Eset Blocking Chromecast

[itman 1,659]

50 minutes ago, Blackbox88 said:

@itman how do i check which port it is using when redering with VLC to Chromecast?

Open the Eset GUI. Select Tools -> More Tools. Select Network Connections. Right mouse click on the display of all shown connections. Remove the check mark associated with the "Show only TCP connections" option.

At this point all TCP and UDP connections should be shown.

[itman 1,659]

25 minutes ago, AnnaJuist said:

Really??...I do so hope you are right. I have had ESET for several years now. AND I always use my Chromecast to watch movies on my TV. I am elderly and find it difficult to watch programs on my Tablet.

I hope ESET can fix the issue it has with blocking Chromecast, soon. Maybe by the next update?

 I am computer illiterate and do not understand all the "Port" things you fellows are talking about.

Are you stating you are now having problems with your Chromecast TV connection? This all ports protocol scanning issue should not be affecting that.

[Blackbox88 2]

14 minutes ago, itman said:

Open the Eset GUI. Select Tools -> More Tools. Select Network Connections. Right mouse click on the display of all shown connections. Remove the check mark associated with the "Show only TCP connections" option.

At this point all TCP and UDP connections should be shown.

It seems to be using 8010:

Current settings I have in ESET:

[itman 1,659]

54 minutes ago, Blackbox88 said:

It seems to be using 8010:

No. It's using a local proxy connection it appears to me.

It listens for connections on local device port 8010. It then proxies the inbound traffic to the Chromecast dongle via port 8009. For outbound connections, the reverse occurs.

The proxy activity bypasses Esets protocol filtering. Hence, why there is no issue with the VLC app.

[itman 1,659]

I don't know if the following still applies. If is does, it doesn't bode well for Eset's SSL/TLS protocol scanning:

Quote

Answer to the first part of the question is Yes. Chromecast uses a PKI to secure communication. When Chromecast receiver app makes a secure http request (HTTPS/TLS), it is encrypted with a chromecast specific private key certificate (Which leads to Google). A server can use google's public key to decrypt the message and also extract information from the certificate if needed. This also means that you may not want to terminate the TLS on a load balancer and instead need the app server to do that. App server can store the google's public key and use it to decrypt it. There is a document which gives the details on how to decrypt and parse the certificate and what it has. I think if you have a developer account, you can get it.

https://stackoverflow.com/questions/27146081/does-chromecast-come-with-a-certificate-bundle-allowing-simple-webserver-authent

[AnnaJuist 2]

5 hours ago, itman said:

Are you stating you are now having problems with your Chromecast TV connection? This all ports protocol scanning issue should not be affecting that.

There was an ESET update a few days back. One day I was watching YouTube programs on my TV via Chromecast...The next day, I could not "connect". I kept on getting a message "No Devices Found". I contacted Chromecast Help. And the young lady walked me through all kinds of "Experimental"Extentions"Flags" etc things. Even had me download Google Chrome Canary...But nothing worked. She stated that the issue must be within ESET (That I have on my Tablet). I have AVG on my LapTop and I have no problem "Casting" from it nor from my Smartphone. Chromecast works fine with them. 

I will give ESET a while to fix this problem...either with an "Update" or a "Patch". If not, then I will remove ESET from my Tablet and go with another Antivirus program. This is the first issue I have run into with ESET. I have no idea what all the talking about "protocol" or "ports" are & am way too far a novice to pretend that I know what I'm doing.

[Blackbox88 2]

5 hours ago, itman said:

No. It's using a local proxy connection it appears to me.

It listens for connections on local device port 8010. It then proxies the inbound traffic to the Chromecast dongle via port 8009. For outbound connections, the reverse occurs.

The proxy activity bypasses Esets protocol filtering. Hence, why there is no issue with the VLC app.

Ahh oke makes sense.

[Blackbox88 2]

1 hour ago, AnnaJuist said:

There was an ESET update a few days back. One day I was watching YouTube programs on my TV via Chromecast...The next day, I could not "connect". I kept on getting a message "No Devices Found". I contacted Chromecast Help. And the young lady walked me through all kinds of "Experimental"Extentions"Flags" etc things. Even had me download Google Chrome Canary...But nothing worked. She stated that the issue must be within ESET (That I have on my Tablet). I have AVG on my LapTop and I have no problem "Casting" from it nor from my Smartphone. Chromecast works fine with them. 

