Eset Blocking Chromecast

[Marcos 5,074]

For me it worked with:
0-8008,8010-65535

I've just tested Internet protection module 1375 (not released yet) and casting worked with the whole range of HTTPS ports 0-65535. The module should be available on the pre-release update channel probably tomorrow or even later today.

[Taradise 0]

On 8/5/2019 at 9:58 AM, AnnaJuist said:

I have not used the "Work around" yet, as I thought someone mentioned that if I changed the HTTPS protocol, it would leave my computer vulnerable to attack. Did I misunderstand?

I'm thinking I should just wait till ESET fixes the issue with another update. Am I right? Plus I hope they get around it soon. 

I followed the above step by step "work Around" last week and have had no issues since then, all working as per normal.

[lamar 10]

Internet Protection Module #1375 is rolled out on the pre-release update channel, and it works fine for me with the default Eset settings. There is no more need of  whitelisting port 8009. Hopefully it will be rolled out soon on the  regular update channel as well.

[Blackbox88 2]

1 minute ago, lamar said:

Internet Protection Module #1375 is rolled out on the pre-release update channel, and it works fine for me with the default Eset settings. There is no more need of  whitelisting port 8009. Hopefully it will be rolled out soon on the  regular update channel as well.

That is good news!

After the update do we have to revert the HTTP port selection or will it automatically be done by installing the update?

[lamar 10]

12 minutes ago, Blackbox88 said:

After the update do we have to revert the HTTP port selection or will it automatically be done by installing the update?

It will not. For maximum reliability It is a general software behavior that manual modifications can be reverted only manually.

[Blackbox88 2]

29 minutes ago, lamar said:

It will not. For maximum reliability It is a general software behavior that manual modifications can be reverted only manually.

Oke makes sense so as soon as the update is roll out we need to make sure to revert the white listing of port 8009

[gensyscon 0]

I have turned on pre-release updates, but my module list doesn't show Internet Protection Module #1375 as having been updated. It shows most recent update as July 31, 2019. Is the update still promulgating? I'm in New York.

[Marcos 5,074]

12 minutes ago, gensyscon said:

I have turned on pre-release updates, but my module list doesn't show Internet Protection Module #1375 as having been updated. It shows most recent update as July 31, 2019. Is the update still promulgating? I'm in New York.

If you have Internet protection module 1375 then you have already received it and the issue is fixed.

[lamar 10]

58 minutes ago, gensyscon said:

I have turned on pre-release updates, but my module list doesn't show Internet Protection Module #1375

After switching on pre-release updates, an immediate update starts. This takes a relatively long time (several minutes) since Eset has to download and install a lot of new stuff. When finished, you will have #1375 there with the build date of 7/31. Please note that the build date differs from the download date or even the roll out date. As I wrote before: an Eset Employee informed me on 7/26 that they have successfully localized the issue based on my log files, therefore a build date of 7/31 is absolutely reasonable. Of course it took some days to perform internal tests before pre-releasing on this Tuesday.

By the way I do not recommend switching on pre-release updates permanently if you are not an experienced customer. For me its now switched off thus I have Internet Protection Module #1372.2 with build date of 07/25 and I am looking forward to the regular release hopefully rolling out within a few days.

[Marcos 5,074]

To anybody, don't be afraid of switching to the pre-release update channel on non-critical systems. Pre-release is in no way meant to be a beta channel and modules there have been already thoroughly tested. With pre-release updates you also have more control over modules since you can switch to regular updates to fix possible problems yourself while ESET is investigating it and preparing a fix.

We release modules as follows:

1. wave: released for QA testing
2. wave: released for internal testing on a bigger group of production machines and for beta versions
3. wave: released for users with the pre-release update channel set
4. wave: released in batches gradually to all users
5. wave: released for all users.

[Michael Poczynek 0]

Running 12.2.23.0/Windows 10 same thing.  Tried everything I read about.  Had to remove Nod 32 to get access to Chromecast.  

