Eset Blocking Chromecast

[itman 1,746]

3 minutes ago, am_dew said:

The Chromecast dongle I am not able to connect to with one of my PCs is attached to an Onkyo audio-video receiver. 

Onkyo equipment is notoriously temperamental.

This also might be routing issue. PC that can't connect to Chromecast device can't "see" the dongle since it is connected to the AV receiver.

[Blackbox88 2]

4 hours ago, lamar said:

@Blackbox88 As I see, you have already whitelisted port 8009 in your Eset settings. May I guess this is why your VLC works seamlessly,

No VLC always worked even when the 8009 was still in the scanning range.

Itman explained that VLC most likely uses a different method of communication:

21 hours ago, itman said:

No. It's using a local proxy connection it appears to me.

It listens for connections on local device port 8010. It then proxies the inbound traffic to the Chromecast dongle via port 8009. For outbound connections, the reverse occurs.

The proxy activity bypasses Esets protocol filtering. Hence, why there is no issue with the VLC app.

[am_dew 3]

15 minutes ago, itman said:

Onkyo equipment is notoriously temperamental.

This also might be routing issue. PC that can't connect to Chromecast device can't "see" the dongle since it is connected to the AV receiver.

What does not make any sense to me is why one PC in the same house, on the same network, can connect to the Chromecast without issue now that I've applied the temp fix.  I've been through every network related setting on the problem PC and it all looks OK.

[Blackbox88 2]

5 hours ago, lamar said:

You are right from the technical point of view. From the valued customer's point of view the phrase "bug" is simply a synonym to ... "problem" ...  "issue" ... "unexpected behavior" ... etc.

I would rather highlight the fact that Eset did not belittle the importance of this question, and did promise an urgent solution.

As Merriam Webster defines the word bug:

: an unexpected defect, fault, flaw, or imperfection

https://www.merriam-webster.com/dictionary/bug

[itman 1,746]

1 hour ago, am_dew said:

What does not make any sense to me is why one PC in the same house, on the same network, can connect to the Chromecast without issue now that I've applied the temp fix.  I've been through every network related setting on the problem PC and it all looks OK.

I am far from an expert when it comes to IoT connectivity.

But based on this article: https://blog.bestbuy.ca/tv-audio/tv-home-theatre-tv-audio/how-to-connect-chromecast-chromecast-audio-to-your-av-receiver , connecting the Chromecast dongle to an AV receiver only allows for output from that dongle to anything directly connected to the AV receiver. That usually is a TV, X-Box, etc..

It appears latter version Onkyo receivers haves Chromecast built-in but that is only for audio streaming.

In other words in this configuration, I see no way how your PC not physically connected to the AV receiver could communicate with a Chromecast dongle attached to the AV receiver.

Edited July 27, 2019 by itman

[am_dew 3]

30 minutes ago, itman said:

I am far from an expert when it comes to IoT connectivity.

But based on this article: https://blog.bestbuy.ca/tv-audio/tv-home-theatre-tv-audio/how-to-connect-chromecast-chromecast-audio-to-your-av-receiver , connecting the Chromecast dongle to an AV receiver only allows for output from that dongle to anything directly connected to the AV receiver. That usually is a TV, X-Box, etc..

It appears latter version Onkyo receivers haves Chromecast built-in but that is only for audio streaming.

In other words in this configuration, I see no way how your PC not physically connected to the AV receiver could communicate with a Chromecast dongle attached to the AV receiver.

The A/V receiver (AVR) is connected to the TV via an HDMI port and supplies a video signal to the TV just like a cable box or BlueRay player..  The Chromecast dongle is a network device that communicates with a PC(s) or other compatible device, and essentially is just another input source for the AVR, just like a cable box is.  The PC does not need to be connected to the AVR in any respect -- the Chromecast dongle is the "receiving device" here and is just passing the signal it gets on to the AVR.  In this case, I have one PC which is unable to communicate with the Chromecast dongle, while another one is able.  This exact setup has always worked until I replaced a PC...before then it worked on both PCs.  Both PCs are on windows 10, same version of Windows, Chrome browser, etc. etc.

PC --> Chromecast dongle --> AVR --> TV

Edited July 27, 2019 by am_dew

[lamar 10]

@am_dew Did you try to connect with another NIC? If it is a laptop, disable WiFi and try connecting wired. If your rig is not equipped with a wired NIC, a cheap USB2/100BaseT will be worth a try. Also, you can try to set up a VM on that PC. Do not forget to configure the VM's NIC from NAT to Bridged. Install a  fresh Windows along with a single Chrome on the VM.

