Administrators Marcos 5,127 Posted April 7, 2020 Administrators Share Posted April 7, 2020 Apparently HTTPS filtering is working just fine: 7. 4. 2020 5:21:26 HTTP filter file https://secure.eicar.org/eicarcom2.zip Eicar test file connection terminated Event occurred during an attempt to access the web by the application: C:\Windows\System32\MicrosoftEdgeCP.exe Does disabling this option in the SSL filtering setup make a difference? Link to comment Share on other sites More sharing options...
hardwired 0 Posted April 7, 2020 Share Posted April 7, 2020 (edited) 1 hour ago, Marcos said: Apparently HTTPS filtering is working just fine: 7. 4. 2020 5:21:26 HTTP filter file https://secure.eicar.org/eicarcom2.zip Eicar test file connection terminated Event occurred during an attempt to access the web by the application: C:\Windows\System32\MicrosoftEdgeCP.exe Does disabling this option in the SSL filtering setup make a difference? Hi, Yes the filtering is working for Edge but not Firefox. I just did a clean install of Windows 10 Pro and ESET and ssl filtering is not working with Firefox 75 on a clean Windows install either :(. I'm not sure what else to try if it's not working on a clean Windows 10 Pro and ESET install. I did another log collection (this time it completed but said there were warnings present?). I tried toggling the setting your mentioned, the exclude communication with trusted domains and that doesn't seem to do anything. Just to clarify: The SSL filtering does NOT work with Firefox but it DOES work with Edge and Chrome. eis_logs.zip Edited April 7, 2020 by hardwired Link to comment Share on other sites More sharing options...
geminis3 0 Posted April 21, 2020 Share Posted April 21, 2020 Can confirm that latest ESET EIS is not automatically installing its certificate to Firefox CA store, it's a clean ESET install and the mentioned about:config flag is already set to true (I've used Adguard Pro previously but uninstalled it long time ago using its removal tool). Firefox version: 75 stable channel ESET EIS: 13.1.21.0 Internet protection module: 1395 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,127 Posted April 21, 2020 Administrators Share Posted April 21, 2020 58 minutes ago, geminis3 said: Can confirm that latest ESET EIS is not automatically installing its certificate to Firefox CA store That's how it's supposed to be. Are you actually experiencing some issues? Link to comment Share on other sites More sharing options...
mateusb 0 Posted April 23, 2020 Share Posted April 23, 2020 Same here with the latest eset and Firefox 64 bits. I could not find a way to make eset scan firefox traffic as it does with other browsers. Is there a way to do it ? I've read this whole topic but no solution. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,127 Posted April 23, 2020 Administrators Share Posted April 23, 2020 43 minutes ago, mateusb said: Same here with the latest eset and Firefox 64 bits. I could not find a way to make eset scan firefox traffic as it does with other browsers. Is there a way to do it ? I've read this whole topic but no solution. Is eicar detected upon download with SSL filtering enabled? https://secure.eicar.org/eicarcom2.zip Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 (edited) 4 minutes ago, Marcos said: Is eicar detected upon download with SSL filtering enabled? https://secure.eicar.org/eicarcom2.zip It don't get detected while downloading using Firefox but it get blocked on Chrome Update: I'm using "Internet Download Manager" and it got detected after i stopped IDM and used Firefox instead But in Chrome it get blocked before IDM can catch the link Edited April 23, 2020 by BALTAGY Link to comment Share on other sites More sharing options...
hardwired 0 Posted April 23, 2020 Share Posted April 23, 2020 4 minutes ago, BALTAGY said: It don't get detected while downloading using Firefox but it get blocked on Chrome Update: I'm using "Internet Download Manager" and it got detected after i stopped IDM and used Firefox instead But in Chrome it get blocked before IDM can catch the link This is what happens to me, Firefox isn't filtering at all on a new install/new Windows install. Other browsers did but not Firefox. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,127 Posted April 23, 2020 Administrators Share Posted April 23, 2020 13 minutes ago, hardwired said: This is what happens to me, Firefox isn't filtering at all on a new install/new Windows install. Other browsers did but not Firefox. Is this file created after enabling SSL filtering? "C:\Program Files\Mozilla Firefox\defaults\pref\eset_security_config_overlay.js" Link to comment Share on other sites More sharing options...
itman 1,703 Posted April 23, 2020 Share Posted April 23, 2020 1 hour ago, BALTAGY said: Update: I'm using "Internet Download Manager" and it got detected after i stopped IDM and used Firefox instead Are you using the stand-alone installed version or the FireFox add-on? Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 11 minutes ago, itman said: Are you using the stand-alone installed version or the FireFox add-on? If you install IDM, it will install the Firefox add-on, same happen with all browsers Also i have the file Marcos asking about Link to comment Share on other sites More sharing options...
