EIS SSL scanner blocking Amazon CDN servers Github

[FadeMind 2]

ESET Internet Security and Adguard block downloading and uploading any content on Github from amazonaws.com

 

ERR_CONNECTION_CLOSED

When Adguard For Windows is disabled, then it is another Chrome error:

ERR_SSL_PROTOCOL_ERROR

ONLY when ESET Internet Security SSL scanning is DISABLED downloading from amazonaws.com servers works fine.

 

Reference: https://github.com/AdguardTeam/AdguardFilters/issues/37748

SETUP

Windows 10 x64

ESET IS 12.2.23.0

Adguard for Windows Release 7.1.2817

Browser Chrome Stable x64

 

Regards

[Marcos 4,703]

No problems here opening the website in Chrome with SSL scanning enabled:

Try the following:
- disable SSL filtering and click OK
- with browsers and email clients closed, re-enable SSL filtering and click OK
- check if the issue still persist.

[FadeMind 2]

You need install Adguard For Windows with their own Cert and trying download or upload something to Github. Adguard overtaking scanning SSL connections alongside ESET works. 

EVEN if I switch to interactive mode SSL scanning in ESET - same happen. 

DISABLING SSL filtering in ESET workaround ISSUE, not solved this. 

 

 

 

Edited July 31, 2019 by FadeMind

[itman 1,538]

The Github certificate is self-signed. Strongly suspect this is the same issue manifested in the Chromecast thread.

Adguard must be performing some MITM port redirect activity to ports other than 443 and this is what Eset's SSL/TLS protocol scanning is hiccuping on.

Present there are two solutions:

1. Only specify port 443 in SSL/TLS protocol scanning.

2. You will have to find out what ports Adguard is performing its proxy activities with and exclude those ports from the existing Eset SSL/TLS port 0-65535 specification. For example if Adguard is using ports 1010,1011, and 1012, the Eset SSL/TLS port specification should be: 443,0-1009,1013-65535. Note that this will only work if Adguard is using static proxy port assignment. If it changes ports dynamically, you're out of luck.

I whole heartily expect many more posts like this for other apps.

Edited July 31, 2019 by itman

[FadeMind 2]

@itman your post is useful for Adguard Dev team. Thanks. 

Reference https://github.com/AdguardTeam/CoreLibs/issues/1068

 

 

[andreank 0]

Ihr Beitrag ist nützlich Danke für den Beitrag
 

Machine translation:

Your contribution is useful Thank you for the contribution

Edited August 2, 2019 by Marcos
Machine translation added

[FadeMind 2]

OK, some new.

When I excluded Github domains from SSL scan in Adguard, then Chrome using ESET SSL cert instead and same happen.

 

[itman 1,538]

On 8/2/2019 at 2:43 AM, FadeMind said:

When I excluded Github domains from SSL scan in Adguard, then Chrome using ESET SSL cert instead and same happen.

This won't work.

What will work is if you exclude all IP addresses that Adguard uses from Eset SSL/TLS protocol scanning.

Also have you tried to exclude the Adguard related .exe's from Eset SSL/TLS protocol scanning? This is a much easier way to exclude if it works.

[FadeMind 2]

3 minutes ago, itman said:

Also have you tried to exclude the Adguard related .exe's from Eset SSL/TLS protocol scanning? This is a much easier way to exclude if it works.

I tried:

- Add Adguard CA SSL Cert to ESET SSL store

- excluded `c:\Program Files (x86)\Adguard\AdguardSvc.exe` in ESET

 

 

[itman 1,538]

1 hour ago, FadeMind said:

tried:

- Add Adguard CA SSL Cert to ESET SSL store

- excluded `c:\Program Files (x86)\Adguard\AdguardSvc.exe` in ESET

Actually, there is no reason to continue this approach since this is not the problem.

For example, I can access where Adguard's filters on are stored on Github: https://github.com/AdguardTeam/FiltersRegistry in a browser w/o issue with Eset's SSL/TLS protocol scanning enabled.

