Jump to content
AndreyT

ESET NOD32 is blocking access to Adorama web site with ERR_HTTP2_PROTOCOL_ERROR

Recommended Posts

All Chromium-based browsers for Windows 10, as well as Internet Explorer are prevented from accessing 'adorama.com' web site. Chrome, Opera and Edge report ERR_HTTP2_PROTOCOL_ERROR. Meanwhile Firefox is not affected - everything works fine in Firefox. Enabling VPN in Opera also seems to solve the issue for Opera.

Pausing protection in ESET NOT32 fixes the problems for all browsers: access to 'adorama.com' is restored. Re-enabling ESET NOT32 blocks access to 'adorama.com' again.

I can't test Windows 7 now, so the above applies to Windows 10 Pro x64 (1909), ESET NOD32 13.0.22.0.

Screenshot (29).png

Edited by AndreyT

Share this post


Link to post
Share on other sites

Just asked NOD32 to check for updates, and it updated itself to 13.0.24.0. However, it does not solve the above problem.

Share this post


Link to post
Share on other sites

This thread might shed some light on what is going on: https://stackoverflow.com/questions/58215104/whats-the-neterr-http2-protocol-error-about .

Appears this will occur if there is an issue with JavaScript in one or more web pages that site is using. Also appears Chrome is most susceptible to this activity. My best guess at this point is since Eset performs independent web site cert. validations due to its SSL/TLS protocol scanning, it is picking up something amiss and throwing the error.

Share this post


Link to post
Share on other sites

Also this web site only supports TLS 1.1. Chrome has deprecated any web site using less than TLS 1.2. Additionally staring with Chrome ver. 81:

Quote

Starting with Google Chrome 81, Chrome will prevent connections to sites that use TLS 1.0 or TLS 1.1. The browser displays a warning page instead that reads "Your connection is not fully secure. This site uses an outdated security configuration, which may expose your information".

https://www.ghacks.net/2019/10/02/tls-1-0-and-1-1-deprecation-chrome-to-display-your-connection-is-not-fully-secure-warnings/

Share this post


Link to post
Share on other sites
42 minutes ago, itman said:

Also this web site only supports TLS 1.1.

Online SSLTest on SSLLabs shows that 'adorama.com' supports TLS 1.2.

Enabling TLS warnings in Chrome's internal settings (per your ghacks.net link) produces no warnings for 'adorama.com'.

P.S. Now Firefox also can't access 'adorama.com'  when NOD32 protection is enabled. 

Edited by AndreyT

Share this post


Link to post
Share on other sites

I forgot that Eset has issues with HTTP/2 although the problem usually surfaced in Banking & Payment Protection use.

Share this post


Link to post
Share on other sites
38 minutes ago, itman said:

-EDIT- The site supports both TLS 1.1 and 1.2.

Exactly.

Share this post


Link to post
Share on other sites

I added adorama.com IP address, 8.14.113.35, to Eset's protocol scanning exclusions. It is still failing to connect to the web site because of secure connection issues. So something else is going on here. Most likely, the HTTP/2 issue with Eset.

Share this post


Link to post
Share on other sites

FYI - On Windows browsers, I am able to access and browse Adorama's site by adding *.adorama.com* to the List of addresses excluded from content scan list.

https://support.eset.com/en/exclude-a-safe-website-from-being-blocked-by-web-access-protection

This is certainly not the preferred solution, but it serves as a work around for now.

Share this post


Link to post
Share on other sites

Here's what the Adorama rep emailed me.

Adorama says:
"Our IT team is still currently working on this with ESET. In the meantime, ESET technical support shared that adding the website wildcard .
adorama.com/* in the exclude SSL section should make the website accessible again. "

I have no idea what it means. Adding "the wildcard?" Where is the "exclude SSL section?". . .no clue. . .perhaps someone can make sense of this for me. . or give it a try to see if it works. . .honestly it would seem Adorama would be a little more motivated to fix this. . .especially this time of the year. 

 

Share this post


Link to post
Share on other sites
4 hours ago, McBuff said:

have no idea what it means. Adding "the wildcard?" Where is the "exclude SSL section?". . .no clue. . .perhaps someone can make sense of this for me. . or give it a try to see if it works. . .honestly it would seem Adorama would be a little more motivated to fix this. . .especially this time of the year. 

Click on the Eset link posted in the reply previous to yours.

Share this post


Link to post
Share on other sites

Thanks itman. . .right in front of my face!! That fixed it. . .except the wildcard Adorama gave me .adorama.com/* didn't work. The Eset instructions said the proper rendering should be *adorama.com*    That one worked!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...