Jump to content

ESET NOD32 is blocking access to Adorama web site with ERR_HTTP2_PROTOCOL_ERROR


AndreyT
 Share

Recommended Posts

All Chromium-based browsers for Windows 10, as well as Internet Explorer are prevented from accessing 'adorama.com' web site. Chrome, Opera and Edge report ERR_HTTP2_PROTOCOL_ERROR. Meanwhile Firefox is not affected - everything works fine in Firefox. Enabling VPN in Opera also seems to solve the issue for Opera.

Pausing protection in ESET NOT32 fixes the problems for all browsers: access to 'adorama.com' is restored. Re-enabling ESET NOT32 blocks access to 'adorama.com' again.

I can't test Windows 7 now, so the above applies to Windows 10 Pro x64 (1909), ESET NOD32 13.0.22.0.

Screenshot (29).png

Edited by AndreyT
Link to comment
Share on other sites

This thread might shed some light on what is going on: https://stackoverflow.com/questions/58215104/whats-the-neterr-http2-protocol-error-about .

Appears this will occur if there is an issue with JavaScript in one or more web pages that site is using. Also appears Chrome is most susceptible to this activity. My best guess at this point is since Eset performs independent web site cert. validations due to its SSL/TLS protocol scanning, it is picking up something amiss and throwing the error.

Link to comment
Share on other sites

Also this web site only supports TLS 1.1. Chrome has deprecated any web site using less than TLS 1.2. Additionally staring with Chrome ver. 81:

Quote

Starting with Google Chrome 81, Chrome will prevent connections to sites that use TLS 1.0 or TLS 1.1. The browser displays a warning page instead that reads "Your connection is not fully secure. This site uses an outdated security configuration, which may expose your information".

https://www.ghacks.net/2019/10/02/tls-1-0-and-1-1-deprecation-chrome-to-display-your-connection-is-not-fully-secure-warnings/

Link to comment
Share on other sites

42 minutes ago, itman said:

Also this web site only supports TLS 1.1.

Online SSLTest on SSLLabs shows that 'adorama.com' supports TLS 1.2.

Enabling TLS warnings in Chrome's internal settings (per your ghacks.net link) produces no warnings for 'adorama.com'.

P.S. Now Firefox also can't access 'adorama.com'  when NOD32 protection is enabled. 

Edited by AndreyT
Link to comment
Share on other sites

1 hour ago, AndreyT said:

Online SSLTest on SSLLabs shows that 'adorama.com' supports TLS 1.2.

Not according to Qualys SSL Server test: https://www.ssllabs.com/ssltest/analyze.html?d=adorama.com

-EDIT- The site supports both TLS 1.1 and 1.2.

Edited by itman
Link to comment
Share on other sites

I added adorama.com IP address, 8.14.113.35, to Eset's protocol scanning exclusions. It is still failing to connect to the web site because of secure connection issues. So something else is going on here. Most likely, the HTTP/2 issue with Eset.

Link to comment
Share on other sites

FYI - On Windows browsers, I am able to access and browse Adorama's site by adding *.adorama.com* to the List of addresses excluded from content scan list.

https://support.eset.com/en/exclude-a-safe-website-from-being-blocked-by-web-access-protection

This is certainly not the preferred solution, but it serves as a work around for now.

Link to comment
Share on other sites

Here's what the Adorama rep emailed me.

Adorama says:
"Our IT team is still currently working on this with ESET. In the meantime, ESET technical support shared that adding the website wildcard .
adorama.com/* in the exclude SSL section should make the website accessible again. "

I have no idea what it means. Adding "the wildcard?" Where is the "exclude SSL section?". . .no clue. . .perhaps someone can make sense of this for me. . or give it a try to see if it works. . .honestly it would seem Adorama would be a little more motivated to fix this. . .especially this time of the year. 

 

Link to comment
Share on other sites

4 hours ago, McBuff said:

have no idea what it means. Adding "the wildcard?" Where is the "exclude SSL section?". . .no clue. . .perhaps someone can make sense of this for me. . or give it a try to see if it works. . .honestly it would seem Adorama would be a little more motivated to fix this. . .especially this time of the year. 

Click on the Eset link posted in the reply previous to yours.

Link to comment
Share on other sites

Thanks itman. . .right in front of my face!! That fixed it. . .except the wildcard Adorama gave me .adorama.com/* didn't work. The Eset instructions said the proper rendering should be *adorama.com*    That one worked!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...