Encrypted network traffic "untrusted certificate"

[jamiek89 1]

Hi

I am currntly using Smart Security 9.0.408.0 on Windows 10.

Also use VPN service connecting via OpenVPN client and I always recieve messages popping up on the screen with Encrypted network traffic "untrusted certificate"

This has been happening a lot recently and not sure how I can prevent the messages, is there a way to stop the warnings? or auto accept or block certificates?

Attahced screenshot for example.

Any help would be great.

Thanks

[Marcos 5,074]

If you trust the certificate, you must add it to the Trusted root CA certificate store in order to make it trusted:

 

[AMDY 1]

So how do we automatically block all of these?   I just reinstalled Internet Security, which had been working fine before. No pop-ups. But since the reinstal, the untrusted cert thing pops up constantly.   Twice just typing the last sentence of this note. 

Not even one of these are certs I trust.  I don't want them.  I don't trust them.   I've done the steps in the KB to turn off filtering, turn it back on and reboot and it has not helped. 

So.  How do we automatically block all?   

[itman 1,659]

This came up previously in this discussion: https://forum.eset.com/topic/8751-https-sites-unaccessible-when-using-vpn- and relates to Firefox's VPN plug-in. It's not compatible with Eset's SSL protocol scanning.

[rept30 0]

I constantly get this same issue on almost every web page amazon, newegg, etc. I've tried this several times along with reinstalling ESET hxxp://support.eset.com/kb3126/?locale=en_US  I get the same certificate pop up even after trusting it and remembering it.

Nothing seems to work.

Firefox x64 52.0.2

Windows 10 pro x64 bit - 1607

ESET Smart Sec - 10.0.390.0

Not using any VPN add ons or openvpn.

[Darjanator 3]

I'm using just the regular Nod32 Antivirus and Chrome, and am getting these messages ALL THE TIME. I got 3 while just trying to reply to this topic and they're all from websites I've never been to. I'm suspecting ads (even though they're blocked) in other tabs.

I'm not using a VPN currently (although tunnelbear is installed).

[Marcos 5,074]

44 minutes ago, Darjanator said:

I'm using just the regular Nod32 Antivirus and Chrome, and am getting these messages ALL THE TIME. I got 3 while just trying to reply to this topic and they're all from websites I've never been to. I'm suspecting ads (even though they're blocked) in other tabs.

I'm not using a VPN currently (although tunnelbear is installed).

Please click certificate details in an ESET notification about untrusted certificate and post a screen shot of it here.

[Darjanator 3]

Well, wouldn't you know it, it STOPPED. Right after I posted this, it just stopped. After a week of annoyance.... it just went away. If it happens again, I will post, but for now... 

 

I don't get it...

 

EDIT: here's 4 since my last post: 3 expired and 1 invalid. I wonder why they started showing up several days ago. Has the entire internet ran out of valid certificates on the same day?

 

Edited April 6, 2017 by Darjanator
Added images.

[AMDY 1]

Still happening to me.   Most annoying yet: trying to rename some files on my PC, the stupid pop-up appears and takes precedence and focus over the work I was trying to do and loses the file name I was trying to make.  This happened to be a legal document and had to be named just right.  Eset intruding in this was very unwelcome.

This went on and on for several minutes.  I finally had to do the file names in notepad and paste them in, because Eset wasn't giving me enough time to do my work.   It would not be so bad if the pop ups went into the background.  Stealing focus like this is rude and disruptive and even dangerous.

[Marcos 5,074]

49 minutes ago, AMDY said:

Still happening to me.  

It is not an issue of ESET that untrusted certificates are used in https communication. Since you haven't posted a screen shot of such certificate details, please do so so that we can find out what's wrong with the certificate(s).

[rept30 0]

It pops up on amazon,ebay, news websites, etc. I've seen untrusted cert pop up just opening the browser page to the default homepage (google) and when opening plex @ 127.0.0.1. Even after I've allow it as a trusted certificate + remember it still pops up.  < This is with firefox on windows 10.

 

It also happens on my other computer that is still on windows 7 and uses google chrome by just going to the default homepage (google) same thing allow + remember still pops up later on same certificate.

 

This is me just doing a google search nothing else. I'll add more as they come.

Edited April 7, 2017 by rept30

[Marcos 5,074]

So you are using a VPN plug-in in a browser?

[rept30 0]

1 hour ago, Marcos said:

So you are using a VPN plug-in in a browser?

No. I'm using ublock origin and privacy badger as my only two addons. I've uninstalled firefox from the control panel > Deleted anything in appdata > deleted folder in program data > deleted folder in program files > restarted pc > reinstalled firefox. I've tried guide hxxp://support.eset.com/kb3126/?locale=en_US  along with uninstall eset > restart > reinstall eset.

