tommy456 12 Posted December 2, 2013 Share Posted December 2, 2013 Since i upgraded from version 6 to 7 the lists of excluded and trusted ssl certs keeps on being deleted by eset , sometimes it can be several days or only a few hours before eset just looses these stored permissions and starts prompting for every web site that has a ssl cert ,sites that i have trusted or excluded previously Is this going to be fixed ? I'm running on win xp sp3 eset ss v7.302 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted December 3, 2013 Administrators Share Posted December 3, 2013 Probably something is deleting the values in HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000200\Profiles\@My profile\Certificates. Try to monitor this registry key to find out under what circumstances the values are removed. Link to comment Share on other sites More sharing options...
tommy456 12 Posted December 3, 2013 Author Share Posted December 3, 2013 Ok, thanks for the reply, can you please explain how i can monitor that reg key ? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted December 3, 2013 Share Posted December 3, 2013 Good day tommy456 See the following link : hxxp://technet.microsoft.com/en-us/sysinternals/bb896645 Link to comment Share on other sites More sharing options...
tommy456 12 Posted December 3, 2013 Author Share Posted December 3, 2013 Cheers i already had the procmon, How to i configure it , as i can't find any info regarding setting it up Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted December 4, 2013 Administrators Share Posted December 4, 2013 If the problem occurs intermittently, I wouldn't probably use Procmon or it may ran out of memory if you leave it running for too long. Try exporting the above mentioned registry key and when the issue occurs, compare the current value with the exported one to see if it was really changed / removed. Link to comment Share on other sites More sharing options...
tommy456 12 Posted December 4, 2013 Author Share Posted December 4, 2013 I tried your suggestion of exporting the key and comparing it , and it does appear that eset is loosing ssl cert entries, as the permission had been trusted only hrs ago so was added ,and was in the exported reg file, but it wasn't present in the current reg key when it repeated the prompt for it, nor was it present in the ssl lists in eset's gui ,so it seems that they are getting deleted or updated too frequently? Although in the past i can remember eset wiping all ssl entries that had been stored, on occasions but this wasn't very frequent Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted December 5, 2013 Administrators Share Posted December 5, 2013 The question is whether it's actually ESET or another software that is causing the values to reset. Maybe you could create a HIPS rule that would notify you when another application attempts to change the values. Also you could try to find a pattern when the values get reset (e.g. after a computer restart, after an update, when running a specific application, etc.). Link to comment Share on other sites More sharing options...
tommy456 12 Posted December 5, 2013 Author Share Posted December 5, 2013 (edited) Hi, when i compared the current reg file with the one i had exported earlier, some of the stored ssl permissions where there, so it doesn't loose then all each time /reset , but it has reset in the past version 6 on occasions usually following an update, but as it wasn't that frequent i wasn't too bothered by it , Can you please explain how i would set up a hips rule in eset that would notify me if another process attempted to change the values , sounds like a good idea Ok i think i have it set up correct me if i've gotten something wrong i have set hips to interactive mode (not sure if this is required or not) source apps is all, and the target registry and the key as in above post , and it's set to ask is this the correct way to set it up ? Edited December 5, 2013 by tommy456 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted December 6, 2013 Administrators Share Posted December 6, 2013 I wouldn't suggest switching to interactive mode or HIPS may often prompt you to select a desired action upon certain events. Switch back to automatic mode with rules and create a rule with: - action set to Ask - all operations selected on the Target registry tab - add the registry key HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000200\Profiles\@My profile\Certificates on the Target registry tab Link to comment Share on other sites More sharing options...
ESET Insiders puff-m-d 120 Posted December 6, 2013 ESET Insiders Share Posted December 6, 2013 Hello, I have had this happen twice on my system. Both times I discovered that the ESET certificate had changed. I have two programs that I have to import the ESET certificate into for the SSL scanning to work. When I lost all of my certificate settings, I found that the certificates that I had imported into those two programs were now not the same as the one being used by ESS. I had to delete those, import the new certificates, and re-save all of the exclusions and trusted certificates that I lost. Perhaps the losing of these settings has something to do with ESS getting a new/different ESET certificate and putting it to use. Just an idea as a new/different certificate has been a common factor when I have lost my settings. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,272 Posted December 6, 2013 Administrators Share Posted December 6, 2013 A new root certificate is generated whenever you re-enable SSL scanning. Link to comment Share on other sites More sharing options...
ESET Insiders puff-m-d 120 Posted December 6, 2013 ESET Insiders Share Posted December 6, 2013 Thanks Marcos, I am fairly sure that when I lost my settings and noticed the certificate change, I had not disabled and re-enabled SSL scanning. I cannot say for sure so I will keep a close watch if this situation happens again on my system. I assume from your answer that the certificate does not change at any other time, only if you disable and then re-enable the SSL scanning and that the certificate change will not affect the SSL settings (will only need to import the new certificate to replace previously imported certificates). Link to comment Share on other sites More sharing options...
tommy456 12 Posted December 8, 2013 Author Share Posted December 8, 2013 Just a brief update, since just prior to adding the registry rule in hips, eset has not lost the ssl cert permissions so far, there has been no prompts from the hips module relating to that reg key rule , so what ever was the cause maybe has fixed it's self or was somehow fixed via an update ? I'll let you know if it starts again , hopefully i will have some info as to the underlying cause Link to comment Share on other sites More sharing options...
tommy456 12 Posted December 11, 2013 Author Share Posted December 11, 2013 Well after some short time, of eset running without issues,all of a sudden whilst i was watching a video on line(steaming) using firefox and my PC froze up, then started runing again, i closed ff using task man and rebooted the pc After it loaded windows and eset adobe flash player eventually appeared as there was a new version available, so i ran the update manager but eset prevented it, firstly by failing to display a prompt pop up (firewall permission and associated adobe ssl cert prompt, and because i had hips on interactive a delay in the prompt to allow what ever was needed by flash player and even after that it still failed, I checked my e-mail and had a mail from eset re my renewal offer, so i clicked on the link and eset would not open the page in ff or ie7 no prompt nothing, so i disabled ssl scanning closed and opened ff on closing ff eset threw up some nonsensical error about ff not being able to import the ssl cert ,retry or cancel.???? But opened browser without ssl and working without issue , There is definitely an issue with eset failing to display pop up prompts from just about every module that will generate one ,this really needs fixing , why do eset release a new version when it ain't 100% someone else has commented on this delayed/or total fail of pop up prompts displaying ,so it aint just me Link to comment Share on other sites More sharing options...
Recommended Posts