Jump to content

Archived

This topic is now archived and is closed to further replies.

cutting_edgetech

Eset Internet Security 12.0.27.0 Firewall Blocks access to my School Account Sign-in

Recommended Posts

Eset Internet Security version 12.0.27.0 Firewall blocks my school's sign-in screen from loading when in Interactive Mode. I receive no prompts, it blocks it silently.

It also blocks me from downloading documents on Blackboard when logged into my account in Interactive Mode. This blocking occurs silently also.  The only way to avoid the problem is to switch to Automatic Mode.

 

Here is the sign-in page. Click on "use the single sign-on Mypath" link as shown in the screen shoot.  https://hazard.kctcs.edu/current-students/student-resources/mypath.aspx 

I'm using Windows 10 X64 Pro Version 1709.

mypath.jpg

Share this post


Link to post
Share on other sites

Are you using FireFox as your browser?

Share this post


Link to post
Share on other sites

It is "slowly unfolding" that there might be issues with ver. 12.0.27 Interactive firewall mode.

Temporarily disable Eset's SSL protocol scanning and see if that stops the blocking. If so, report back that it did.

Share this post


Link to post
Share on other sites

This has been an issue since version 11. I just haven't had time to report it until now. I will do as you have instructed, and report back.

Share this post


Link to post
Share on other sites

Disabling SSL protocol Scanning seems to have fixed the problem (not really a fix, but a work around).

It did not work at first, but after clearing the browser cache I was able to load the sign-in page, and sign in with Eset's Firewall in Interactive Mode. 

I was able to sign in with Internet Explorer, and Firefox.

Share this post


Link to post
Share on other sites

Are you having the issue only with that particular website or with any other website as well ?

Share this post


Link to post
Share on other sites

Only, with my school website, AFAIK. I have problems signing in, and also accessing resources once I have signed in. When using blackboard I can't download documents (.pdf, .doc) without switching to Automatic Mode.

Share this post


Link to post
Share on other sites

Here is a screenshot of the sharepoint platform they are using as a central location to access everything. I really like the layout they have.

platform.jpg

Share this post


Link to post
Share on other sites

In this case the issue doesn't appear to be related to the firewall. I was able to reproduce it and merely disabling SSL/TLS filtering helped. Switching the firewall to automatic mode didn't make any difference.

I'll report it to devs and provide them with logs. We'll keep you posted.

Share this post


Link to post
Share on other sites

In the meantime, you could just try to exclude your school's IP address which appears to be, 67.208.145.191, from SSL/TLS protocol scanning. This would prevent you from always having to toggle SSL/TLS protocol scanning off and on.

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

In this case the issue doesn't appear to be related to the firewall. I was able to reproduce it and merely disabling SSL/TLS filtering helped. Switching the firewall to automatic mode didn't make any difference.

I'll report it to devs and provide them with logs. We'll keep you posted.

I also have logs I collected with Eset Log Collector. If you need them I can send them by email, or pm if possible.

Share this post


Link to post
Share on other sites
23 minutes ago, itman said:

In the meantime, you could just try to exclude your school's IP address which appears to be, 67.208.145.191, from SSL/TLS protocol scanning. This would prevent you from always having to toggle SSL/TLS protocol scanning off and on.

Where can I add the IP exception at? I'm not seeing it in the UI.

Share this post


Link to post
Share on other sites

Click on Edit as shown in the below screen shot.

Eset_Exclud_IP.thumb.png.7491771aa74bfd405c082823668a00f1.png

Also if this doesn't work, the real "culprit" is that there is a redirect to login.microsoftonline.com going on prior to the school sign on web page appearing.

Eset_SSL_1.thumb.png.b1a6333c0dd0378e17505e2568100632.png

Share this post


Link to post
Share on other sites
2 minutes ago, itman said:

Click on Edit as shown in the below screen shot.

Eset_Exclud_IP.thumb.png.7491771aa74bfd405c082823668a00f1.png

Also if this doesn't work, the real "culprit" is that there is a redirect to login.microsoftonline.com going on prior to the school sign on web page appearing.

Eset_SSL_1.thumb.png.b1a6333c0dd0378e17505e2568100632.png

Ok, Thank you for all your help!

Share this post


Link to post
Share on other sites
1 hour ago, Marcos said:

In this case the issue doesn't appear to be related to the firewall. I was able to reproduce it and merely disabling SSL/TLS filtering helped. Switching the firewall to automatic mode didn't make any difference.

I'll report it to devs and provide them with logs. We'll keep you posted.

I still can't log in with Interactive Mode, and I still can't download documents in Interactive Mode. Switching the Firewall to Automatic Mode is a temporary fix for me. Switching to Automatic Mode allows me to login, and access all resources on Blackboard.

Eset appears to be treating SSL/TLS filtering differently in Automatic Mode than in Interactive Mode.

I just thought I would let you know so you can pass the word on to the developers.

