Jump to content

Recommended Posts

I just purchased ESET Internet Security to go with a new system. Everything was fine before I actually installed ESET. I was able to use Firefox and reach websites and they displayed correctly.

After installing ESET, the majority of websites were unreachable. Most were blocked by Firefox as insecure, and the few that weren't completely blocked were broken; their CSS wasn't loading at all.

The issue seems to be that ESET somehow takes over the security certificate function. Every single website that was completely blocked was shown as having a certificate issued by ESET SSL FILTER CA, which Firefox said was not a recognized certificate vendor.

If I turn off Application Protocol Content Filtering, then most sites seem to work. But turning off that filter removes much of the reason why you would use ESET as an antimalware/security solution in the first place.

I've attached images of the messages that Firefox is giving, both the initial block, and the certificate it's seeing on every single site that gets blocked. I'm using pcworld.com as the example, although it happens many many many places.

"Mozilla message.jpg" shows the initial block message. On sites where the "accept the risk and continue" message appears, if you pick that option, the site that appears is invariably broken, and its CSS doesn't load at all. On sites with HSTS implemented, the "accept the risk and continue" message doesn't even appear.

"Certificate 1 pcworld BROKEN.jpg" shows the certificate that Firefox is seeing for, quite literally, each and every blocked and broken site.

"Certificate 2 pcworld working.jpg" shows the certificate that Firefox sees when I turn off application content protocol filtering. It's very different.

Is there any way to fix this other than simply disabling the protocol content filtering?

 

Mozilla message.jpg

certificate 1 pcworld BLOCKED.jpg

certificate 2 pcworld working.jpg

Share this post


Link to post
Share on other sites

Please try the following:
- disable SSL filtering
- reboot Windows
- without starting any application, re-enable SSL filtering and check if the issue is gone.

Share this post


Link to post
Share on other sites

I was actually just coming to see if I could edit this post. Right after I did wrote this, I stumbled across a very recent ESET support page that dealt with this:

https://support.eset.com/en/disable-ssl-filtering-in-eset-windows-products

The disable/re-enable SSL filtering part of the post worked for my setup.

That said ... there do seem to have been a number of users with this issue this year. ESET should have their certificate added to Mozilla's certificate store so that Firefox could recognize it. That would make life simpler for everyone.

Share this post


Link to post
Share on other sites

We add the root certificate both to Mozilla's and system trusted root CA certificate stores and also configure Firefox to use the system TRCA cert. store in case adding to Mozilla's store failed.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...