Endpoint Antivirus SSL/TLS Filtering

[ma77y88 2]

Hi,

Since installing 7.0.2073.1, alerts about expired or untrusted certificates keep popping up asking to either block or allow.

I am currently testing this on my own PC but have 2000+ clients which will need the latest update but the way this works at the moment is unmanageable to roll out as we will get endless support calls when users visit websites with certificate issues.

Can someone advise what approach to take with this? In all previous releases this wasn't an issue.

[Marcos 5,070]

Please provide a couple of examples of websites on which an untrusted certificate was reported.

By default, if a certificate is invalid the communication should be blocked automatically:

 

Quote

In all previous releases this wasn't an issue. 

That's because SSL/TLS filtering had been disabled in Endpoint until v7. Without enabling it, https websites could not be scanned for malware for instance.

[ma77y88 2]

Yes, these are the settings we have set.

I don't have any specific examples to give as they just show up as and when a website certificate is untrusted.

It was more the fact that to an end-user, pressing 'Allow' prompts for an administrator password which is going to generate extra support calls.

If it's by design, then there's not much that can be done!

[Marcos 5,070]

Please provide us with some screen shots that would help us understand what's going on. Provide the https url as well as certificate details.

[Johnny Wan 0]

I have the same issue? Using Version 7 and users are getting the password prompt when they need to Remember this action?

Is there a way to disable the requirement for a password? or do I need to turn off certificate checking completely?

Many thanks

Johnny

 

[Marcos 5,070]

14 minutes ago, Johnny Wan said:

I have the same issue? Using Version 7 and users are getting the password prompt when they need to Remember this action?

Please click the "untrusted certificate" link and post a screen shot of the certificate details.

[Johnny Wan 0]

i have entered the admin password as user had to work?

The issue happens because we block traffic to outlook.office35.com

My concern is when users visit other sites and to move forward they need the admin password to remove the pop up?

[Marcos 5,070]

The question is what certificate is untrusted and why. If it was trusted, the warning would not pop up.

[Johnny Wan 0]

The issue is end users need to ask us for the admin password in order to confirm the change? 

[Marcos 5,070]

3 minutes ago, Johnny Wan said:

The issue is end users need to ask us for the admin password in order to confirm the change? 

If the certificate was trusted, the prompt window wouldn't pop up and users would not need to choose an action and enter a password.

Please provide a screen shot of the certificate details.

[itman 1,659]

5 hours ago, Johnny Wan said:

outlook.office35.com

I analyzed outlook.office365.com at QUALS: https://www.ssllabs.com/ssltest/analyze.html?d=outlook.office365.com . The certificate and chaining path are fine. See below screen shot.

Suspect this alert is happening in Firefox due to either Eset SSL proxying activities; i.e, Eset root CA cert. being used or there is a certificate issue within Firefox since they use their own root CA certificate store.

 

Edited November 12, 2018 by itman

[itman 1,659]

7 hours ago, Johnny Wan said:

The issue happens because we block traffic to outlook.office35.com

I also don't understand the above statement. If you are blocking outlook.office365.com connections, why is Firefox showing that indeed a connection was made?