Thank you for all your help!

cutting_edgetech

Michael

Share this post


Link to post
Share on other sites

Have an idea of what's going on.

When this link,  "use the single sign-on Mypath", which equates to this URL, https://mypath.kctcs.edu/ , is clicked, a redirect to login.microsoftonline.com is done. Immediately thereafter a RuntimeBroker.exe task is started. I believe this task is what the Eset firewall in Interactive mode is blocking. Why this only occurs with SSL protocol scanning enabled is a mystery.

What is do know is there is inconsistent behavior when the firewall is in Automatic mode. Using IE11, the first attempt hangs on the redirect to login.microsoftonline.com. Immediately repeating the connection process again in the browser results the school's logon page being displayed.  Note that I am not logged on to Win 10 via Microsoft mail account.

What is going on here might also be related to if you are logged onto Win 10 via Microsoft mail logon account. It appears to me that is how the school assumes you are logged on and is attempting some verification process based on your device id or the like?

Share this post


Link to post
Share on other sites

I'm not using my own Microsoft On-line ID (windows is a pain to deal with if you authenticate Windows OS login using that method due to privacy issues), but it appears that the school is creating a Online-ID for me to use with Microsoft Sharepoint platform. 

The domains switches twice during the login process.  Take note that Eset blocks even getting to the login screen, but also blocks the login itself most of the time.  I don't remember the domain switches that take place before arriving at the logon page. You can see that yourself though without having logon credentials.

The domain starts at  https://sts.kctcs.edu/......then switches to https://login.microsoftonline.com/login.srf?client-request-id....., and then to https://kctcs.sharepoint.com/sites/mypath

That's about as detailed as I can get for now. I'm typing one handed here due to crazy doctor paralyzing  my hand with botox shots for writers cramp. It will be at least 2 more months before I can type again. I was suppose to graduate this semester in InfoSec, and transfer to another University, That's all on hold now. I will provide what info I can, but it takes me forever to type anything now. ?

Share this post


Link to post
Share on other sites

@Marcos, below is a screen shot of all the URLs used by SharePoint. My guess at this point is SSL protocol scanning doesn't like one or more of those URLs:

Quote

Sharepoint Online Firewall Ports

Below are the list of SharePoint Online firewall ports:

The only ports required are HTTP/S on 80 & 443.

The URL’s required for internet filtering (proxies) are:

*.streaming.mediaservices.windows.net
ajax.aspnetcdn.com – Office Video
r3.res.outlook.com – Office Video and Delve
Spoprod-a.akamaihd.net – Office Video and OneDrive for Business
*.onenote.com
cdn.onenote.net
crl.microsoft.com
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
sa.symcb.com
sd.symcb.com
*.omniroot.com
*.verisign.com
*.symcb.com
*.symcd.com
*.verisign.net
*.geotrust.com
*.entrust.net
*.public-trust.com

Share this post


Link to post
Share on other sites

Eset is no longer blocking my schools login screen, or the login itself when using Interactive  Mode. Also, i'm able to download resources on Blackboard again.

I have made no changes. I don't know if Eset made any changes/fixes or not.

Share this post


Link to post
Share on other sites
11 minutes ago, cutting_edgetech said:

Eset is no longer blocking my schools login screen, or the login itself when using Interactive  Mode. Also, i'm able to download resources on Blackboard again.

I have made no changes. I don't know if Eset made any changes/fixes or not.

It could have been ESET because Marcos said that he will report it to the developers and also as he said it's not related to the firewall , it's related to the SSL/TLS scanning , so setting the firewall as Automatic or Interactive won't make any differences.

Share this post


Link to post
Share on other sites
3 hours ago, cutting_edgetech said:

Eset is no longer blocking my schools login screen, or the login itself when using Interactive  Mode. Also, i'm able to download resources on Blackboard again.

I have made no changes. I don't know if Eset made any changes/fixes or not.

Good to hear the problem has been resolved.

Share this post


Link to post
Share on other sites
4 hours ago, Rami said:

It could have been ESET because Marcos said that he will report it to the developers and also as he said it's not related to the firewall , it's related to the SSL/TLS scanning , so setting the firewall as Automatic or Interactive won't make any differences.

It did make a difference on my machine. Setting the Firewall to Automatic Mode always resolved the problem. That's why I was saying that Eset must be enforcing different SSL/TLS policy in Automatic Mode than Interactive Mode, or the problem is not only SSL/TLS. I could reproduce this 100 percent of the time. This was the case since at least version 11.

Share this post


Link to post
Share on other sites
32 minutes ago, itman said:

Good to hear the problem has been resolved.

Yes, I hope they was able to identify the problem and fix it. If not then Eset client was able to add some policy on it's own from me disabling SSL/TLS that allowed the page to load, and also allowed the login. If that's the case then maybe the problem will reappear once I roll my machine back, or reformat. Hopefully they fixed the problem though.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...