Edited July 27, 2019 by lamar

[am_dew 3]

4 minutes ago, lamar said:

@am_dew Did you try to connect with another NIC? If it is a laptop, disable WiFi and try connecting wired. If your rig is not equipped with a wired NIC, a cheap USB2/100BaseT will be worth a try. Also, you can try to set up a VM on that PC. Do not forget to configure the VM's NIC from NAT to Bridged. Install a  fresh Windows along with a single Chrome on the VM.

Thanks.  Both desktop PCs are network connected via hard wire.  I'm not going to spend any more time getting it to work since one PC connects to the Chromecast dongle fine as does my Android phone.

[itman 1,746]

1 hour ago, am_dew said:

Thanks.  Both desktop PCs are network connected via hard wire.  I'm not going to spend any more time getting it to work since one PC connects to the Chromecast dongle fine as does my Android phone.

Check this out: https://support.google.com/chromecast/answer/3249268?hl=en . Run the automated troubleshooter first.

[am_dew 3]

50 minutes ago, itman said:

Check this out: https://support.google.com/chromecast/answer/3249268?hl=en . Run the automated troubleshooter first.

Thanks, I tried all that including a factory reset of the Chromecast dongle without success.  I give up.

[Taradise 0]

On 7/28/2019 at 9:21 AM, am_dew said:

Thanks, I tried all that including a factory reset of the Chromecast dongle without success.  I give up.

ESET sent this to me and it worked.

I will suggest following this KB article: https://support.eset.com/kb5765/ 
And make an exception for chrome.exe under the excluded applications.

[Marcos 5,266]

13 hours ago, Taradise said:

I will suggest following this KB article: https://support.eset.com/kb5765/ 
And make an exception for chrome.exe under the excluded applications.

If you use Chrome for browsing the Internet, don't exclude it from scanning or you will not be fully protected against threats that come from the Internet through browsers.

I'd suggest making this change in the list of HTTPS ports:

 

 

[lamar 10]

9 hours ago, Marcos said:

If you use Chrome for browsing the Internet, don't exclude it from scanning or you will not be fully protected against threats that come from the Internet through browsers.

Yes. The  guys who googled "eset vs chromecast" are navigated here, and usually do not read the whole thread, That's why it  is the 3rd or 4th time this misleading and dangerous suggestion comes up.

PEOPLE, DO NOT WHITELIST CHROME.EXE ITSELF ALONE ANYWHERE AND ANYTIME AS THIS KICKS YOUR PROTECTION'S   _SS   (<< originally an auto-moderated pharse was here).

Relating  to your suggestion: It is my experience in the past few days that whitelisting of ports 8008 and 8443 is not necessary.

Edited July 29, 2019 by lamar

[Blackbox88 2]

18 minutes ago, lamar said:

Relating  to your suggestion: It is my experience in the past few days that whitelisting of ports 8008 and 8443 is not necessary.

Same here! 
Only white listed port 8009 and chromecast works like a charm '

Did sent Taradise a PM hope she didn't whitelist Chrome.exe

Edited July 29, 2019 by Blackbox88

[Taradise 0]

Thanks guys, I did specifically ask ESET if my system would still be protected and they said it would. I will however try to make the changes you have suggested.

[Blackbox88 2]

6 minutes ago, Taradise said:

Thanks guys, I did specifically ask ESET if my system would still be protected and they said it would. I will however try to make the changes you have suggested.

Let us know if you need help  

[itman 1,746]

Although not directly related to this Eset Chromecast issue, it is imperative that one validate that ports 8008, 8009, and 8443 are not open on the WAN side of the router. Before you ignore this, read this Sophos article:

Quote

This time, it seems the Giraffe was aided and abetted by an online chum going by the name j3ws3r (whether that’s an anti-semitic slur or just hacker-style spelling of the word “user”, where the j is pronounced as y, is an open question).

According their own website, the pair identified more than 72,000 vulnerable Chromecast and Google Home devices

https://nakedsecurity.sophos.com/2019/01/04/dont-fall-victim-to-the-chromecast-hackers-heres-what-to-do/

Edited July 29, 2019 by itman

[am_dew 3]

6 minutes ago, itman said:

Although not directly related to this Eset Chromecast issue, it is imperative that one validate that ports 8008, 8009, and 8443 are not open on the WAN side of the router. Before you ignore this, read this Sophos article: https://nakedsecurity.sophos.com/2019/01/04/dont-fall-victim-to-the-chromecast-hackers-heres-what-to-do/

Can this thing we call technology get any more complicated?  I really feel for the non-IT types.

