Jump to content

Microsoft Edge Chromium


Recommended Posts

5 hours ago, BeanSlappers said:

Maybe a it doesn't work when parental control is on, but if that is the case, then that is the software need changing.  But in saying that I have tried it with both on and off and still same thing.

The only other thing I can think of at this point is some type of man-in-the-middle is occurring. When this happens, HTTPS traffic is intercepted en-route and decrypted using the attacker's root certificate. In most cases but not always, this breaks "the chain of trust" in the browser resulting in a warning from the browser this activity has taken place.

One possibility is the MITM activity is occurring externally with the Eset root certificate being replaced with the site's original chained root certificate.   Go to this web site which will validate SSL/TLS communication:

https://badssl.com/dashboard/

In FireFox Quantum 68 and EIS 12.1.34, the only tests shown in light red indicating a minor concern are SHA-1 Intermediate and dh1024 Crypto cypher issues. The test area to be noted is the Interception Certificates area.

Edited by itman
Link to comment
Share on other sites

29 minutes ago, BeanSlappers said:

The odd one out.

There is one last thing you can try for detection of external MITM activity.

There is a small developer, well known at wilderssecurity.com, that has developed a small utility program specifically designed to check for external MITM activity. The product is currently in beta testing but works fine; I just previously ran it.

Go here: https://www.trustprobe.com/fs1/apps.html . Click on the "NoSnoop" link to download the utility. Unzip it. Open the unzipped NoSnoop folder. Double click on nosnoop.exe to run the utility. All the web sites shown on the resulting output from the utility should show OK. Note: Windows SmartScreen will alert on this since it was not a Win Store download. So you will have to override it to run the utility. Also, Eset might immediately submit it to LiveGrid; it did for me. Again to be expected, since it appears Eset has no reputation on the utility.

What this utility does is make external and independent connections to the web sites listed to verify the root CA certificates associated with them. It does this without using a browser; only using the device where run from existing network connections to verify that no MITM certificate interception has occured.

Link to comment
Share on other sites

1 hour ago, BeanSlappers said:

0 Detections  and scanned 295.  Everything is all good.

OK. We can rule out MITM activity.

I just noticed something. Firefox Quantum 68 is no longer going to FireFox's Authorities root certificate store in regards to Eset's root CA certificate. Appears it is directly accessing it from the Win 10 root CA certificate store. This in spite of the fact that Eset's root certificate is presently stored in Firefox's Authorities store.

Did you verify that Eset's root certificate is present in the Win 10 root CA certificate store? If not, do the following:

1. Enter certmgr.msc in the Win 10 desktop taskbar search area.

2. Open certmgr.msc.

3. Under "Logical Store Name" section, open the "Trusted Root Certificate Authorities" folder.

4. Open the Certificates folder.

5. Navigate down to the beginning of certs. that begin with "E."

6. Verify that a certificate named "Eset SSL Filter CA" exists.

7. Double click on the cert. to open it. Click on the Certificate Path tab. Certificate status should show it is OK.

8. Close certmgr.msc.

Report back on your findings.

Link to comment
Share on other sites

One last check to perform, After this, I am out of ideas on what your issue is with Eset in regards to SSL/TLS filtering capability.

In FireFox using Options -> Privacy & Security -> Certificates -> View Certificates, navigate to the Eset certificate in the Authorities certificate store. Select the certificate and click on "Edit Trust" as shown in the below screen shot. Verify that "This certificate can identify websites" setting is check marked. If it isn't; check mark it, click on "OK" tab, and repeat the AMTSO Desktop web site tests.

Eset_FF_Cert.png.cc18a46badc52187c6cbc7ca8f5f468d.png

 

Edited by itman
Link to comment
Share on other sites

@BeanSlappers there is another test that needs to be performed.

Using a browser that uses the Win root CA certificate store such IE11 or Edge, go to the AMTSO Desktop test web site. Click on the lock symbol as shown in the below IE11 screen shot and verify that Eset's root certificate is shown.