Administrators Marcos 5,127 Posted April 23, 2020 Administrators Share Posted April 23, 2020 Please carry on as follow: - enable advanced protocol filtering logging under Tools -> Diagnostics. - download https://secure.eicar.org/eicarcom2.zip - disable logging - collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
itman 1,703 Posted April 23, 2020 Share Posted April 23, 2020 (edited) 8 minutes ago, BALTAGY said: If you install IDM, it will install the Firefox add-on, same happen with all browsers If the .exe associated with the installed IDM is actually doing the file downloading, it should be shown in "List of SSL/TLS filtered applications" per the below screen shot: Edited April 23, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 48 minutes ago, itman said: If the .exe associated with the installed IDM is actually doing the file downloading, it should be shown in "List of SSL/TLS filtered applications" per the below screen shot: Link to comment Share on other sites More sharing options...
itman 1,703 Posted April 23, 2020 Share Posted April 23, 2020 (edited) Appears there is something wrong with the FireFox add-on to IDM. With the add-on enabled, it is somehow blocking Eset SSL/TLS protocol scanning of downloads. Check the configuration options for the add-on for anything related to AV HTTPS scanning exclusions or the like. Edited April 23, 2020 by itman Link to comment Share on other sites More sharing options...
itman 1,703 Posted April 23, 2020 Share Posted April 23, 2020 (edited) The only reference I see in IDM relating to AV use is shown below. What does it show on your system? Quote Downloads tab In Dialogs group box you can control how IDM dialogs are displayed. Select "Don't show" item in Download progress list box, if you don't want to see "Download Progress" dialog at all. If you don't like to see "Download Progress" dialog appearing in front of all other windows, select "Show minimized". You can disable "Download Complete" dialog using "Show download complete dialog" box. http://www.internetdownloadmanager.com/support/using_idm/options.html Edited April 23, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 2 minutes ago, itman said: The only reference I see IDM relating to AV use is shown below. What does it show on your system? hxxp://www.internetdownloadmanager.com/support/using_idm/options.html It's empty, also i never needed to add anything to it since ESET did block before IDM can capture the link Link to comment Share on other sites More sharing options...
itman 1,703 Posted April 23, 2020 Share Posted April 23, 2020 Do as @Marcos suggests and provide the requested logs. The issue has to related to the FireFox add-on in some way. Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 12 minutes ago, itman said: The only reference I see in IDM relating to AV use is shown below. What does it show on your system? hxxp://www.internetdownloadmanager.com/support/using_idm/options.html Also note that eicar.com and eicar.com.txt are blocked by ESET but not eicar_com.zip or eicarcom2.zip Another note that i'm using Adguard and i see Adguard certificate in all sites including forum.eset.com Link to comment Share on other sites More sharing options...
itman 1,703 Posted April 23, 2020 Share Posted April 23, 2020 Try the zip format test from here: https://www.amtso.org/feature-settings-check-download-of-compressed-malware/ . AMTSO uses eicar payload for all its tests. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,127 Posted April 23, 2020 Administrators Share Posted April 23, 2020 I recall that Adguard may cause issues when installed together with ESET. Try uninstalling it, at least temporarily. Link to comment Share on other sites More sharing options...
itman 1,703 Posted April 23, 2020 Share Posted April 23, 2020 (edited) 17 minutes ago, BALTAGY said: i see Adguard certificate in all sites including forum.eset.com Does the Eset root cert. show on this web site: https://www.wilderssecurity.com/ ? If Adguard's shows, there's a problem. Also if Eset is performing SSL/TLS protocol scanning, any like feature in Adguard should be disabled. Same principal applies here as to use of two real-time scanners together. Edited April 23, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 3 minutes ago, itman said: Does the Eset root cert. show on this web site: https://www.wilderssecurity.com/ ? If Adguard's shows, there's a problem. It's Adguard Link to comment Share on other sites More sharing options...
itman 1,703 Posted April 23, 2020 Share Posted April 23, 2020 (edited) 3 minutes ago, BALTAGY said: It's Adguard Also if Eset is performing SSL/TLS protocol scanning, any like feature in Adguard should be disabled. Same principal applies here as to use of two real-time scanners together. Edited April 23, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 Just now, itman said: Also if Eset is performing SSL/TLS protocol scanning, any like feature in Adguard should be disabled. Same principal appears here as to use of two real-time scanners together. Adguard only block Ads, but since the last v7.4 i see "Your browser is being managed by your organization." in Firefox settings and Adguard certificate is in all sites I'm testing only ESET+IDM+Firefox in a clean system and will collect the logs Link to comment Share on other sites More sharing options...
Recommended Posts