Jump to content

Eset looses stored SSL permissions randomly


Recommended Posts

Since i upgraded from version 6 to 7  the lists of  excluded and trusted ssl certs  keeps on being deleted by eset , sometimes it can be several days or only a few hours  before eset just looses these stored permissions and starts prompting for every web site that has a ssl cert ,sites that i have trusted or excluded previously

Is this going to be fixed ? I'm running on win xp sp3  eset ss v7.302 

Link to comment
Share on other sites

  • Administrators

Probably something is deleting the values in HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000200\Profiles\@My profile\Certificates. Try to monitor this registry key to find out under what circumstances the values are removed.

Link to comment
Share on other sites

  • Administrators

If the problem occurs intermittently, I wouldn't probably use Procmon or it may ran out of memory if you leave it running for too long. Try exporting the above mentioned registry key and when the issue occurs, compare the current value with the exported one to see if it was really changed / removed.

Link to comment
Share on other sites

I tried your suggestion of exporting the key and comparing it , and it does appear that eset is loosing ssl cert entries, as the permission had been trusted only hrs ago so was added ,and was in the exported reg file, but it wasn't present in the current reg key

 

when it repeated the prompt for it,  nor was it present in the ssl lists in eset's gui ,so it seems that they are getting deleted or updated too frequently? Although in the past i can remember eset wiping all ssl entries that had been stored, on occasions  but this wasn't very frequent

Link to comment
Share on other sites

  • Administrators

The question is whether it's actually ESET or another software that is causing the values to reset. Maybe you could create a HIPS rule that would notify you when another application attempts to change the values. Also you could try to find a pattern when the values get reset (e.g. after a computer restart, after an update, when running a specific application, etc.).

Link to comment
Share on other sites

Hi, when i compared the current reg file with the one i had exported earlier, some of the stored ssl permissions where there, so it doesn't loose then all each time /reset , but it has reset  in the past version 6 on occasions usually following an update, but as it wasn't that frequent  i wasn't too bothered by it ,

Can you please explain how i would set up a hips rule in eset that would notify me if another process attempted to change the values , sounds like a good idea

 

Ok i think i have it set up correct me if i've gotten something wrong i have set hips to interactive mode (not sure if this is required or not) source apps is all, and the target registry  and the key as in above post , and it's set to ask  is this the correct way to set it up ?

Edited by tommy456
Link to comment
Share on other sites

  • Administrators

I wouldn't suggest switching to interactive mode or HIPS may often prompt you to select a desired action upon certain events. Switch back to automatic mode with rules and create a rule with:

- action set to Ask

- all operations selected on the Target registry tab

- add the registry key HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Plugins\01000200\Profiles\@My profile\Certificates on the Target registry tab

Link to comment
Share on other sites

  • ESET Insiders

Hello,

 

I have had this happen twice on my system. Both times I discovered that the ESET certificate had changed. I have two programs that I have to import the ESET certificate into for the SSL scanning to work. When I lost all of my certificate settings, I found that the certificates that I had imported into those two programs were now not the same as the one being used by ESS. I had to delete those, import the new certificates, and re-save all of the exclusions and trusted certificates that I lost. Perhaps the losing of these settings has something to do with ESS getting a new/different ESET certificate and putting it to use. Just an idea as a new/different certificate has been a common factor when I have lost my settings.

Link to comment
Share on other sites

  • ESET Insiders

Thanks Marcos,

 

I am fairly sure that when I lost my settings and noticed the certificate change, I had not disabled and re-enabled SSL scanning. I cannot say for sure so I will keep a close watch if this situation happens again on my system. I assume from your answer that the certificate does not change at any other time, only if you disable and then re-enable the SSL scanning and that the certificate change will not affect the SSL settings (will only need to import the new certificate to replace previously imported certificates).

Link to comment
Share on other sites

Just a brief update, since just prior to adding the  registry rule in hips, eset has not lost the ssl cert permissions so far, there has been no prompts from the hips module relating to that reg key rule , so what ever was the cause maybe has fixed it's self or was somehow fixed via an update ? I'll let you know if it starts again , hopefully i will have some info as to the underlying cause

Link to comment
Share on other sites

Well after some short time, of eset running without issues,all of a sudden whilst i was watching a video on line(steaming) using firefox and my PC froze up, then started runing again, i closed ff using task man and rebooted the pc

After it loaded windows and eset  adobe flash player eventually appeared  as there was a new version available, so i ran the update manager but eset prevented it, firstly by failing to display a prompt pop up (firewall permission and associated adobe ssl cert prompt, and because i had hips on interactive a delay in the prompt to allow what ever was needed by flash player   and even after that it still failed,

I checked my e-mail  and had a mail from eset re my renewal offer, so i clicked on the link and eset would not open the page in ff or ie7  no prompt nothing, so i disabled  ssl scanning closed and opened ff on closing ff eset threw up some nonsensical error  about ff not being able to import the ssl cert ,retry or cancel.???? But opened browser without ssl and working without issue ,

 

There is definitely an issue with eset failing to display pop up prompts from just about every module that will generate one ,this really needs fixing , why do eset release a new version when it ain't 100%  someone else has commented on this delayed/or total fail of pop up prompts displaying ,so it aint just me

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...