FIXED / SOLUTION: Certificate Pop-Ups - An application on this computer is trying to communicate over a channel encrypted with an untrusted certificate

[MarcFL 26]

EASY FIX:

RE:  Eset Certificate Pop-ups - An application on this computer is trying to communicate over a channel encrypted with an untrusted certificate

This is happening a LOT more.  It is mostly due to invalid certificates from ads loading on the page.  The best, safest and easiest way to fix it is by changing this simple  setting:

Advanced Setup, Web & Email,  SSK/TLS, Certificate Validity, change "If the Certificate cannot be verified using TRCA..."  to "Block Communication".

See Picture:

ESET:  You need to address this issue as it is becoming a MAJOR annoyance for many of your customers due to invalid certs from advertisements loading on pages!

Edited February 18, 2018 by MarcFL

[Marcos 5,074]

The fact that some websites use expired, revoked or otherwise untrusted certificates is not ESET's fault and ESET is not the one to blame. With TLS filtering disabled, it would be the browser which would alert you about untrusted certificates. It is the responsibility of a website administrator and owner to ensure that a valid certificate is installed and used.

Users who want to block untrusted communication automatically without being asked can set the above mentioned setting as suggested, however, this cannot be recommended for everyone.

[itman 1,659]

2 hours ago, MarcFL said:

This is happening a LOT more.  It is mostly due to invalid certificates from ads loading on the page.

And how do you know that those ads are not malicious? FYI - you don't have to click on a malicious web site ad to get nailed by it.

[MarcFL 26]

Just to be clear, My recommend Fix is not a security risk in any way. In fact, my recommended setting increases security.  SLL/TLS filtering remains Enabled.  My setting simply BLOCKS any invalid certificate.  As explained, numerous certificate popups from Eset are mostly due to ads with expired certificates.  My recommended setting simply blocks any "page" (advertisement) with an invalid certificate without a popup as mentioned by Administrator Marcos.   It works well.  In my opinion, it should be the default setting in Eset.
You can test with and without my setting here:  https://badssl.com/

itman:  I think you may has misunderstood.  My setting has nothing to do with malicious ads.  It blocks all ads without a valid certificate.  Those with a valid certificate will be scanned by Eset as usual.

 

 

Edited February 2, 2018 by MarcFL

[Marcos 5,074]

Quote

My setting simply BLOCKS any invalid certificate.

If you don't want to be prompted about untrusted certificates, change the setting you've mentioned. However, using that as a default value for all users is a bad idea. From time to time even owners of popular websites forget to update their certificates or some websites may use self-signed certificates for whatever reason and blocking them automatically without giving the user an option to continue to such website is not good. Even browsers do not block such communication by default and give the user an option to create an exception.

[MarcFL 26]

16 hours ago, Marcos said:

If you don't want to be prompted about untrusted certificates, change the setting you've mentioned. However, using that as a default value for all users is a bad idea. From time to time even owners of popular websites forget to update their certificates or some websites may use self-signed certificates for whatever reason and blocking them automatically without giving the user an option to continue to such website is not good. Even browsers do not block such communication by default and give the user an option to create an exception.

Marcos, I manage over 100 computers and clients are complaining that they are getting too many certificate popups from Eset.  This is not Eset's fault, but it is Eset's business.  Annoyed customers don't renew Eset.    I've discovered that nearly all of these popups are caused by background Ads with invalid certificates.   My setting eliminates this issue.  The side effect is the unlikely event that a legitimate website will be temporarily blocked due to an expired certificate as you pointed out.   This issue with invalid certificates from advertisements will likely get worse, and Eset will need to address the issue to avoid losing customers due to annoyance.   I recommend my setting be the default.

Edited February 2, 2018 by MarcFL

[beethoven 0]

I just started receiving this warning too and am a bit confused. With Firefox only running this very forum by Eset, why would I get the attached message? This started earlier today and given that it happened before on legit sites (e.g. paypal)  without advertisements, I was unsure. Unfortunately the alert does not actually provide more detailed info as to what caused the alert. I tried to isolate the issue by not opening multiple sites, so now it's just this forum.

