Attempt to add root cert. Failed

[Marcos 5,156]

30 minutes ago, justme12 said:

I had the same results as you yesterday when I removed FFox.  HOWEVER: today I downloaded Revo uninstaller Pro and removed way more FF reg values than the normal uninstall of FF accomplishes.

So did Revo Uninstaller remove also the reference to the Comodo also from profiles.ini?

[justme12 1]

6 minutes ago, Marcos said:

So did Revo Uninstaller remove also the reference to the Comodo also from profiles.ini?

I can't say for sure, but using Revo, after the FF uninstaller finished, Revo identified a vast amount of leftovers in numerous folders which I deleted. After that, all is well.

[itman 1,716]

3 hours ago, justme12 said:

Though I don't see why one has to go through this whole process.  ESET should install regardless and if there is an issue give notice. Must say, I have lost considerable confidence in the software as from a TLS issue that may have left one vulnerable and never knowing unless looking at the logs and then google researching what they mean. "

The problem with Eset as I see it, is it is a "bit too accommodating" in regards to attempting to add its root CA certificate in browsers when there is an existing configuration issue in regards to a particular browser. It should have issued an "AN ATTEMPT TO ADD THE ROOT CERTIFICATE TO xxxxxxxxx BROWSER FAILED" alert, logged the same, and thereafter stopped trying to perform this activity.

Eset should also create a knowledge base article in regards to the above alert stating that there is a configuration issue with the browser preventing Eset from installing its root CA certificate. Eset might also want to consider developing a "clean" utility for both Firefox and Chrome that would uninstall all traces of both. The knowledge base article would then instruct the user to download and reinstall the latest version of FireFox or Chrome.

My understanding is Mozilla will be soon implementing a change to Firefox that will start using the Windows root CA store either in place of or as supplementary certificate retrieval to its own root CA certificate store. In regards to the later approach, it has existed as an option since FF49 version for Enterprise environments. However, it required reconfiguration of Firefox settings that are beyond the scope of the average PC user.

Edited May 10, 2019 by itman

[pcguy 1]

I have temporarily disabled the option in NOD32 to add the cert into known browsers so as to curtail the pages of these errors in the log files. I totally agree Eset should generate less of a generic error message so that the end user can determine exactly which browser is causing the issue. 

I have no idea what "browser" here is causing the issue since Firefox is not installed and as far as I can determine Chrome which is currently my default browser has the cert installed.

[itman 1,716]

1 hour ago, pcguy said:

I have no idea what "browser" here is causing the issue since Firefox is not installed and as far as I can determine Chrome which is currently my default browser has the cert installed

It has already been shown that the other poster with this issue had traces of Comodo installed.

You have already posted you are "always testing new browsers." Even if uninstalled, it is possible Eset is detecting their traces. Ditto for multiple versions of FireFox installed and then subsequently uninstalled.

Finally, I would not install any browser other than IE11, Edge(official release), Chrome, or Firefox when using Eset.

Edited May 10, 2019 by itman

[pcguy 1]

 

 

 

15 minutes ago, itman said:

You have already posted you are "always testing new browsers." Even if uninstalled, it is possible Eset is detecting their traces. Ditto for multiple versions of FireFox installed and then subsequently installed.

Finally, I would not install any browser other than IE11, Edge(official release), Chrome, or Firefox when using Eset.

Well then perhaps its best for Eset and I to part ways then. To hamstring a user in part due to non-descriptive error messages and to have no error handling routines to alert the end user of the issue but instead simply fill up the app log files with thousands of errors.  

[pcguy 1]

Going to leave NOD32 installed on this system for now and will probably decide whether NOD32 remains installed. Will wait for official info from Eset on what the heck is going on with this Windows10 system whether it is Eset official position that one is restricted to release versions ONLY of a web browser when using NOD32 on a system. 

I have installed Firefox release version and NOD32 still is complaining apparently every hour or so that the cert cannot be installed on some unknown browser somewhere on this computer.

[pcguy 1]

On 5/10/2019 at 7:41 AM, justme12 said:

I can't say for sure, but using Revo, after the FF uninstaller finished, Revo identified a vast amount of leftovers in numerous folders which I deleted. After that, all is well.

I just realized that this thread was not in the Eset NOD32 Antivirus section which is the product I am having this issue with. All the browsers currently installed have the same cert installed. Even Firefox release version. Yet the logs continue to get the same old warning message. One option that works is to disable adding the cert to known browsers. That is the least dangerous of the options if NOD32 is installed. It would have been extremely useful if NOD32 could provide a clue on what particular browser install is failing. I am now wondering what else maybe is not functioning properly in NOD32. I Just happened to stumble across this issue last week.

