Jump to content

Archived

This topic is now archived and is closed to further replies.

justme12

Attempt to add root cert. Failed

Recommended Posts

Reviewing event logs identified on a daily basis:

"AN ATTEMPT TO ADD THE ROOT CERTIFICATE TO ALL KNOWN BROWSERS FAILED"

Using ESET IS on win 10 pro. New to Eset and not familiar with the event.

Share this post


Link to post
Share on other sites

Please try the following:
- disable SSL/TLS filtering in the advanced setup
- reboot the machine
- without launching any application, re-enable SSL/TLS filtering.

Share this post


Link to post
Share on other sites

Thank you!  It worked.  What would have caused this and was my system compromised due to this cert. fail?

Share this post


Link to post
Share on other sites

It happens when a browser is running at the time when a new root certificate is generated (e.g. when SSL filtering is turned on or when ESET is installed). We try again to add it to the trusted root CA certificate store after a reboot if previous attempts failed.

Share this post


Link to post
Share on other sites

ESET log identifies the event as back again after nightly shut down. ???????

Share this post


Link to post
Share on other sites

What browser are you using? If it is Chrome or Firefox, manually verify if the Eset root CA certificate is stored in the browser's root CA certificate store.

Share this post


Link to post
Share on other sites

I located the certificate in Chrome but NOT in Firefox?

Still getting event log entries.

Share this post


Link to post
Share on other sites

Please gather logs with ESET Log Collector and provide me with the generated archive. Couldn't it be that you have 2 versions of Firefox installed? E.g. 32-bit and 64-bit? Isn't it a portable version?

Share this post


Link to post
Share on other sites

Only one 64bit ver Desktop Firefox.

Share this post


Link to post
Share on other sites

Still getting event message.  ????

Share this post


Link to post
Share on other sites
On ‎5‎/‎3‎/‎2019 at 3:03 PM, justme12 said:

Only one 64bit ver Desktop Firefox.

Since FireFox appears to be the issue, the best solution is to export Eset's root CA store certificate and import it into FireFox's Authorities certificate store.

You can export Eset's root CA store certificate from either the Eset GUI itself or using Win's certmgr.msc utility. This article will show you how to use certmgr.msc to export the Eset root CA store certificate: https://www.thewindowsclub.com/certmgr-msc-certificate-manager-windows. Note that the Eset certificate is located in the "Trusted Root Certificate Authorities" folder. Save the certificate to your desktop or where ever.

You can then import the Eset certificate into FireFox's Authorities CA store. Symantec has a guide on how to do the importing here: https://portal.threatpulse.com/docs/sol/Solutions/ManagePolicy/SSL/ssl_firefox_cert_ta.htm . Note: Do not checkmark the SSL 3.0 option.

 

Share this post


Link to post
Share on other sites

I also have the same problem and disabling TLS rebooting and before running any application in WIndows10 x64 I re-enable TLS and as soon as I do I get the error. I have Firefox beta and nightly both x64 installed along with CHrome, Brave Beta and MS Edge Chromium Dev and Canary. This has been going on for about 2 months well before I installed MS Edge Chromium.

Share this post


Link to post
Share on other sites

I now have the root certificates installed in Chrome, FireFox and Brave.  The Event log shows nothing - HOWEVER when I reboot and open a browser the event reappears.  "The certificates show as installed".

ps

Why would ESET not self install the certificate?????

Share this post


Link to post
Share on other sites

Firefox both of them have the cert already installed as well as Brave Beta. Just wished the heck the log file in NOD32 would indicate what web browser its complaining about. Perhaps its a red herring since I checked Firefox, Brave and even Edge Chromium and  IE  all have the cert installed. With me if I disable the TLS option and delete the events showing the error for May in the log file as soon as I re-enable the option with no browsers open it shows the error in the Logfile

Share this post


Link to post
Share on other sites

What's bothering me now is ESET working properly??????

Share this post


Link to post
Share on other sites

I disabled the option in ESet to Add Root Certificate to Know browsers.