Still having the issue.

[AMDY 1]

2 hours ago, Marcos said:

It is not an issue of ESET that untrusted certificates are used in https communication. Since you haven't posted a screen shot of such certificate details, please do so so that we can find out what's wrong with the certificate(s).

Nobody had asked me to post screenshots.  I don't just randomly spam forums with screenshots for kicks.  But since you asked...here are some from two different popups.  No clue what these domains are.  Was not browsing to them. Have never been there as far as I can recall.  Four more hit while I type the first sentence above.  This is getting out of hand.

Note: these are all coming via Chrome. Someone else mentioned Firefox.  I don't have Firefox installed.

And I will note again, this began happening after a reinstall of the Eset product.  

 

[Darjanator 3]

I have the same issue with these reports coming from sites I've never been to before. It could be something to do with ublock origin messing up ad delivery. I might go test with the extension disabled to see if the messages go away.

[rept30 0]

This was tomshardware.

[itman 1,659]

42 minutes ago, AMDY said:

Nobody had asked me to post screenshots.  I don't just randomly spam forums with screenshots for kicks.  But since you asked...here are some from two different popups.  No clue what these domains are.  Was not browsing to them. Have never been there as far as I can recall.  Four more hit while I type the first sentence above.  This is getting out of hand.

Note: these are all coming via Chrome. Someone else mentioned Firefox.  I don't have Firefox installed.

And I will note again, this began happening after a reinstall of the Eset product.  

 

As far as canalesdominicano.net goes, I get the same error in IE11.

Below is what QUALS says about that URL:

Edited April 7, 2017 by itman

[Marcos 5,074]

I forgot to mention that you should check the certificate expiry date and do not post a screen shot if the certificate is obviously expired. There are 2 screenshots where it's obvious that the certificate expired last year and because of that it's untrusted. If you open such website in a browser without SSL filtering enabled or ESET installed, the browser would reject to display such untrusted website too.

As for the mega-tags.com certificate, it seems to be an issue with plug-ins that utilize a root certificate (ie. not verified by a trusted CA). Decryption occurs in the browser itself, ie. after ESET has checked the certificate and could not verify it. I assume that temporarily switching to interactive SSL filtering mode in the advanced setup -> Web and email -> SSL/TLS and excluding the root certificate could work.

[Darjanator 3]

This is all understandable, but why has it started happening all of a sudden and dozens of time a day when before there wasn't a single instance?

[rept30 0]

39 minutes ago, Darjanator said:

This is all understandable, but why has it started happening all of a sudden and dozens of time a day when before there wasn't a single instance?

Yup, I haven't had any issues until the past few weeks. I went ahead uninstalled eset > reboot > deleted any folders + anything in regedit relating to eset > reset windows firewall back to default > reboot > reinstalled eset. I'll continue to post them as they come because this wasn't happening before and I've been on eset v10 since it went public.

[itman 1,659]

I will say this. I have had zip certificate issues using IE11 and Edge; both of which use the Windows root CA certificate store. So the issue is with Chrome and Firefox.

[AMDY 1]

Found my solution to this issue:  uninstalled the product permanently.  

No more nag screens!  

And no other security software is reporting any similar issues.  

[Marcos 5,074]

6 hours ago, AMDY said:

Found my solution to this issue:  uninstalled the product permanently. 
And no other security software is reporting any similar issues.  

It could be that the other security sw you have tried does not perform SSL/TLS filtering. Uninstalling ESET is actually not a solution. It's like if one would be constantly getting alerts about malware detection; uninstalling the AV would not make the malware go away. Quite the contrary, the situation would get even worse.

In my opinion, you should try to find out why you have root certificates mega-tags.com (connected with ads and monetization) and bananahosting.com installed at all. It's not something one would normally like to have installed.

[itman 1,659]

I agree with Marcos's comment,

Both Chrome and Firefox use their own root CA certificates store's for web site certificate validation. Whereas FireFox has an option where it can be specified to additionally use the Windows root certificate store, Chrome has no such option.

[AMDY 1]

Let me restate this: the other PCs on which I have installed the same ESET product are not having the issues.   Same user, same Chrome accounts, same OS, etc.

These warnings came up from HUNDREDS of different websites, but if you want to focus on why one particular cert might be an issue, once again you are showing you don't want to or cannot solve whatever is causing these popups.   But I already figured out you don't care that this is happening.   Empty oath of the day: I will not be renewing any of my ESET licenses as they expire. Congrats on chasing away a loyal customer of over 10 years with multiple licenses.