Eset_IE11.thumb.png.bbf8cc985476f952d01088955b1d84f8.png

 

Link to comment
Share on other sites

  • Administrators

I'm afraid that without logs and possibly a remote session as well we won't be able to help. I'd recommend contacting your local customer care.

Link to comment
Share on other sites

2 minutes ago, BeanSlappers said:

Same thing in there too (had to turn off smart filter to test it).

To clarify, are you stating that Eset's root certificate does not show in IE11? Instead GoDaddy's root certificate shows?

Link to comment
Share on other sites

43 minutes ago, Sammo said:

This is nothing to be concerned about is it?

This is what I referred to previously as far as Quantum ver. 68 goes. What FireFox is informing you of is Eset is not a recognized root CA certificate issuer which obviously it is not. 

If you were to see this same wording for an Eset non-SSL protocol filtered web site, then that would be cause for concern.

Link to comment
Share on other sites

1 hour ago, BeanSlappers said:

Ehhh nothing came up even from GoDaddy, and I told you that GoDaddy is in Firefox.

Again using IE11, go to the AMTSO Desktop tests web site: https://www.amtso.org/security-features-check/ . Then left mouse click on the yellow colored padlock symbol shown in IE11's toolbar. A popup should be displayed as shown in my above posted screen shot showing what root certificate is being used.

When the popup is shown, take a screen shot of the web page and post it.

Link to comment
Share on other sites

31 minutes ago, BeanSlappers said:

That is going to that page in IE

Great! That is what we wanted to see.

At this point, the only other thing I can think of is somehow your FireFox profile is messed up. When FireFox is uninstalled, files associated with the existing profile are retained. This way when FireFox is reinstalled, all your settings, add-ons, etc. are automatically reestablished. Being fairly new to FireFox, I can't assist you on how to fully remove all old profile files, registry settings, etc. You will have to search the web for this info yourself. Perhaps there is a full uninstaller provide by Mozilla?

-EDIT- FireFox does have a "refresh" feature which will create a new profile yet retain passwords and the like: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings . Note: this appears to remove any certificate additions. Since FF 68 is supposed to now use the Windows root CA store for AV certificate resolution, you should not have to go through the procedure to re-add Eset's root cert. to FireFox.

I would also follow @Marcos suggestion and open a support ticket with your local in-country Eset representative. Appears that is Singapore:

ESET Asia Pacific

ESET ASIA PTE LTD
3 Anson Road
#12-01/02 Springleaf Tower
079909
Singapore

Tel: +65 6308 9680 
Fax: +65 6536 8224
Web: www.eset.com

 

Edited by itman
Link to comment
Share on other sites

2 hours ago, itman said:

This is what I referred to previously as far as Quantum ver. 68 goes. What FireFox is informing you of is Eset is not a recognized root CA certificate issuer which obviously it is not. 

If you were to see this same wording for an Eset non-SSL protocol filtered web site, then that would be cause for concern.

Thanks

Link to comment
Share on other sites

One other comment about this:

image.png.9f41317f11cd07841123342fa23e2614.png

If you click on "Learn More," you are directed to this web site: https://support.mozilla.org/en-US/kb/enterprise-roots?as=u&utm_source=inproduct which is void of detail except the reference to Enterprise Roots.

This indicates to me that Firefox ver. 68 is now checking for AV vendors known to perform SSL/TLS protocol scanning and using their certificate stored the Win root certificate CA store regardless of if like certificate is present in the FireFox certificate Authorities store.

Or and more likely, FireFox is verifying the "foreign"; i.e. not Mozilla approved, certificate in its Authorities certificate store to one that exists in the Win root CA certificate store and the message displayed is poorly worded. I believe FireFox will refuse to use a "foreign" Authorities store certificate if it does not correspondingly exist in the Win root CA certificate store.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...