johnpd 0 Posted July 5, 2018 Share Posted July 5, 2018 (edited) This morning whenever I go to some web sites (especially PayPal), I am getting a popup from NOD32 indicating that a web site is trying to communicate with paypalobjects.com which has an untrusted certificate. Even if I allow it, the message continues until I allow it numerous times and the PayPal website ends up totally messed up. How can this be fixed? JohnD Edited July 5, 2018 by johnpd Spelling error Link to comment Share on other sites More sharing options...
itman 1,741 Posted July 5, 2018 Share Posted July 5, 2018 (edited) I just tried the PayPal web site here in the U.S. in IE11 and had no issue with certificate errors. Of note is PayPall uses an EV certificate and appears to be trusted by Eset. As such, Eset's SSL protocol scanning is not being employed and is not the problem in regards to the PayPal cert. errors. What I did notice was that the PayPal web site cert. chains to an intermediate Symantec root CA issued cert.. I believe that browsers that do not use the Windows root CA cert. store such as Firefox and Chrome are not longer trusting Symantec certificates. Try accessing PayPal in IE11. If you can w/o cert. errors, your problem is browser related. As far as indirect access to PayPal via paypalobjects.com, I ran a check on it using QUALS SSL Server test. As far as these domains are concerned there are no issues: paypal.co.nz 64.4.250.20 paypal.com.mx 64.4.250.19 paypal.cn 64.4.250.14 paypal.fi 64.4.250.13 Based on the above, I would suspect some type of man-in-the-middle activity. Also a much more extensive listing of paypalobjects.com routing info. here: https://www.robtex.com/dns-lookup/paypalobjects.com Edited July 5, 2018 by itman Link to comment Share on other sites More sharing options...
Arakasi 549 Posted July 5, 2018 Share Posted July 5, 2018 Hello Johnpd, I am sorry for the bad experience you are having with the product at the moment. I hope we can provide some assistance here on the forums. First, Thanks itman for your investigative work. John a few things can be checked on your end to rectify this problem. Might i first suggest reading the following KB article : https://support.eset.com/kb3126/?locale=en_US&viewlocale=en_US . Sometimes the SSL scanning gets checked and that creates a real pain for the minimalist consumer who is not experienced with Information Technology as some of us nerds. Another quick thing you could check is your date and time! Ensure that is accurate or you will also receive similar errors. Let us know if that KB article is of any help. Link to comment Share on other sites More sharing options...
itman 1,741 Posted July 5, 2018 Share Posted July 5, 2018 Personally, I don't recommend disabling Eset's SSL protocol scanning until it is verified Eset is the problem. The domain, paypalobjects.com, is PayPal's logon page and is not directly accessible. You will receive a HTTP 403 - Forbidden message when attempting to access it. Verifying the thumbprint for it at the Gibson Research site routed me to domain, paypay.co.uk, indicating that the actual domain you will land at is region dependent. Also that the cert. used in these regionally assigned domain names employ EV certificates further indicating Eset SSL protocol processing would not be involved. There are literally thousands of fraudulent PayPal certificates floating around - ref.: https://www.securityweek.com/lets-encrypt-issues-15000-fraudulent-paypal-certificates-used-cybercrime . These all "chain" to the issuing CA, LetsEncrypt. Link to comment Share on other sites More sharing options...
johnpd 0 Posted July 6, 2018 Author Share Posted July 6, 2018 What ever problem that existed has apparently been fixed. Everything is working fine now. JohnD Link to comment Share on other sites More sharing options...
Recommended Posts