Jump to content

Endpoint Antivirus SSL/TLS Filtering


ma77y88
 Share

Recommended Posts

Hi,

Since installing 7.0.2073.1, alerts about expired or untrusted certificates keep popping up asking to either block or allow.

I am currently testing this on my own PC but have 2000+ clients which will need the latest update but the way this works at the moment is unmanageable to roll out as we will get endless support calls when users visit websites with certificate issues.

Can someone advise what approach to take with this? In all previous releases this wasn't an issue.

Link to comment
Share on other sites

  • Administrators

Please provide a couple of examples of websites on which an untrusted certificate was reported.

By default, if a certificate is invalid the communication should be blocked automatically:

image.png

 

Quote

In all previous releases this wasn't an issue. 

That's because SSL/TLS filtering had been disabled in Endpoint until v7. Without enabling it, https websites could not be scanned for malware for instance.

Link to comment
Share on other sites

Yes, these are the settings we have set.

I don't have any specific examples to give as they just show up as and when a website certificate is untrusted.

It was more the fact that to an end-user, pressing 'Allow' prompts for an administrator password which is going to generate extra support calls.

If it's by design, then there's not much that can be done!

Link to comment
Share on other sites

  • Administrators

Please provide us with some screen shots that would help us understand what's going on. Provide the https url as well as certificate details.

Link to comment
Share on other sites

I have the same issue? Using Version 7 and users are getting the password prompt when they need to Remember this action?

Is there a way to disable the requirement for a password? or do I need to turn off certificate checking completely?

Many thanks

Johnny

 

image.png

Link to comment
Share on other sites

  • Administrators
14 minutes ago, Johnny Wan said:

I have the same issue? Using Version 7 and users are getting the password prompt when they need to Remember this action?

Please click the "untrusted certificate" link and post a screen shot of the certificate details.

Link to comment
Share on other sites

i have entered the admin password as user had to work?

The issue happens because we block traffic to outlook.office35.com

My concern is when users visit other sites and to move forward they need the admin password to remove the pop up?

Link to comment
Share on other sites

  • Administrators
3 minutes ago, Johnny Wan said:

The issue is end users need to ask us for the admin password in order to confirm the change? 

If the certificate was trusted, the prompt window wouldn't pop up and users would not need to choose an action and enter a password.

Please provide a screen shot of the certificate details.

Link to comment
Share on other sites

5 hours ago, Johnny Wan said:

outlook.office35.com

I analyzed outlook.office365.com at QUALS: https://www.ssllabs.com/ssltest/analyze.html?d=outlook.office365.com . The certificate and chaining path are fine. See below screen shot.

Suspect this alert is happening in Firefox due to either Eset SSL proxying activities; i.e, Eset root CA cert. being used or there is a certificate issue within Firefox since they use their own root CA certificate store.

Outlook_Cert_2.thumb.png.0c58cd8e74d3ef2eff69a21f7fda3731.png

 

Edited by itman
Link to comment
Share on other sites

7 hours ago, Johnny Wan said:

The issue happens because we block traffic to outlook.office35.com

I also don't understand the above statement. If you are blocking outlook.office365.com connections, why is Firefox showing that indeed a connection was made?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...