Eset Blocking Chromecast

[lamar 10]

4 hours ago, Blackbox88 said:

Turn Windows Defender OFF haha 

Maybe the guy wanted to write: install a better AV app that turns Defender off.

In the secondary school I was always confused by greatly honored poets when I was trying to figure out what they thought of behind their pointless sentences. LOL

Edited July 31, 2019 by lamar

[lamar 10]

4 hours ago, itman said:

What we really haven't talked about is the origin of the problem which is:

Quote

What is causing these errors is a hidden Chrome extension called Chrome Media Router that automatically scans a network for Chromecast devices when the browser starts.

Where does the above quote come from?

4 hours ago, itman said:

Here's a detailed analysis of a recent malware that exploited Chrome Media Router:

Well, I would not call it "recent" as it dates back to January. Do you suppose this bearded malware was able to remain invisible for Eset? I do hope you are not right. It would be a nightmare.

[Blackbox88 2]

1 hour ago, lamar said:

Maybe the guy wanted to write: install a better AV app that turns Defender off.

In the secondary school I was always confused by greatly honored poets when I was trying to figure out what they thought of behind their pointless sentences. LOL

hahahaha so true

[itman 1,659]

11 hours ago, lamar said:

Where does the above quote come from?

From the bleepingcomputer.com link in regards to Kaspersky like issues I posted previously.

11 hours ago, lamar said:

Do you suppose this bearded malware was able to remain invisible for Eset?

Eset along with most VirusTotal AV vendors detect the Trojan. None from what I can tell, detect any of the malicious JavaScript's it uses.

Bottom line - unless browser based Chromecast is used, the Chrome Media Router extension should remain in its default disabled state.

[lamar 10]

Thank you @itman your posts truly contribute to clarity.

[itman 1,659]

1 hour ago, itman said:

Bottom line - unless browser based Chromecast is used, the Chrome Media Router extension should remain in its default disabled state.

Realized this might be misinterpreted.

Based on what I have read, once the Media Router extension is enable in Chrome via use of the Chromecast  casting feature, the extension remains permanently enabled. As such, you remain vulnerable to any attack misusing it.

[Bernhard 0]

I just found the same that ESET NOD 32 Antivirus is blocking Chromecast but only when using Google Chrome latest version. The reason is that Google Chrome now access the Chromecast unit on port 8009 using TLS. By disabling HTTP scanner in Settings->Internet protection->Web Access Protection->Web Protocol I got Google Chrome to detect my Chromecast unit. It would be very nice if it was possible to define ports not to be scanned in ESET. Currently it just says 443, 0-65535 i.e. all ports. Any knows if I can define ports not to be scanned.

[Marcos 5,070]

If it works with 0-8008, 8010-65535, use these ranges. Here I suggested more exclusions as per Google's KB article:

Please check my previous suggestion at

Probably within this week a newer version of the Internet protection module 1375 will be available on the pre-release update channel which will address the issue without defining any exclusions in your ESET product. If everything goes well, the module will be distributed to all users afterwards.

[Blackbox88 2]

1 hour ago, Marcos said:

If it works with 0-8008, 8010-65535, use these ranges. Here I suggested more exclusions as per Google's KB article:

Please check my previous suggestion at

Probably within this week a newer version of the Internet protection module 1375 will be available on the pre-release update channel which will address the issue without defining any exclusions in your ESET product. If everything goes well, the module will be distributed to all users afterwards.

Thank you Marcos for the update! 

[lamar 10]

1 hour ago, Marcos said:

Probably within this week a newer version of the Internet protection module 1375 will be available on the pre-release update channel which will address the issue without defining any exclusions in your ESET product. If everything goes well, the module will be distributed to all users afterwards.

good news

[lamar 10]

I switched to get pre-release updates

[itman 1,659]

2 hours ago, Marcos said:

0-8008, 8010-65535

I would suggest 443, 0-8008, 8010-65535.

It appears the developer set the HTTPS scanning to initially trigger on port 443 and then check for any port directed MITM proxy activity on any other ports which BTW, is what this Eset modification is all about. This processing was initially borked and all processes were being detected and added to the list of SSL/TLS protocol scanned processes. Based on recent testing, it appears the all processes HTTPS scanning has been corrected. I am observing only processes listed that originally connected via port 443.

[lucien 0]

I just uninstall ESET because of this problem - how can we get the new version module or get informed that problem is fixed ?

[Marcos 5,070]

20 minutes ago, lucien said:

I just uninstall ESET because of this problem - how can we get the new version module or get informed that problem is fixed ?

You can enable pre-release updates in the advanced update setup in order to get the new module as early as possible, probably by the beginning of next week.