Share this post


Link to post
Share on other sites

You disabled: but does that not lower your protection and ESET is suppose to be able to provide that.  i.e.

For SSL communication to work properly in your browsers/email clients, it is essential that the root certificate for ESET be added to the list of known root certificates (publishers). When enabled, ESET Internet Security will automatically add the ESET root certificate to known browsers (for example, Opera and Firefox). For browsers using the system certification store, the certificate is added automatically (for example, in Internet Explorer).

Share this post


Link to post
Share on other sites

Yes it probably does but ever browser I have installed has this cert installed. I could not find any way of checking the original MS Edge browser certs I rarely use the original MS Edge as a browser. Firefox and Chrome with MS Edge Chromium on occasion. All of which have the Eset cert installed. I do use Thunderbird email client but that appears to have the Eset cert that expires on May 5, 2029 w a SHA Fingerprint of F1:31:6C:34:83:3A:B7:1F:58:8F:A6:93:35:2C:F5:8F:39:EF:ED:F0 installed.

 

As soon as enable the TLS option or the option to Add Root cert blam I get the errors in ESET log. I wished the heck the log file would indicate what particular app/browser its supposedly having issues with!

Share this post


Link to post
Share on other sites

If you have a master password set for firefox logins and passwords, then this is what worked for me.
Disable SSL scanning in Eset, then temporarily disable the master password in firefox. Enable SSL scanning and check whether you still get the error notification. Hopefully it is now fixed. Finally, set your firefox master password.

Share this post


Link to post
Share on other sites
1 minute ago, stackz said:

If you have a master password set for firefox logins and passwords, then this is what worked for me.
Disable SSL scanning in Eset, then temporarily disable the master password in firefox. Enable SSL scanning and check whether you still get the error notification. Hopefully it is now fixed. Finally, set your firefox master password.

No Master Firefox password since I am using Lastpass for password storage. Even switch Chrome to the default browser did not help. Does Eset use the Windows10 app list for the known browser to import the cert into?

 

Share this post


Link to post
Share on other sites

In order to investigate the issue, please provide:

- Logs collected with ESET Log Collector when the error occurs
- A Procmon log from time when you disable and re-enable SSL filtering after a reboot. Stop logging when an error importing the root certificate pops up.

Share this post


Link to post
Share on other sites

Well for me I also noticed that Eseential PIM Pro 8.5 which is an app that I use to keep contact information and appoints etc on Windows 10 would no longer sync up to my Google account. It was throwing a HTTPS denied error. Since I needed the sync to work between my iOS devices I uninstalled NOD32 12.1.34? via Windows10 App center. The Essential PIM issue was fixed.

Right now I am using Malwarebytes Pro along with Windows10 Windows Defender. When I get some time I will try reinstalling NOD32. The only reason why I noticed this error is that I went looking for other information regarding a block that ESET did on a site because it deemed it was  source of Pup.  Only then did I see over 1200 entries of this error over the last 2 months.

I just wonder how many other people are having this issue without knowing its happening

 

Share this post


Link to post
Share on other sites
16 minutes ago, pcguy said:

Well for me I also noticed that Eseential PIM Pro 8.5 which is an app that I use to keep contact information and appoints etc on Windows 10 would no longer sync up to my Google account. It was throwing a HTTPS denied error.

In this instance, you can disable Eset SSL/TLS scanning for the app by setting the app status in "List of SSL/TLS filtered applications" Scan Action to "Ignore." If that doesn't work, your can exclude the app altogether from SSL/TLS protocol filtering by entering its related .exe into Protocol Filtering -> Excluded applications section.

Share this post


Link to post
Share on other sites

It can be that some applications will refuse to communicate if the certificate was not issued to the entity they expect, in this case Google. In such case, check if the application is listed in the list of SSL filtered applications and set the scan action to Ignore:

image.png

Alternatively you can switch SSL filtering to interactive mode, run the application, choose to remember the action for the application and select Ignore.

image.png

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...