Jump to content
Orascu Vlad

Eset 7.0 tampers with https traffic

Recommended Posts

Hello all

Recently we had some issues with ESET.

We have Eset Endpoint Protection in our environment.

We are also using sign Sign On for some applications.

We have noticed that  SSL/TLS Protocol filtering was blocking / altering https traffic to ADFS, related to sign in info, which was preventing users from logging in to the applications.

After disabling the SSL/TLS filter (as atatched in the picture)  the sign in process succeeded.

Is this ok for this to happen?

Thank you

Capture.PNG

Share this post


Link to post
Share on other sites

Disabling SSL/TLS filtering is not recommended, otherwise HTTPS traffic won't be filtered at all. As a result, Web Control rules may not work, malicious or scam https websites will not be blocked and possible malware downloaded via https may not be detected.

A secure solution would be excluding the particular url or certificate from filtering.

Share this post


Link to post
Share on other sites

You can exclude the appropriate SSL/TLS communication here:

image.png

image.png

Also you can switch the SSL/TLS filtering mode from automatic to interactive so that you are prompted for an action when a secure communication is detected. After excluding the communication based on the particular certificate you can switch back to automatic mode.

Share this post


Link to post
Share on other sites

Hello Marcos

Is it possible to exclude somehow all address for a domain? for example *company.com?

Thank you

Share this post


Link to post
Share on other sites

Hi,

i have some customers with endpoint antivirus with this similar problem.

some webites deploy banner-ad and their zert would block by eset...very ofter for the same zert/website.

image.thumb.png.9159279100c91d3b955536d7b914160b.png

 

All browser, all os (7,10)

 

Any Idea?

Edited by TobiMG79
Adon: users with local admin rights, dont get this windows from ESET!

Share this post


Link to post
Share on other sites

Expired certificates will be handled by the browser itself soon. This change has already been made in consumer products through a module update with Endpoint to follow soon.

Share this post


Link to post
Share on other sites
16 minutes ago, TobiMG79 said:

users with local admin rights, dont get this windows from ESET!

I avoid that generally due to security risks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×