to FireFox that this error can be caused due to an issue with SSL protocol. For example, I believe FireFox will no longer accept a TLS 1.1 connection. Also all the major browsers now will not allow a SSL protocol connection. Additionally, certain older encryption standards are no longer allowed by the major three browsers.

What I am being to believe is that for some unknown reason on the problem PC , Eset's SSL protocol scanning is causing a downgrade in the SSL protocol.

 

[itman 1,659]

One other thing I want you to test with SSL protocol scanning enabled. Go to www.google.com. Can you connect to that site without issues?

[ronnie 0]

It will connect to Google but will not connect to your forum. So the answer is yes it will.

Just going to try and follow your instructions for the screenshot. may take a while.

 

[ronnie 0]

Not sure if one missing or not.

Edited January 21, 2017 by ronnie
missed one

[itman 1,659]

-EDIT- I assumed that you did the QUALS test in IE. From the screen shots, appears you did the test in FireFox? If so, you can ignore the below comments and see my next reply.

Before I comment on your QUALS test results, I need you to do one last thing.

In IE, do the following:

1. Click on Tools in the upper left portion of IE's tool bar.

2.  Click on Internet Options.

3. Click on the Advanced tab.

Scroll down to the Security section and verify that all the TLS options are checked marked as shown in the below screen shot. Post back what your settings currently are e.g. TLS 1.0, 1.1, and 1.2 checked or unchecked.

Edited January 21, 2017 by itman

[ronnie 0]

Yup did the test in Firefox. got a bit confused and made a mess of it.

If you want to delete it and I can try again later this time using I/E.

TLS 1.0-TLS 1.1-TLS 1.2 are all ticked..

[itman 1,659]

What the QUALS test is indicating is that it could not establish a secure encrypted connection using any of the established SSL used protocols; namely SSL, or TLS 1.0, 1.1, or 1.2. The statement by them that is firewall related is somewhat misleading. What it really means is that they are assuming is it firewall related since all secure protocol connection attempts failed.

There is nothing done by either the Windows or Eset firewall that I am aware that could cause this QUALS test result. Secure SSL transmission detail processing is all done by the browser. All the firewall does is monitor the forwarding and reception of this traffic to/from its destination based on predefined rules. In absence of a rule, it will allow the traffic unimpeded. 

Eset's Intrusion Protection System(IDS) does packet analysis for suspected malware activity and monitors the network for outside attacks like denial of service and the like. This feature does nothing with encrypted SSL transmission activity.

The fact that a secure SSL connection could not be establish in the QUALS test with Eset SSL protocol scanning disabled also proves that this feature is not causing your problem.

The QUALS test also confirms my initial suspicions that something is proxying, that is intercepting, your Internet traffic. I also believe that the proxy interception is occurring not only for HTTPS traffic but for non-encrypted HTTP traffic. The proxy could be on your network, localhost based, or external although those are rare. A localhost proxy can be established by other web filter security software like Ad-Aware's Web Filter and/or third party parental monitoring software. -EDIT- Also computer manufacture's such as Lenovo and Dell in the past have factory installed localhost proxy software capable of decrypting SSL traffic via a preinstalled root CA store certificate. Localhost proxies can be identified by using a tool such as SysInternal's TCPView and looking for connections to/from IP addresses 127.0.0.x or ::1. TCPView can also identify internal network proxies that is to/from IP addresses 192.168.0.x - 192.168.0.255 for most home networks.

At this point, I suggest you contact your local Eset distributor for tech support resolution in this matter. Refer them to this Eset thread.

Until this matter is resolved, I strongly advise not performing any Internet activity that requires encryption security like online banking, e-commerce activities, or connections requiring that privacy be maintained.

   

Edited January 21, 2017 by itman

[ronnie 0]

itman

Ok thanks . I was thinking along those lines myself. Whatever it is was just seemed to be just affecting my Security programs.

Do I just contact Eset Uk to carry on with their support or would another back to factory settings work..

Any security program that I could try which could probably flush the problem out.

Going out for the day so will not be back till tonight so if you don't hear from me you know why.

Many thanks for your help it has been appreciated.

Regards

Ronnie

 

[itman 1,659]

You can try to connect to the QUALS test site in IE with Eset SSL scanning disabled. Also for this test, temporarily disable the Eset firewall . After doing this, ensure the Windows firewall is shown as enabled and functioning prior to starting IE and connecting to the Internet. After doing the test, shutdown IE and enable the Eset firewall. 

If you get the same "Failed probably due to firewall restrictions" message from the QUALS test, then something is definitely interfering with the network traffic transmission between the browser and the web site server.

[ronnie 0]

Ok tried that and get.

404. That’s an error.

The requested URL /https://www.ssllabs.com/ssltest/viewMyClient.html was not found on this server. That’s all we know.

Checked to make sure SSL was still switched off and it was.

[itman 1,659]

41 minutes ago, ronnie said:

Ok tried that and get.

404. That’s an error.

The requested URL /https://www.ssllabs.com/ssltest/viewMyClient.html was not found on this server. That’s all we know.

Checked to make sure SSL was still switched off and it was.

Did you enter the URL address as /https://www.ssllabs.com/ssltest/viewMyClient.html versus https://www.ssllabs.com/ssltest/viewMyClient.html? Note the leading "/" you posted. 

[ronnie 0]

Ok cant remember if that is what I did but it must have been.

Got a new problem or not.. Went into Eset switched off all the firewalls and changed everything to default  and at the moment Firefox is working normally again. I/E still does not work with SSL enabled but looks like Firefox does

I suppose the only way to check would be to reboot and see..

 

[itman 1,659]

9 minutes ago, ronnie said:

Went into Eset switched off all the firewalls and changed everything to default  and at the moment Firefox is working normally again

That is, you set Eset firewall to default settings, enabled SSL protocol scanning, and FireFox now works correctly on all HTTPS web sites? Note: Eset protocol scanning does not filter all HTTPS web sites. It bypasses those it considers safe or use EV SSL certificates.

Edited January 22, 2017 by itman

[ronnie 0]

So far it does but have not rebooted yet to see what happens.

Would have thought that if one Browser worked they all should. So not hopeful it is going to stay that way.

Edited January 22, 2017 by ronnie