The issue again is Eset is blocking the port redirect proxy activity Adguard is performing to access the above web site.

Try this. In Eset's list of SSL/TLS filtered applications, one or more Adguard .exe's should be listed. Change the Scan action setting for all listed Adguard .exe's to "Ignore." Now test to determine if filter lists are updating.

 

Edited August 3, 2019 by itman

[FadeMind 2]

Port scanner from eset looks:

[itman 1,538]

Did you try this?

1 hour ago, itman said:

In Eset's list of SSL/TLS filtered applications, one or more Adguard .exe's should be listed. Change the Scan action setting for all listed Adguard .exe's to "Ignore." Now test to determine if filter lists are updating.

This is the preferred method to use if it works.

Edited August 3, 2019 by itman

[FadeMind 2]

4 minutes ago, itman said:

Did you try this?

YEP. No luck. 

[itman 1,538]

 

1 minute ago, FadeMind said:

YEP. No luck. 

That is a bit strange I must say that it didn't work.

Try this then. Open Eset GUI and change ports used by HTTPS protocol from 443, 0-65535 to:

443, 0-7999, 8002-65635

This will exclude ports 8000 and 8001 which it appears Adguard is using based on your posted screen shots.

 

[FadeMind 2]

13 minutes ago, itman said:

 

That is a bit strange I must say that it didn't work.

Try this then. Open Eset GUI and change ports used by HTTPS protocol from 443, 0-65535 to:

443, 0-7999, 8002-65635

This will exclude ports 8000 and 8001 which it appears Adguard is using based on your posted screen shots.

 

Where?

 

Edited August 3, 2019 by FadeMind

[itman 1,538]

Ignore the screen popup about an internal error. What you coded is correct. Just click OK and the Cancel thereafter. Then go back to that setting and make sure it was updated.

[FadeMind 2]

OK BTN do not apply changes. I pass. 

[itman 1,538]

Here's my Eset installation after I made the change:

[FadeMind 2]

I don't have popup with internal error - GUI don't change during pressing OK. Cancel close window and ignore recent changes. 

[itman 1,538]

1 minute ago, FadeMind said:

OK BTN do not apply changes. I pass. 

In that case, you have two choices:

1. Disable HTTPS scanning in Eset or only specify port 443 which would leave you vulnerable to like malware proxy port man-in-the middle activity.

2. Disable HTTPS scanning in Adguard or unistall it.

[itman 1,538]

4 minutes ago, FadeMind said:

I don't have popup with internal error - GUI don't change during pressing OK. Cancel close window and ignore recent changes. 

Make a sure blank exists after each of the comma's.

Edited August 3, 2019 by itman

[FadeMind 2]

3 minutes ago, itman said:

In that case, you have two choices:

1. Disable HTTPS scanning in Eset or only specify port 443 which would leave you vulnerable to like malware proxy port man-in-the middle activity.

2. Disable HTTPS scanning in Adguard or unistall it.

I will just ignore for now this annoying. I reported issue to devs of Adguard and we will see whats will be. Thanks again for your support and patience. Regards 

And I care about spaces in line  

[itman 1,538]

3 minutes ago, FadeMind said:

I will just ignore for now this annoying.

I know what's wrong. You entered 65635 instead of 65535 as I posted.

[itman 1,538]

One final comment and it's in regards to Adguard.

You might want to ponder a bit why the software is redirecting HTTPS traffic to its servers to perform man-in-the-middle inspection. As such it can intercept all your HTTPS traffic, decrypt it, and use that data for whatever purpose it so desires.

Everything operational about Adguard is Russian based except for its corporate address - Cyprus - and most of its servers - The Netherlands.

Edited August 3, 2019 by itman

[FadeMind 2]

On 8/3/2019 at 8:36 PM, itman said:

I know what's wrong. You entered 65635 instead of 65535 as I posted.

YEP. NOW Downloading works. But uploading still not. 

Thanks 

 

Edited August 5, 2019 by FadeMind