Jump to content

Archived

This topic is now archived and is closed to further replies.

Connector

Google Certificate vs Other Certificates

Recommended Posts

Hi everybody,

 

I hope that this is the correct Place for this. Out of pure curiosity, when I was checking some certificates I noticed that the certificate on google.com is not marked as verified by ESET, as is usually the case with active SSL/TLS Filtering, but instead marked as verified by GTS. Also noticed the same thing with cnn.com. When I crosschecked it with a local news website, it showed me the Certificate as Verified by: ESET SSL Filter CA

 

See the screenshots attached, they are in German but it translates to Verified By: [...]

 

Just asking out of pure curiosity, could it be that those Sites are verified by an independent Certificate Authority and are already registered as Safe within ESET's Database? 😄

 

I tried it out with Chrome, Edge, Firefox and Opera, all of them are up-to-date. I'm using ESET Endpoint Security version 7.1.2053, with active SSL/TLS Filtering in automatic mode.

ESET.PNG

GTS CA.PNG

CNN.PNG

Share this post


Link to post
Share on other sites

Trusted sites are excluded from SSL filtering by default. You can have them filtered and scanned by disabling the appropriate setting:

image.png

Share this post


Link to post
Share on other sites

I see, that makes Sense, thanks for the quick answer and satisfying my curiosity :D

Share this post


Link to post
Share on other sites
3 hours ago, Marcos said:

Trusted sites are excluded from SSL filtering by default. You can have them filtered and scanned by disabling the appropriate setting:

image.png

Is there any risk of this being used wrongly - e.g. if a trusted domain is hijacked I presume eset would still detect malware etc. Just asking as its something I was just curious about

Share this post


Link to post
Share on other sites

Played around with the SSL/TLS Options in a test environment and crosschecked with amtso, I think that ESET is gonna block the communication with a hijacked/unsafe page if the certificate is in some way compromised, since there are a lot of layers in place to make secure communication with the site in question possible. And it's still gonna stop downloads/execution of suspicious files.

Although, I think the only way to really know for sure is if such a case happens in a real-life situation 🤷‍♂️

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...