I will give ESET a while to fix this problem...either with an "Update" or a "Patch". If not, then I will remove ESET from my Tablet and go with another Antivirus program. This is the first issue I have run into with ESET. I have no idea what all the talking about "protocol" or "ports" are & am way too far a novice to pretend that I know what I'm doing.

I think you talked after me to the same person, as I went to the same extensions canary etc.

She is true it is because of a change within ESET.

Do you know which ESET program you have on your tablet (Mobile Security or Smart Security, etc)?
Is the tablet and Andriod or an windows tablet?

Maybe we can help you fix it so you can still enjoy your youtube via tablet while waiting for the full fix from ESET.

[lamar 10]

2 hours ago, AnnaJuist said:

I will give ESET a while to fix this problem...either with an "Update" or a "Patch". If not, then I will remove ESET from my Tablet and go with another Antivirus program. This is the first issue I have run into with ESET. I have no idea what all the talking about "protocol" or "ports" are & am way too far a novice to pretend that I know what I'm doing.

I truly hope the bugfix will come soon. However you really do not need to wait for that. Do the following step by step:

01. Open Eset console | 02. Click "Setup" | 03. Click "Advanced setup" | 04. Click "Web and email" | 05. Click " Web access protection" | 06. click "Web protocols" | 07. Now you are on the right place | 08. Focus on "Ports used by HTTPS protocol" | 09. You have to see the text "443, 0-65535" in the input field. | 10. Replace the text with "443, 0-8008, 8010-65535" (of course, without quotes) (you can copy-paste) | 11. Press "OK" | 12. If Windows asks for permission, press "Yes" | 13. Close ALL instances of Chrome | 14. Reopen Chrome | 15. Connect to your Chromecast | 16. Success!

After the bugfix will have been rolled out, you can reset the original text you modified.
 

Edited July 27, 2019 by lamar

[Marcos 5,074]

The fix will be about a safe certificate exclusion so if you make a relatively safe exclusion now you won't have to wait for the exclusion added via an automatic module update.

[AnnaJuist 2]

9 hours ago, Blackbox88 said:

Do you know which ESET program you have on your tablet (Mobile Security or Smart Security, etc)?
Is the tablet and Andriod or an windows tablet?

Maybe we can help you fix it so you can still enjoy your youtube via tablet while waiting for the full fix from ESET.

Hi Blackbox88....

The young lady, Lauren, at Chromecast was super friendly & and so helpful...not mention, patient with me. I truly am computer illiterate.

I currently have - ESET Internet Security -12.1.34.0 - Windows 8.1 Pro(64-bit)

 

 

[AnnaJuist 2]

8 hours ago, lamar said:

I truly hope the bugfix will come soon. However you really do not need to wait for that. Do the following step by step:

01. Open Eset console | 02. Click "Setup" | 03. Click "Advanced setup" | 04. Click "Web and email" | 05. Click " Web access protection" | 06. click "Web protocols" | 07. Now you are on the right place | 08. Focus on "Ports used by HTTPS protocol" | 09. You have to see the text "443, 0-65535" in the input field. | 10. Replace the text with "443, 0-8008, 8010-65535" (of course, without quotes) (you can copy-paste) | 11. Press "OK" | 12. If Windows asks for permission, press "Yes" | 13. Close ALL instances of Chrome | 14. Reopen Chrome | 15. Connect to your Chromecast | 16. Success!

After the bugfix will have been rolled out, you can reset the original text you modified.
 

Hi Iamar...

If I do those "Steps", will it mess with my "security". Will it leave me open to hacks/attacks?

I'm afraid to change anything. I normally just wait till people much smarter then me fix things. Or till my son comes to visit me. He  has a degree in Computer Science and is a Controls Engineer. But by the time he visits me again, the bug may be fixed...lol

[Marcos 5,074]

I would correct you in that it's not a bug, it's rather an issue caused by design of scanning SSL. The issue occurred after improving protection by extending the list of scanned HTTPS ports to all. Until recently, SSL communication was scanned only on the default HTTPS port 443 which, with the increase of malware utilizing HTTPS communication on other ports, started to pose a risk to users. If Chrome performed MitM on port 8009, then the extension of scanned ports naturally introduced the issue since AVs also perform MitM if they scan SSL communication of any application.

The issue has been reported to ESET, we now know about it and a solution (I wouldn't call it a bugfix because of the reasones above) should be available some time soon.

[lamar 10]

1 hour ago, Marcos said:

I would correct you in that it's not a bug

You are right from the technical point of view. From the valued customer's point of view the phrase "bug" is simply a synonym to ... "problem" ...  "issue" ... "unexpected behavior" ... etc.