 

[Marcos 5,074]

5 minutes ago, Michael Poczynek said:

Running 12.2.23.0/Windows 10 same thing.  Tried everything I read about.  Had to remove Nod 32 to get access to Chromecast.  

 

Did you exclude port 8009 from SSL scanning as suggested above? You could also switch to pre-release update channel to get the latest version of the Internet protection module which applies a safe exclusion without user's intervention?

[Blackbox88 2]

35 minutes ago, Michael Poczynek said:

Running 12.2.23.0/Windows 10 same thing.  Tried everything I read about.  Had to remove Nod 32 to get access to Chromecast.  

 

On 8/4/2019 at 2:09 PM, Blackbox88 said:

  On 7/26/2019 at 6:30 PM, lamar said:

I truly hope the bugfix will come soon. However you really do not need to wait for that. Do the following step by step:

01. Open Eset console |

02. Click "Setup" |

03. Click "Advanced setup" |

04. Click "Web and email" |

05. Click " Web access protection" |

06. click "Web protocols" |

07. Now you are on the right place |

08. Focus on "Ports used by HTTPS protocol" |

09. You have to see the text "443, 0-65535" in the input field. |

10. Replace the text with "443, 0-8008, 8010-65535" (of course, without quotes) (you can copy-paste) |

11. Press "OK" |

12. If Windows asks for permission, press "Yes" |

13. Close ALL instances of Chrome |

14. Reopen Chrome |

15. Connect to your Chromecast |

16. Success!

After the bugfix will have been rolled out, you can reset the original text you modified.

[Vader 1]

On 7/23/2019 at 12:44 PM, lamar said:

@Scorpion: Marcos is right . Putting chrome.exe itself to the exclusion list equals to disabling the entire SSL/TLS filtering service since browser generates 90% of the secured traffic for an average user.

@Marcos: I do not agree with you that it is not a bug. If a new phenomenon appears that did not exist before we can distinguish two ways. If it makes our life happier, it is a nice feature. If it makes our life confusing, it is an ugly bug. Therefore this behavior is an obvious bug from the point of view of the average user. I suppose that "grandma-next-door" will not be able to perform the "switch-to-interactive-then-switch-back" sequence for watching movies as before. I think ESET has to roll out an urgent and permanent solution.

I fully support this comment as well - same issue and if this did not exist in the previous version means, something has been missed during the testing or planning the update and must be resolved. We pay for the service and expect the product to function correctly. Responsibility altering network protocols and potentially leaving our machines vulnerable is not the way it works. Chromecast is a widely used product so I epxect this to be fixed pretty quick.

[itman 1,659]

Eset has issued a Chomecast alert here: https://support.eset.com/alert4/ . Why this hasn't been posted on this forum is beyond me.

Also the alert states the updated module was released on Aug. 7. This would imply it was so for production vers . which obviously it was not. The alert should be reworded to specifically state it was released to pre-release vers. and the only way to obtain it is by enabling Eset pre-release GUI option.

BTW - I still haven't received the module update.

[Blackbox88 2]

8 hours ago, itman said:

Eset has issued a Chomecast alert here: https://support.eset.com/alert4/ . Why this hasn't been posted on this forum is beyond me.

Also the alert states the updated module was released on Aug. 7. This would imply it was so for production vers . which obviously it was not. The alert should be reworded to specifically state it was released to pre-release vers. and the only way to obtain it is by enabling Eset pre-release GUI option.

BTW - I still haven't received the module update.

I just switched to pre-release and it automatically updated and went to the #1375:

Just checked the chromecast is still visable after the update and returning the TLS/SSL range to the full range.

Edited August 10, 2019 by Blackbox88

[lamar 10]

1 hour ago, Blackbox88 said:

I just switched to pre-release and it automatically updated and went to the #1375:

Right. But when you disable pre-release updates, you immediately fall back to #1372.2. So at this moment the official fix is still unavailable for the average user. And well, average user is getting impatient according to @Vader's post.