Are we sure that this issue is not related to some malfunction in the software running some redundant check on some incomplete certificate listing irrespective of the website I am currently visiting? I had the alert coming up both in FF and Chrome.

[Marcos 5,074]

35 minutes ago, beethoven said:

I just started receiving this warning too and am a bit confused. With Firefox only running this very forum by Eset, why would I get the attached message? This started earlier today and given that it happened before on legit sites (e.g. paypal)  without advertisements, I was unsure. Unfortunately the alert does not actually provide more detailed info as to what caused the alert. I tried to isolate the issue by not opening multiple sites, so now it's just this forum.

Are we sure that this issue is not related to some malfunction in the software running some redundant check on some incomplete certificate listing irrespective of the website I am currently visiting? I had the alert coming up both in FF and Chrome.

It should have nothing to do with our forum. Invalid certificate is reported on the server mirror.cedia.org.ec and I doubt that the forum provider would access an Ecuadorian domain.

[beethoven 0]

Marcos,  that's exactly my point. I believe the popup on the Eset Forum is wrong as was the pop up when I used Paypal. The alert shows Firefox trying to communicate but at the time no other site was active. If NOD alerted me in general terms that something on my pc was trying to reach out, I would be more concerned but if the only thing running on Firefox is the NOD forum, something does not make sense.

[Marcos 5,074]

1 hour ago, beethoven said:

Marcos,  that's exactly my point. I believe the popup on the Eset Forum is wrong as was the pop up when I used Paypal. The alert shows Firefox trying to communicate but at the time no other site was active. If NOD alerted me in general terms that something on my pc was trying to reach out, I would be more concerned but if the only thing running on Firefox is the NOD forum, something does not make sense.

It might have been accessed by an add-on for instance. Are you able to reproduce it?

[beethoven 0]

the only add-on I am using is ublock origin - as for reproducing it, let me check tomorrow when I am actually using pc and see when or on which pages the alert comes back. At the moment it's "quiet".

[MarcFL 26]

I have clients with and without uBlock Origin with this issue.   My fix above is the correct solution.  See my post above.  It should be the default by Eset.  I've made my clients happy by making this change.  However,  I'm sure that many Eset customers who don't have an IT Admin working for them will eventually leave Eset due to the annoyance of these popups.  Again, not Eset's fault, but Eset's concern.  Eset should silently block and we would be done with this issue.

Edited February 18, 2018 by MarcFL

[peteyt 393]

17 hours ago, MarcFL said:

I have clients with and without uBlock Origin with this issue.   My fix above is the correct solution.  See my post above.  It should be the default by Eset.  I've made my clients happy by making this change.  However,  I'm sure that many Eset customers who don't have an IT Admin working for them will eventually leave Eset due to the annoyance of these popups.  Again, not Eset's fault, but Eset's business.  Eset should silently block and we would be done with this issue.

This topic interests me because a lot of people have asked Eset to do a behaviour type protection which would basically check for possible suspicious activity and then ask the user to decide. I can understand why Eset are reluctant because when you look at the certificate issue you will see why - people who are not technical don't always like to choose an option and will worry when they are given a popup what the reason behind it is and then will worry if they pick the wrong option.   

[Zardoc 4]

On 2018-02-15 at 8:51 PM, MarcFL said:

I have clients with and without uBlock Origin with this issue.   My fix above is the correct solution.  See my post above.  It should be the default by Eset.  I've made my clients happy by making this change.  However,  I'm sure that many Eset customers who don't have an IT Admin working for them will eventually leave Eset due to the annoyance of these popups.  Again, not Eset's fault, but Eset's concern.  Eset should silently block and we would be done with this issue.

I'm sorry, but this isn't a fix at all. It's a problem with Eset. I had this problem with version .159.5 and Firefox. Issue went away after disabling SSL/reboot and deleting cert8.db in Mozilla folder C:\Users\%%\AppData\Roaming\Mozilla\Firefox\Profiles\%%.

With this update, all my three machines have half the sites disbled with Firefox. I get that ''some'' people won't update their certificates, but not half.

 

SEE POST HERE

[MarcFL 26]

Many of my clients are using Chrome and have this issue.  So, your situation may be a similar but unrelated issue with Firefox.

Edited February 18, 2018 by MarcFL