I would rather highlight the fact that Eset did not belittle the importance of this question, and did promise an urgent solution.

Edited July 27, 2019 by lamar

[lamar 10]

1 hour ago, AnnaJuist said:

If I do those "Steps", will it mess with my "security".

Of course it will. But please remember this issue is the aftermath of tightening the rules by Eset. After doing those steps, you will not be less secured than you were last week. However it is very important to come back here periodically, and check if the final solution was rolled out. Then the modified part can be reset to its original value.

Edited July 27, 2019 by lamar

[AnnaJuist 2]

20 minutes ago, lamar said:

Of course it will. 

Well... With those words...I think I will wait...lol

I can still use Chromecast over my LapTop, since that one is using AVG...unlike my Tablet that is using ESET. It's just that I love my Tablet...things run faster.

But I do thank you for replying and your input on this topic. Let's just hope that ESET takes our issues serious enough to try and find a working solution.

You have a blessed weekend.

[lamar 10]

@Blackbox88 As I see, you have already whitelisted port 8009 in your Eset settings. May I guess this is why your VLC works seamlessly,

[itman 1,659]

8 hours ago, Marcos said:

if you make a relatively safe exclusion now you won't have to wait for the exclusion added via an automatic module update.

Care to elaborate on how this can be done?

Posters in the thread have tried to do just this using Eset's interactive SSL/TLS protocol scanning certificate exclusion methods. They have failed. The problem is that Eset is blocking the connection to the Chromecast dongle device. As such, the certificate on that device cannot be accessed.

The only way this can be done would be to export the Chromecast certificate from the dongle device and import it into Eset using SSL/TLS protocol scanning certificate exclusion. The question is how can the certificate export from the Chromecast dongle be performed. -EDIT- It is also doubtful this would work. Unlike in Kaspersky where this issue presented as a certificate issue, Eset is blocking the connection prior to this event.

Edited July 27, 2019 by itman

[am_dew 3]

I tried the various temporary fixes on three different computers....two worked and one did not and it is on the same network as one of the computers where the fix worked.  So, to take ESET out of the picture, I uninstalled ESET on the one where it did not work and I am still unable to use Chromecast, so there is something wrong outside of ESET on one of my PCs.  I'm not looking for answers to that issue here, however...just wanted to throw it out there.

[itman 1,659]

28 minutes ago, am_dew said:

I tried the various temporary fixes on three different computers....two worked and one did not and it is on the same network as one of the computers where the fix worked.  So, to take ESET out of the picture, I uninstalled ESET on the one where it did not work and I am still unable to use Chromecast, so there is something wrong outside of ESET on one of my PCs.  I'm not looking for answers to that issue here, however...just wanted to throw it out there.

On the device where Chromcast connectivity cannot be established, Set HTTPS port to only 443 and see if connectivity is now established.

[am_dew 3]

3 minutes ago, itman said:

On the device where Chromcast connectivity cannot be established, Set HTTPS port to only 443 and see if connectivity is now established.

Thanks, but no success.  Since it did not work without ESET installed, I'm thinking it must be an issue outside of ESET.

[itman 1,659]

2 minutes ago, am_dew said:

Thanks, but no success.  Since it did not work without ESET installed, I'm thinking it must be an issue outside of ESET. 

Did Chromecast work properly on this device prior to ver. 12.2.23?

[am_dew 3]

Just now, itman said:

Did Chromecast work properly on this device prior to ver. 12.2.23?

No, I've never been able to get Chromecast to work on it (new PC as of Sept 2018).  I was hoping that it was an ESET issue now that we've learned more about the issue and resolution.

[itman 1,659]

2 minutes ago, am_dew said:

No, I've never been able to get Chromecast to work on it (new PC as of Sept 2018).  I was hoping that it was an ESET issue now that we've learned more about the issue and resolution.

Since it appears you are using Chromecast on multiple network devices, on which device is the dongle attached to?

[am_dew 3]

Just now, itman said:

Since it appears you are using Chromecast on multiple network devices, on which device is the dongle attached to?

The Chromecast dongle I am not able to connect to with one of my PCs is attached to an Onkyo audio-video receiver.  Both PCs that I am trying to connect to that Chromecast are on the same network...one PC is able to connect, the other does not.

The 3rd PC I have is in a different physical location, different network, and a different Chromecast dongle...I have no issues with it after applying the temp fix.