However, a very similar workaround is by editing the list of HTTPS ports and changing it to "0-8008, 8010-65535" (without quotation marks).

[lucien 0]

I dont have acces to the router - ISP have restricted it. Last night i reinstall last ESET kit from official server and now works OK. Chromecast is visible. 

Later - that didnt last long - now cast destination not found

 

I finally found where to edit https ports from settings of ESET AV - now problem solved

TY Markos!

Edited August 4, 2019 by lucien

[Rsladeasu 1]

Im having this problem too.  For me this is terrible...I am a personal trainer and I use chromecast to cast the days workout into my 2 classrooms.  I can't operate without it.  When will this be fixed?

[Marcos 5,070]

51 minutes ago, Rsladeasu said:

Im having this problem too.  For me this is terrible...I am a personal trainer and I use chromecast to cast the days workout into my 2 classrooms.  I can't operate without it.  When will this be fixed?

If you read the discussion above, the solution is to change the list of HTTPS ports to ranges 0-8008,8010-65535

[lamar 10]

11 hours ago, lucien said:

I dont have acces to the router - ISP have restricted it. Last night i reinstall last ESET kit from official server and now works OK. Chromecast is visible. 

Later - that didnt last long - now cast destination not found

This is discussed here a few days ago. Downloadable version does not contain the most up-to date protection. That's why you were able to cast. After the installation Eset immediately started an update procedure, and when finished, Chromecast is over. That's normal.

I wrote a step-by step workaround guide on 27 July . You can find it on Page 4.

If it helped you, then upvote it please. This will help other guys to find the easiest workaround who do not want to read the whole thread.

Edited August 4, 2019 by lamar

[lamar 10]

1 hour ago, Rsladeasu said:

I am a personal trainer

I wrote a step-by step workaround guide on 27 July . You can find it on Page 4.

If it helped you, then upvote it please. This will help other guys to find the easiest workaround who do not want to read the whole thread.

Edited August 4, 2019 by lamar

[Blackbox88 2]

On 7/26/2019 at 6:30 PM, lamar said:

I truly hope the bugfix will come soon. However you really do not need to wait for that. Do the following step by step:

01. Open Eset console |

02. Click "Setup" |

03. Click "Advanced setup" |

04. Click "Web and email" |

05. Click " Web access protection" |

06. click "Web protocols" |

07. Now you are on the right place |

08. Focus on "Ports used by HTTPS protocol" |

09. You have to see the text "443, 0-65535" in the input field. |

10. Replace the text with "443, 0-8008, 8010-65535" (of course, without quotes) (you can copy-paste) |

11. Press "OK" |

12. If Windows asks for permission, press "Yes" |

13. Close ALL instances of Chrome |

14. Reopen Chrome |

15. Connect to your Chromecast |

16. Success!

After the bugfix will have been rolled out, you can reset the original text you modified.
 

Work around for everybody who doesn't want to read the whole thread! 
Please also upvote it! (On page 4)

All credits go to Lamar!

[AnnaJuist 2]

42 minutes ago, Blackbox88 said:

Work around for everybody who doesn't want to read the whole thread! 
Please also upvote it! (On page 4)

All credits go to Lamar!

I have not used the "Work around" yet, as I thought someone mentioned that if I changed the HTTPS protocol, it would leave my computer vulnerable to attack. Did I misunderstand?

I'm thinking I should just wait till ESET fixes the issue with another update. Am I right? Plus I hope they get around it soon. 

[Blackbox88 2]

1 minute ago, AnnaJuist said:

I have not used the "Work around" yet, as I thought someone mentioned that if I changed the HTTPS protocol, it would leave my computer vulnerable to attack. Did I misunderstand?

I'm thinking I should just wait till ESET fixes the issue with another update. Am I right? Plus I hope they get around it soon. 

Offcourse every exeception will leave you computer vulnerable however this wasn't in the previous version of ESET, which didn't gave any issues, also as you only open one port the risk from my point of view is still low.

Have a good back up of your computer stored somewhere and you are good.

I am running with the workaround and all is going good

[Rsladeasu 1]

The "fix" was working...but today it stopped working again!  WTF.  I hate this

[itman 1,659]

1 hour ago, Rsladeasu said:

The "fix" was working...but today it stopped working again!  WTF.  I hate this

Try excluding both ports 8008 and 8009. So the range specification would be;

443, 0-8007, 8010-65535

[Blackbox88 2]

2 hours ago, Rsladeasu said:

The "fix" was working...but today it stopped working again!  WTF.  I hate this

Can you screenshot the range of ports you exclude? 

Here it is still working.