Mrsbex74 1 Posted July 29, 2019 Share Posted July 29, 2019 I keep getting a message saying Security Alert. It's just started happening today. There is no clue which program is calling the website or which website it's calling. The certificate is from a trusted authority, date is valid and uses a strong signature, but the name on the certificate does not match the name of the site. If I click to view the certificate, I can see it's issued by amazon but the DNS name says *.dev.rtsarenagame.com which means nothing to me. I would like to know what program or routine is calling this website so I can block it off. However, nothing shows up my logs to tell me more info. How can I stop this from happening? Thanks in advance! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted July 29, 2019 Administrators Share Posted July 29, 2019 If you are getting the warning in a browser, try running the browser without any extensions, then re-enable the extensions one by one unless you narrow it down to the one which attempts to communicate with the said server. Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 29, 2019 Share Posted July 29, 2019 Do you have any games installed from RTS Arena? Link to comment Share on other sites More sharing options...
Mrsbex74 1 Posted July 30, 2019 Author Share Posted July 30, 2019 (edited) No that's what worried me. Browser wasn't running at the time either. I've done a restart and it's stopped now. But things that go away by themselves generally reappear by themselves. It was really unsettling... Edited July 30, 2019 by Mrsbex74 Link to comment Share on other sites More sharing options...
itman 1,659 Posted July 31, 2019 Share Posted July 31, 2019 (edited) Researching this a bit and using the cert. name, *.dev.rtsarenagame.com, as a clue, it appears this is a development certificate. You can read about what development certificates are here: https://smallstep.com/blog/step-v0-8-6-valid-HTTPS-certificates-for-dev-pre-prod.html The gist of the matter is development certificates are for internal use only. It is possible one of your apps had a borked update resulting in this certificate being used, etc.. I wouldn't worry about it unless Eset starts alerting about it again. What you can also do is to check if that cert. somehow got added to the Windows root CA certificate store using certmgr.msc. Edited July 31, 2019 by itman Link to comment Share on other sites More sharing options...
Mrsbex74 1 Posted August 1, 2019 Author Share Posted August 1, 2019 11 hours ago, itman said: Researching this a bit and using the cert. name, *.dev.rtsarenagame.com, as a clue, it appears this is a development certificate. You can read about what development certificates are here: https://smallstep.com/blog/step-v0-8-6-valid-HTTPS-certificates-for-dev-pre-prod.html The gist of the matter is development certificates are for internal use only. It is possible one of your apps had a borked update resulting in this certificate being used, etc.. I wouldn't worry about it unless Eset starts alerting about it again. What you can also do is to check if that cert. somehow got added to the Windows root CA certificate store using certmgr.msc. Thank you so much. It's nice to get the reassurance! I'll check out the cert store. Thanks for your help! Link to comment Share on other sites More sharing options...
itman 1,659 Posted August 1, 2019 Share Posted August 1, 2019 One other thing your should check out if you use a WI-Fi network connection. That is not make sure that connection is properly configured on your router using the strongest encryption setting available. Given the cert. in question appears to be related to a game software developer, it is possible someone in your neighborhood might be a gamer and has figured out a way "to tap into" your WI-Fi connection. Link to comment Share on other sites More sharing options...
Recommended Posts