Jump to content

Archived

This topic is now archived and is closed to further replies.

FadeMind

EIS SSL scanner blocking Amazon CDN servers Github

Recommended Posts

ESET Internet Security and Adguard block downloading and uploading any content on Github from amazonaws.com

 

ERR_CONNECTION_CLOSED

When Adguard For Windows is disabled, then it is another Chrome error:

ERR_SSL_PROTOCOL_ERROR

ONLY when ESET Internet Security SSL scanning is DISABLED downloading from amazonaws.com servers works fine.

 

Reference: https://github.com/AdguardTeam/AdguardFilters/issues/37748

SETUP

Windows 10 x64

ESET IS 12.2.23.0

Adguard for Windows Release 7.1.2817

Browser Chrome Stable x64

 

Regards

scr-1564581067-001.png

scr-1564581093-001.png

Share this post


Link to post
Share on other sites

No problems here opening the website in Chrome with SSL scanning enabled:

image.png

Try the following:
- disable SSL filtering and click OK
- with browsers and email clients closed, re-enable SSL filtering and click OK
- check if the issue still persist.

Share this post


Link to post
Share on other sites

You need install Adguard For Windows with their own Cert and trying download or upload something to Github. Adguard overtaking scanning SSL connections alongside ESET works. 

EVEN if I switch to interactive mode SSL scanning in ESET - same happen. 

DISABLING SSL filtering in ESET workaround ISSUE, not solved this. 

 


 

 

scr-1564593833-001.png

Share this post


Link to post
Share on other sites

The Github certificate is self-signed. Strongly suspect this is the same issue manifested in the Chromecast thread.

Adguard must be performing some MITM port redirect activity to ports other than 443 and this is what Eset's SSL/TLS protocol scanning is hiccuping on.

Present there are two solutions:

1. Only specify port 443 in SSL/TLS protocol scanning.

2. You will have to find out what ports Adguard is performing its proxy activities with and exclude those ports from the existing Eset SSL/TLS port 0-65535 specification. For example if Adguard is using ports 1010,1011, and 1012, the Eset SSL/TLS port specification should be: 443,0-1009,1013-65535. Note that this will only work if Adguard is using static proxy port assignment. If it changes ports dynamically, you're out of luck.

I whole heartily expect many more posts like this for other apps.

Share this post


Link to post
Share on other sites

Ihr Beitrag ist nützlich Danke für den Beitrag
 

Machine translation:

Your contribution is useful Thank you for the contribution

Share this post


Link to post
Share on other sites

OK, some new.

When I excluded Github domains from SSL scan in Adguard, then Chrome using ESET SSL cert instead and same happen.

 

scr-1564728186-001.png

Share this post


Link to post
Share on other sites
On 8/2/2019 at 2:43 AM, FadeMind said:

When I excluded Github domains from SSL scan in Adguard, then Chrome using ESET SSL cert instead and same happen.

This won't work.

What will work is if you exclude all IP addresses that Adguard uses from Eset SSL/TLS protocol scanning.

Also have you tried to exclude the Adguard related .exe's from Eset SSL/TLS protocol scanning? This is a much easier way to exclude if it works.

Share this post


Link to post
Share on other sites
3 minutes ago, itman said:

Also have you tried to exclude the Adguard related .exe's from Eset SSL/TLS protocol scanning? This is a much easier way to exclude if it works.

I tried:

- Add Adguard CA SSL Cert to ESET SSL store

- excluded `c:\Program Files (x86)\Adguard\AdguardSvc.exe` in ESET


 

 

Share this post


Link to post
Share on other sites
1 hour ago, FadeMind said:

tried:

- Add Adguard CA SSL Cert to ESET SSL store

- excluded `c:\Program Files (x86)\Adguard\AdguardSvc.exe` in ESET

Actually, there is no reason to continue this approach since this is not the problem.

For example, I can access where Adguard's filters on are stored on Github: https://github.com/AdguardTeam/FiltersRegistry in a browser w/o issue with Eset's SSL/TLS protocol scanning enabled.