[lamar 10]

Let me resolve the "8008, 8009, 8443" story. The original article is here:

https://support.google.com/chromecast/answer/9216542

This whitepaper presents tips to improving Chromcast's protection against malicious hacks coming from outside. It says if you set up forwarding (i.e. you left open) ports 8008, 8009, 8443 in your ROUTER, consider closing them as this exposes your online Chromecast devices to attacks coming from the internet. Someone somewhere sometime derived from this article such an idea that ports 8008 and 8443 also take part in the current conflict between Chromecast and Eset. They do not. We have to focus only on port 8009.

 

[Taradise 0]

3 hours ago, Blackbox88 said:

Let us know if you need help  

Hi, having problems connecting to Chromecast again, how do I go about whitelisting Port 8009?

Sorry I am NOT overly IT savvy!

Many Thanks

[Blackbox88 2]

7 minutes ago, Taradise said:

Hi, having problems connecting to Chromecast again, how do I go about whitelisting Port 8009?

Sorry I am NOT overly IT savvy!

Many Thanks

All credits got to @lamar

On 7/26/2019 at 6:30 PM, lamar said:

I truly hope the bugfix will come soon. However you really do not need to wait for that. Do the following step by step:

01. Open Eset console | 02. Click "Setup" | 03. Click "Advanced setup" | 04. Click "Web and email" | 05. Click " Web access protection" | 06. click "Web protocols" | 07. Now you are on the right place | 08. Focus on "Ports used by HTTPS protocol" | 09. You have to see the text "443, 0-65535" in the input field. | 10. Replace the text with "443, 0-8008, 8010-65535" (of course, without quotes) (you can copy-paste) | 11. Press "OK" | 12. If Windows asks for permission, press "Yes" | 13. Close ALL instances of Chrome | 14. Reopen Chrome | 15. Connect to your Chromecast | 16. Success!

After the bugfix will have been rolled out, you can reset the original text you modified.
 

So should look like this:

Edited July 30, 2019 by Blackbox88

[Taradise 0]

13 minutes ago, Blackbox88 said:

All credits got to @lamar

So should look like this:

Thank you very much, that worked! Appreciate your help.

Cheers

Allan

[itman 1,746]

I just came across an interesting Google posting related to Chromecast titled;

Cannot cast content from a wired PC connected to same router as wifi to which chromecast 3 connected

Of note is the last recommendation:

Quote

Turn Windows Defender OFF.

https://support.google.com/chromecast/thread/4191235?hl=en

As such, I don't expect a speedy resolution to this issue other than the Eset SSL/TLS protocol scanning HTTPS port 8009 exclusion.

[Blackbox88 2]

Turn Windows Defender OFF haha 

Uhmm sounds like a great advice!

A bit like white listing Chrome.exe

[itman 1,746]

What we really haven't talked about is the origin of the problem which is:

Quote

What is causing these errors is a hidden Chrome extension called Chrome Media Router that automatically scans a network for Chromecast devices when the browser starts.

Here's a detailed analysis of a recent malware that exploited Chrome Media Router:

Quote

Google Chrome

Razy edits the file ‘%PROGRAMFILES%\Google\Chrome\Application\\chrome.dll’ to disable the extension integrity check. It renames the original chrome.dll file chrome.dll_ and leaves it in the same folder.

It creates the following registry keys to disable browser updates:

• “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\AutoUpdateCheckPeriodMinutes” = 0 (REG_DWORD)
• “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\DisableAutoUpdateChecksCheckboxValue” = 1 (REG_DWORD)
• “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\InstallDefault” = 0 (REG_DWORD)
• “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update\UpdateDefault” = 0 (REG_DWORD)

We have encountered cases where different Chrome extensions were infected. One extension in particular is worth mentioning: Chrome Media Router is a component of the service with the same name in browsers based on Chromium. It is present on all devices where the Chrome browser is installed, although it is not shown in the list of installed extensions. During the infection, Razy modified the contents of the folder where the Chrome Media Router extension was located: ‘%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm’.

https://securelist.com/razy-in-search-of-cryptocurrency/89485/

Edited July 30, 2019 by itman