itman 1,746 Posted April 23, 2020 Share Posted April 23, 2020 (edited) 3 minutes ago, BALTAGY said: Adguard only block Ads Irrelevant since it has to scan all HTTPS traffic first to determine if ads exist. You have to pick one HTTPS scanner here; Eset's or Adguard's. If you pick Adguard's, they are responsible for monitoring all HTTPS traffic for malicious activity. Or, you need to configure Adguard along the lines of how uBlock Origin works. That is HTTPS web pages are scanned after being decyrpted by FireFox but prior to being rendered on the desktop. Edited April 23, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 Did test in a clean system without Adguard and ESET don't show in Firefox Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 (edited) Here's the logs after downloading eicarcom2.zip and while ESET didn't add it self into Firefox It's a clean system only ESET + Firefox + IDM installed eis_logs.zip Update: Just installed chrome in this clean system and everything works fine Update2:wilderssecurity.com/ shows Adguard certificate in chrome but ESET still block eicarcom2.zip Edited April 23, 2020 by BALTAGY Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 23, 2020 Share Posted April 23, 2020 (edited) 1 hour ago, BALTAGY said: Did test in a clean system without Adguard and ESET don't show in Firefox Then something is wrong with how Firefox is configured. In the latest versions of Firefox; i.e. 74 and 75 it uses the Windows root CA certificate store by default. In other words, Eset's root certificate is no longer required to be installed in FireFox's Authorities certificate store. Another problem that has surfaced with some Eset users is they have multiple Eset root certificates in the Windows root CA certificate store. If that applies to you, delete all except the latest Eset certificate there and see if that resolves the issue in FireFox. Edited April 23, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders BALTAGY 32 Posted April 23, 2020 ESET Insiders Share Posted April 23, 2020 Just now, itman said: Then something is wrong with how FireFox is configured. In the latest version of Firefox, it uses the Window root CA certificate store by default. In other words, Eset's root certificate is no longer required to be installed in FireFox's Authorities certificate store. I did test v13.0 and v12 all of them have same problem in a clean system only ESET and Firefox But once i installed chrome it works fine I think ESET need to check it, maybe a module update is needed jadinolf 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted April 24, 2020 Administrators Share Posted April 24, 2020 I'll wait for ELC logs with advanced protocol filtering logs from issue reproduction included. Please leave Adguard uninstalled while troubleshooting the issue. Link to comment Share on other sites More sharing options...
ESET Staff Posolsvetla 15 Posted April 24, 2020 ESET Staff Share Posted April 24, 2020 13 hours ago, hardwired said: This is what happens to me, Firefox isn't filtering at all on a new install/new Windows install. Other browsers did but not Firefox. This is very likely the issue we are already aware of. It manifests itself only on a fresh install of our product. It will be addressed by the Internet protection module update. Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted April 24, 2020 Share Posted April 24, 2020 I had a similar issue on a clean installation of ESET. What worked for me is that I deleted the ESET certificate from the trusted root certificate of Windows then restarted the PC. Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 24, 2020 Share Posted April 24, 2020 (edited) As far as use of the full installed Adguard product and its use of SSL/TLS protocol scanning, my previous comments still stand. Do not use two security products that are perform like browser scanning activities at the same time. It amounts to an "invitation to disaster" scenario that could lead to: 1. borked browser HTTPS web page rendering. 2. Conflicts between both products SSL/TLS security scanning activities resulting in possible loss in either or both products ability to scan for malware activities. If you must use Adguard with Eset, use its browser add-on/extension option or add its filtering lists to a product such as uBlock Origin add-on. As far as Adguards HTTPS issues, refer to this: https://kb.adguard.com/en/general/https-filtering/https-filtering-known-issues Finally if you insist on using Adguard installed version with Eset, make sure you disable Adguard's use of Windows Filtering Platform (WFP) as shown here: https://kb.adguard.com/en/windows/solving-problems/wfp-driver . Of note is Eset's SSL/TLS protocol filtering uses WFP. I assume disabling WFP use forces Adguard to install a network mini-port filter driver for your network adapter. It then scans HTTPS traffic using that driver. Or preferably, disable Adguard's HTTPS scanning in this same configuration settings section. Edited April 26, 2020 by itman Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted April 27, 2020 Share Posted April 27, 2020 On 4/24/2020 at 1:10 PM, Posolsvetla said: This is very likely the issue we are already aware of. It manifests itself only on a fresh install of our product. It will be addressed by the Internet protection module update. Can you tell when this is going to be fixed? I'll reinstalled my WIndows after the release of Windows 10 2004 on May 12 so I hope it to be fixed before that. Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 27, 2020 Share Posted April 27, 2020 3 hours ago, SeriousHoax said: Can you tell when this is going to be fixed? I'll reinstalled my WIndows after the release of Windows 10 2004 on May 12 so I hope it to be fixed before that. I installed both FireFox and Eset on a clean Win 10 x(64) 1909 installation and have zip issues in regards to any FireFox certificate issues. I did however install Eset first, prior to installing FireFox. Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted April 27, 2020 Share Posted April 27, 2020 43 minutes ago, itman said: I installed both FireFox and Eset on a clean Win 10 x(64) 1909 installation and have zip issues in regards to any FireFox certificate issues. I did however install Eset first, prior to installing FireFox. How long ago did you do it? Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 27, 2020 Share Posted April 27, 2020 Just now, SeriousHoax said: How long ago did you do it? A couple of months ago. The Eset version was the 13.0.24. Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted April 28, 2020 Share Posted April 28, 2020 21 hours ago, itman said: A couple of months ago. The Eset version was the 13.0.24. This is why you didn't have this issue. This is a recent problem with new installation. Current Internet protection module is the faulty one I think. The one before that was fine. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted April 28, 2020 Administrators Share Posted April 28, 2020 At this point we cannot tell when a new module could be available. I'd count with ETA 1-2 weeks. Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 28, 2020 Share Posted April 28, 2020 16 minutes ago, SeriousHoax said: Current Internet protection module is the faulty one I think. You will receive the new module if you switch to pre-release updates. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted April 28, 2020 ESET Insiders Share Posted April 28, 2020 3 hours ago, itman said: You will receive the new module if you switch to pre-release updates. I'm still seeing the issue even with the pre release version of IPM 1395. SSL version eicar2 can still be downloaded without being detected. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted April 28, 2020 Administrators Share Posted April 28, 2020 13 minutes ago, NewbyUser said: I'm still seeing the issue even with the pre release version of IPM 1395. SSL version eicar2 can still be downloaded without being detected. This is expected as I wrote today: At this point we cannot tell when a new module could be available. I'd count with ETA 1-2 weeks. Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 28, 2020 Share Posted April 28, 2020 (edited) On 4/24/2020 at 3:10 AM, Posolsvetla said: This is very likely the issue we are already aware of. It manifests itself only on a fresh install of our product. It will be addressed by the Internet protection module update. I'm a bit confused here. I did a fresh install of both Win 10 x(64) 1909, EIS ver. 13.0.24 since upgraded to 13.1.21, and Firefox on 2/10/2020. I am having no issues with EIS detecting eicarcom2.zip in either HTTP or HTTPS mode using Internet Protection Module 1395. Is this something related to a fresh install of ver. 13.1.16 or 21 perhaps? Edited April 28, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted April 28, 2020 ESET Insiders Share Posted April 28, 2020 (edited) 12 minutes ago, itman said: I'm a bit confused here. I did a fresh install of both Win 10 x(64) 1909, EIS ver. 13.0.24 since upgraded to 13.1.21, and Firefox on 2/10/2020. I am having no issues with EIS detecting eicarcom2.zip in either HTTP or HTTPS mode using Internet Protection Module 1395. Is this something related to a fresh install of ver. 13.1.16 or 21 perhaps? It's possible it's related to fresh installs. I'm on a trial which I started roughly two weeks ago, 18 days ago to be precise. 13.1.21. Firefox is the only browser experiencing the issue. Are you using the latest FF? 75? Edited April 28, 2020 by NewbyUser Additional info Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 28, 2020 Share Posted April 28, 2020 Appears the Eset "bugged" version is 13.1.16 since that is the latest ver. available for download. Well, this ver. should shortly after install, update to ver. 13.1.21; the version I am running w/o this issue. So I still don't see where the problem is. And yes, I am running the latest ver. 75 of FireFox. Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted April 28, 2020 ESET Insiders Share Posted April 28, 2020 While I'm not a programmer, from my perspective with Eset's modular approach, it shouldn't technically "matter" what version was initially installed. That being said things don't always work as planned or designed lol. It also seems it may not be an "Eset" problem, all other browsers work as expected so perhaps it's a Mozilla issue. Could also be related to archive scanning depth. Only the double zip https eicar doesnt seem to be scanned, the single zip gets detected. Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 28, 2020 Share Posted April 28, 2020 (edited) This issue has nothing directly to do with FireFox or detection of test malware in a 2x zip file. I just ran the comprehensive archive test at the Fortinet "Test Your Metal" web site: http://metal.fortiguard.com/ . This will test detection in up to 10x zipped files plus every other archiving method "known to compression mankind." Eset scored exactly the same as when I tested it previously scoring 17/18 - an Excellent rating. The only thing it missed was the password protected archive. Of note however is all downloads were HTTP. Edited April 28, 2020 by itman Link to comment Share on other sites More sharing options...
ESET Insiders NewbyUser 74 Posted April 28, 2020 ESET Insiders Share Posted April 28, 2020 (edited) SInce I'm not programming expert,lol, what does it have to do with? If Eset works everywhere else, why just FF? It would seem to me EIS detects everything in the Fortinet test as well, so what is different other than FF? Same result here btw with fortiguard metal test 17/18 Edited April 28, 2020 by NewbyUser Additional Info Link to comment Share on other sites More sharing options...
itman 1,746 Posted April 28, 2020 Share Posted April 28, 2020 I still state that the issue here is most likely multiple Eset root certificates in the Windows root CA certificate store. All but the most recent certificate should be removed from there. As far as Eset's root certificate presence in FireFox's Authorities certificate store, it really shouldn't matter since FireFox is now configured to defer to the Windows root CA certificate store. Link to comment Share on other sites More sharing options...
Recommended Posts