Most Valued Members peteyt 387 Posted May 25, 2017 Most Valued Members Share Posted May 25, 2017 Trying to help someone find out why his site is being blocked by Eset. He is a security researcher/blogger. His site is www.scotthelme.co.uk Alerts are the certificate has changed unexpectedly/website certificate revoke Link to comment Share on other sites More sharing options...
itman 1,629 Posted May 26, 2017 Share Posted May 26, 2017 I can connect to the web site OK using SS 10.1.210 and IE11. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 387 Posted May 26, 2017 Author Most Valued Members Share Posted May 26, 2017 6 hours ago, itman said: I can connect to the web site OK using SS 10.1.210 and IE11. Blocks for me in IE as well but with Eset insider version Link to comment Share on other sites More sharing options...
itman 1,629 Posted May 26, 2017 Share Posted May 26, 2017 1 hour ago, peteyt said: Blocks for me in IE as well but with Eset insider version Here's the Quals SSL Server test report for the site: https://www.ssllabs.com/ssltest/analyze.html?d=scotthelme.co.uk&s=107.170.218.42&hideResults=on . He received an A+ - highest rating. Only thing I found that was he uses a Let's Encrypt certificate. Do you have the DST Root CA X3 certificate in your Window's root CA certificate store? If so, make sure it hasn't expired. IE11 uses Window's root CA certificate store. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 387 Posted May 26, 2017 Author Most Valued Members Share Posted May 26, 2017 2 hours ago, itman said: Here's the Quals SSL Server test report for the site: https://www.ssllabs.com/ssltest/analyze.html?d=scotthelme.co.uk&s=107.170.218.42&hideResults=on . He received an A+ - highest rating. Only thing I found that was he uses a Let's Encrypt certificate. Do you have the DST Root CA X3 certificate in your Window's root CA certificate store? If so, make sure it hasn't expired. IE11 uses Window's root CA certificate store. Not sure how to but both IE and chrome get the errors. I think it might be to do with the insider version but not 100 percent sure. Link to comment Share on other sites More sharing options...
itman 1,629 Posted May 26, 2017 Share Posted May 26, 2017 (edited) 15 minutes ago, peteyt said: Not sure how In IE11, select Tools -> Internet options -> Content -> Trusted Root Certificates. Then look for DST Root CA X3 certificate and validate expiration date not less than current date. Might also like you stated an insider ver. issue. Edited May 26, 2017 by itman Link to comment Share on other sites More sharing options...
itman 1,629 Posted May 27, 2017 Share Posted May 27, 2017 Another possibility is there is something amiss with one of the numerous https:// links contained in his home page. Post a screen shot of the cert. error Eset is displaying in IE11. Note: I use tracking protection in IE11 which might be blocking the "offending" https:// trigger. Link to comment Share on other sites More sharing options...
TomFace 539 Posted May 28, 2017 Share Posted May 28, 2017 On 5/25/2017 at 7:46 PM, peteyt said: Trying to help someone find out why his site is being blocked by Eset. He is a security researcher/blogger. His site is www.scotthelme.co.uk Alerts are the certificate has changed unexpectedly/website certificate revoke He should refer it to support for personal attention. https://forum.eset.com/topic/11925-website-being-blocked/?do=findComment&comment=59988 Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 387 Posted May 28, 2017 Author Most Valued Members Share Posted May 28, 2017 8 hours ago, TomFace said: He should refer it to support for personal attention. https://forum.eset.com/topic/11925-website-being-blocked/?do=findComment&comment=59988 Hi - I have already reported it the other week but heard no reply. I am thinking after after itman reported the site loads fine and me and at least one other user gets the alert on the insider version that it might be an issue with the insider version. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,081 Posted May 29, 2017 ESET Moderators Share Posted May 29, 2017 Hello guys, thank you for the report, we will check it, I got the site blocked as well. Regards, P.R. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,081 Posted May 30, 2017 ESET Moderators Share Posted May 30, 2017 Hello guys, the issue has been identified as a bug on our side, will be fixed in Internet protection module, expected version 1307. thank you once again for the report. Regards, P.R. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 387 Posted May 30, 2017 Author Most Valued Members Share Posted May 30, 2017 5 hours ago, Peter Randziak said: Hello guys, the issue has been identified as a bug on our side, will be fixed in Internet protection module, expected version 1307. thank you once again for the report. Regards, P.R. Thanks. What caused this and do you know roughly when it will be sorted so i can let the sites admin know Link to comment Share on other sites More sharing options...
itman 1,629 Posted May 30, 2017 Share Posted May 30, 2017 (edited) 2 hours ago, peteyt said: What caused this Ditto here also since I never had any issues accessing the web site in IE11 using ver. 10.1.210. Considering my IP module rel. is 1303.1, appears this is a beta ver. problem. Edited May 30, 2017 by itman Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,081 Posted May 31, 2017 ESET Moderators Share Posted May 31, 2017 Hello, the site was blocked due to false positive HPKP violation. As far as I known only Insider builds were affected (the use updates which are even ahead of the pre-release updates). Fixed Internet protection module 1307 is being distributed in that channel since about 30.5.2017 10:35 CEST Thank you once again for the report, P.R. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 387 Posted June 1, 2017 Author Most Valued Members Share Posted June 1, 2017 On 2017-5-31 at 7:53 AM, Peter Randziak said: Hello, the site was blocked due to false positive HPKP violation. As far as I known only Insider builds were affected (the use updates which are even ahead of the pre-release updates). Fixed Internet protection module 1307 is being distributed in that channel since about 30.5.2017 10:35 CEST Thank you once again for the report, P.R. I have updated and appear to have Internet protection module 1307 but the site is still blocked. Cleared Chrome's cache in case that was the issue but no good. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,081 Posted June 2, 2017 ESET Moderators Share Posted June 2, 2017 Hello Peteyt, O.K. I will check it with Devs as I was able to reproduce the issue myself. Regards, P.R. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,081 Posted June 5, 2017 ESET Moderators Share Posted June 5, 2017 Hello, the issue is fixed by Internet protection module version 1308, currently available for ESET Insiders only. I can verify the fix for Chromex64, Firefox32 and Internet explorer 11. Can you please confirm the fix on your side as well? Regards, P.R. Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 387 Posted June 5, 2017 Author Most Valued Members Share Posted June 5, 2017 7 hours ago, Peter Randziak said: Hello, the issue is fixed by Internet protection module version 1308, currently available for ESET Insiders only. I can verify the fix for Chromex64, Firefox32 and Internet explorer 11. Can you please confirm the fix on your side as well? Regards, P.R. Just tried on Chrome and it works fine now. What was causing the issue just the guy running the site would like to know. Thanks again. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,081 Posted June 6, 2017 ESET Moderators Share Posted June 6, 2017 Hello, we had a rare false positive on revoked certificate check (OCSP Must Staple) in our SSL/TLS scanner. Regards, P.R. Link to comment Share on other sites More sharing options...
Recommended Posts