The issue again is Eset is blocking the port redirect proxy activity Adguard is performing to access the above web site.

Try this. In Eset's list of SSL/TLS filtered applications, one or more Adguard .exe's should be listed. Change the Scan action setting for all listed Adguard .exe's to "Ignore." Now test to determine if filter lists are updating.

 

Share this post


Link to post
Share on other sites

Did you try this?

1 hour ago, itman said:

In Eset's list of SSL/TLS filtered applications, one or more Adguard .exe's should be listed. Change the Scan action setting for all listed Adguard .exe's to "Ignore." Now test to determine if filter lists are updating.

This is the preferred method to use if it works.

Share this post


Link to post
Share on other sites
4 minutes ago, itman said:

Did you try this?

YEP. No luck. 

Share this post


Link to post
Share on other sites

 

1 minute ago, FadeMind said:

YEP. No luck. 

That is a bit strange I must say that it didn't work.

Try this then. Open Eset GUI and change ports used by HTTPS protocol from 443, 0-65535 to:

443, 0-7999, 8002-65635

This will exclude ports 8000 and 8001 which it appears Adguard is using based on your posted screen shots.

 

Share this post


Link to post
Share on other sites
13 minutes ago, itman said:

 

That is a bit strange I must say that it didn't work.

Try this then. Open Eset GUI and change ports used by HTTPS protocol from 443, 0-65535 to:

443, 0-7999, 8002-65635

This will exclude ports 8000 and 8001 which it appears Adguard is using based on your posted screen shots.

 

Where?

 

scr-1564855753-001.png

Share this post


Link to post
Share on other sites

Ignore the screen popup about an internal error. What you coded is correct. Just click OK and the Cancel thereafter. Then go back to that setting and make sure it was updated.

Share this post


Link to post
Share on other sites

Here's my Eset installation after I made the change:

Eset_HTTPS.thumb.png.a50d0b492c428b2a0ea69f7f2a0cec5a.png

Share this post


Link to post
Share on other sites

I don't have popup with internal error - GUI don't change during pressing OK. Cancel close window and ignore recent changes. 

Share this post


Link to post
Share on other sites
1 minute ago, FadeMind said:

OK BTN do not apply changes. I pass. 

In that case, you have two choices:

1. Disable HTTPS scanning in Eset or only specify port 443 which would leave you vulnerable to like malware proxy port man-in-the middle activity.

2. Disable HTTPS scanning in Adguard or unistall it.

Share this post


Link to post
Share on other sites
4 minutes ago, FadeMind said:

I don't have popup with internal error - GUI don't change during pressing OK. Cancel close window and ignore recent changes. 

Make a sure blank exists after each of the comma's.

Share this post


Link to post
Share on other sites
3 minutes ago, itman said:

In that case, you have two choices:

1. Disable HTTPS scanning in Eset or only specify port 443 which would leave you vulnerable to like malware proxy port man-in-the middle activity.

2. Disable HTTPS scanning in Adguard or unistall it.

I will just ignore for now this annoying. I reported issue to devs of Adguard and we will see whats will be. Thanks again for your support and patience. Regards 

And I care about spaces in line ;) 

Share this post


Link to post
Share on other sites
3 minutes ago, FadeMind said:

I will just ignore for now this annoying.

I know what's wrong. You entered 65635 instead of 65535 as I posted.

Share this post


Link to post
Share on other sites

One final comment and it's in regards to Adguard.

You might want to ponder a bit why the software is redirecting HTTPS traffic to its servers to perform man-in-the-middle inspection. As such it can intercept all your HTTPS traffic, decrypt it, and use that data for whatever purpose it so desires.

Everything operational about Adguard is Russian based except for its corporate address - Cyprus - and most of its servers - The Netherlands.

Share this post


Link to post
Share on other sites
On 8/3/2019 at 8:36 PM, itman said:

I know what's wrong. You entered 65635 instead of 65535 as I posted.

YEP. NOW Downloading works. But uploading still not. 

Thanks 

 

scr-1564999132-001.png

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...