I even took the drastic measure of running CCLeaner to remove what it felt was errorenous registry entries, rebooted and without starting any web browsers I re-enabled TLS monitoring. Within seconds I got 2 of the same errors in the logfiles. 

 

Edited May 14, 2019 by pcguy

[Marcos 5,156]

On 5/11/2019 at 2:01 AM, pcguy said:

I have installed Firefox release version and NOD32 still is complaining apparently every hour or so that the cert cannot be installed on some unknown browser somewhere on this computer.

Please carry on as follows:
- disable SSL filtering
- reboot the machine
- without launching any application, re-enable SSL filtering.

Should the problem persist, start logging with Procmon and disable / re-enable SSL filtering, then stop logging and provide the generated log in a compressed form.

[justme12 1]

8 hours ago, pcguy said:

I just realized that this thread was not in the Eset NOD32 Antivirus section which is the product I am having this issue with. All the browsers currently installed have the same cert installed. Even Firefox release version. Yet the logs continue to get the same old warning message. One option that works is to disable adding the cert to known browsers. That is the least dangerous of the options if NOD32 is installed. It would have been extremely useful if NOD32 could provide a clue on what particular browser install is failing. I am now wondering what else maybe is not functioning properly in NOD32. I Just happened to stumble across this issue last week.

I even took the drastic measure of running CCLeaner to remove what it felt was errorenous registry entries, rebooted and without starting any web browsers I re-enabled TLS monitoring. Within seconds I got 2 of the same errors in the logfiles. 

 

I know it is a real PIA but maybe try a Windows Reset or a clean install.  After my initial events, clearing the residual leftovers from

various installs seems to have worked perfectly. Running Eset on 3 pcs now and no issues.

[pcguy 1]

18 hours ago, Marcos said:

Please carry on as follows:
- disable SSL filtering
- reboot the machine
- without launching any application, re-enable SSL filtering.

Should the problem persist, start logging with Procmon and disable / re-enable SSL filtering, then stop logging and provide the generated log in a compressed form.

I did that Thursday of last week and attached both files here in this thread.

[pcguy 1]

12 hours ago, justme12 said:

I know it is a real PIA but maybe try a Windows Reset or a clean install.  After my initial events, clearing the residual leftovers from

various installs seems to have worked perfectly. Running Eset on 3 pcs now and no issues.

Appreciate the feedback but resetting or doing a clean install of Windows 10 would require a week of work on my part reconfiguring all the additional software I use on a regular basis.

Eset should provide clear indication what the exact installation for the cert failed because I cleansed Firefox from this computer and registry and even reinstalling it did not solve the issue. I have searched all the browsers installed on this machine and all of them have the same cert installed. 

[pcguy 1]

Is the "Personal firewall" of the "Personal firewall: An attempt to add the root certificate to all known browsers on your computer failed." referring to Windows Firewall? Because that is one Eset remote support tech told me and after 1.5 hrs session said they fixed it by disabling SSL/TLS monitoring, rebooting and re-enabling. This is something I had tried countless times over the past week along with uninstalling and wiping all traces of Eset off Windows10 and reinstalling the software. Since I had to leave for an appointment I did not check for an hour and so. When I did I discovered that the reason why the error was not showing up was because SSL/TLS monitoring was disabled. 

[pcguy 1]

In case someone at a later date stumbles upon this error message I figure I will post what the issue was. After a month and countless hours on my part and Eset support and sending numerous log files to Eset support the problem seems to fixed.  The issue was caused by Thunderbird email client which was using a Master password to protect the email passwords in the application. It had nothing to do with any of the web browser applications like Brave, Firefox, Chrome or MS Edge (all variants) that I had installed on this computer. I had to temporarily remove the password off Thunderbird and re enable the option in Eset to add cert to all known browsers.

I just wished the heck NOD32 would of put out more meaningful error message when it encounters a problem like this. If it had simply indicated it was Thunderbird it would of saved a heck of lot of lost hours on my part and Eset support.

 

[itman 1,716]

18 hours ago, pcguy said:

The issue was caused by Thunderbird email client which was using a Master password to protect the email passwords in the application. It had nothing to do with any of the web browser applications like Brave, Firefox, Chrome or MS Edge (all variants) that I had installed on this computer.

Why this would even be remotely related to adding Eset's root CA certificate to non-Microsoft browsers really needs to elaborated upon.

As far as Edge and I also assume IE11, I can't see how it's related at all. Both those browsers use Windows root CA certifcate store. The Eset root CA certificate is added to that when Eset is installed.

[pcguy 1]

I have no idea. All I can say is that since I removed the password on Thunderbird closed it down and restarted I know longer see the error showing up in the log files so far for 2 days. In the past it would show up as soon as I enabled the option or every couple of hours.

Eset really needs to give more detail information in these sorts of errors so that we do not spend time going down rabbit holes. It gets tiring and frustrating.