[Blackbox88 2]

16 minutes ago, lamar said:

Right. But when you disable pre-release updates, you immediately fall back to #1372.2. So at this moment the official fix is still unavailable for the average user. And well, average user is getting impatient according to @Vader's post.

Well everybody these days are impatient not only with SW updates, see road rage, socialisation etc.

Same happens with my company, unfortunately not everything always goes as fast as some customers want, sometimes releasing new SW just takes time to smoke test it.

Also why the impatiens there are multiple work arounds which are relatively safe.

Just do any of the 2 good work arounds and be patient till the real roll out. 

[URBAN0 14]

2 hours ago, Blackbox88 said:

Well everybody these days are impatient

 

Agree. You want a good  product and proper fix! don't rush it😉

[lamar 10]

24 minutes ago, URBAN0 said:

Agree. You want a good  product and proper fix! don't rush it😉

Not so easy as it sounds. Valid only if you watch only free stuff  via your Chromecast. If you pay US$ 20-50 per month for online movie channels, then three weeks of black screen due to another paid product's malfunction makes you impatient relatively fast. That is the natural behavior of customers.

Edited August 11, 2019 by lamar

[RDee 0]

I initially switched off the SSL/TLS scanning protocol, but in hindsight, silly idea. I've now just used the Roll-back function to V12.2.23.0  Everything is now fine. I'll wait for a real fix from ESET. 

[Marcos 5,074]

1 hour ago, RDee said:

I initially switched off the SSL/TLS scanning protocol, but in hindsight, silly idea. I've now just used the Roll-back function to V12.2.23.0  Everything is now fine. I'll wait for a real fix from ESET. 

With v12.2.23 it must be same as long as you have the list of HTTPS ports extended to the whole range 0-65535 which was done by a module update.

The solution is to exclude port 8009 from ssl filtering as also suggested by another AV vendor who was having the same issue. A safe exclusion will be added via an update of the Internet protection module which you can get even now by switching to the pre-release update channel.

There won't be any real fix since the problem stems from the concept of SSL filtering and MitM. We can only make a safe exclusion automatically instead of users adding it themselves.

[AnnaJuist 2]

8 hours ago, Marcos said:

 

There won't be any real fix since the problem stems from the concept of SSL filtering and MitM. We can only make a safe exclusion automatically instead of users adding it themselves.

 

Then why are we waiting for the "Fix"?

....I have been waiting...I got an update from ESET...was told to "Restart" my computer for new settings to take effect...still no Chromecast 😟

Will there ever be a real fix for this issue?  If not...should I just cancel/delete my ESET?  I have been happy with ESET on my Tablet. I have AVG on my LapTop and have no issue with Chromecast using AVG.

Are we sure ESET is working on, what happened, in whatever update they did, that caused Chromecast to stop working? It seems...It should be a relatively easy fix for the their IT brains...I mean...It worked before...they did something...it stopped working...just put back what you changed...Right?

Those changes you guys proposed to the "Ports used by HTTPS protocol"....You said that that would leave me less protected, So I have not changed anything....That and the fact that I am not comfortable changing any settings on my security settings.  😏

[itman 1,659]

6 minutes ago, AnnaJuist said:

Those changes you guys proposed to the "Ports used by HTTPS protocol"....You said that that would leave me less protected, So I have not changed anything....That and the fact that I am not comfortable changing any settings on my security settings.  😏

Excluding port 8009 as suggested will for all practical purposes have negligible effect security-wise.

[Marcos 5,074]

1 hour ago, itman said:

Excluding port 8009 as suggested will for all practical purposes have negligible effect security-wise.

Correct. We will not directly exclude port 8009 in the Internet protection module but any non-typical communication on other than the default 443 port will be excluded.

Remember that until recently https communication had been scanned only on the default port 443 for ages. So excluding port 8009 will not put your computer at big risk.

With AVs that have had issues with Chromecast you can be sure that they scan SSL thoroughly. Products that didn't have any issues with it most likely don't scan SSL communication of applications or they scan it only on the default port 443 while leaving a room for malware to misuse other ports to evade detection of malicious  communication.