Jump to content

Certificate Issues for Firefox 74.0 64bit


Recommended Posts

  • ESET Insiders

Yea, I saw the certificate issue problems, and searched for eset certs on this laptop. Only had the current one. I still deleted it and then activated web protection to put back the current one. Didn't have any effect. Additionally people with clean installs wouldn't have any prior Eset certs, such as my case, I'm new to Eset on this laptop,  so I don't see that as being the source of the problem.

Link to comment
Share on other sites

@SeriousHoax already posted a work around that worked for him here: https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/?do=findComment&comment=111976

Note that he deleted the existing and only Eset certificate from the Windows root CA certificate store, not the from FireFox's Authorities certificate store, He then rebooted, and Eset's root certificate auto repopulated in the Windows root CA certificate store. Why this works, I really have no clue.

Link to comment
Share on other sites

  • ESET Insiders

Just tried both ways, through FF settings, then restarted EIS and from the cert msc and restarted the whole laptop, no effect, FF still downloads the 2x zip in ssl. 

Link to comment
Share on other sites

11 hours ago, itman said:

@SeriousHoax already posted a work around that worked for him here: https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/?do=findComment&comment=111976

Note that he deleted the existing and only Eset certificate from the Windows root CA certificate store, not the from FireFox's Authorities certificate store, He then rebooted, and Eset's root certificate auto repopulated in the Windows root CA certificate store. Why this works, I really have no clue.

I just remembered actually it worked for me before the current Internet protection module. I updated to pre-release version which is the current stable version but this method didn't work. Then I reverted to stable build and then the method worked. So, it's definitely the issue of the current module. The one prior to this version didn't have the problem.

Link to comment
Share on other sites

Again, on Win 10 x(64) 1909 with FireFox ver. 75 and EIS ver. 13.1.21, the Eicar web site download of the 2x zip is detected:

Eset_EZip2.png.8bf20fca5c7b7d675c7cc6a9f1f97016.png

Are you downloading the this file from the above shown web site? Also check your Eset Detection log for a like entry. It is possible an issue might exist with your Eset installation with displaying of the associated desktop Eset alert.

Edited by itman
Link to comment
Share on other sites

For additional testing, I had an e-mail with the eicarcom2.zip attachment sent to me using this web site: https://www.aleph-tec.com/eicar/

I receive e-mail via IMAPS, so the e-mail would have been received encrypted. The minute I open the e-mail in Thunderbird, the eicar attachment was deleted. Unfortunately and an ongoing problem I have had with Eset scanning of IMAPS e-mail, I received no alert and no log entry for this deletion activity. But nonetheless, the attachment was deleted which is the important point.

Link to comment
Share on other sites

  • ESET Insiders
7 hours ago, itman said:

Again, on Win 10 x(64) 1909 with FireFox ver. 75 and EIS ver. 13.1.21, the Eicar web site download of the 2x zip is detected:

Eset_EZip2.png.8bf20fca5c7b7d675c7cc6a9f1f97016.png

Are you downloading the this file from the above shown web site? Also check your Eset Detection log for a like entry. It is possible an issue might exist with your Eset installation with displaying of the associated desktop Eset alert.

Yes I downloaded from that site. All 4 http versions are detected, and 3 of the https are, the eicar2 zip is not and can be downloaded. Additionally the tests at wicar all fail when clicking on the ssl tab for each test in FF. When using Edge and Opera all tests at both sites are detected so I doubt it's an issue with my overall Eset installation. Even after downloading the eicar2 zip ssl version from FF, it gets detected when I access the folder.  

Link to comment
Share on other sites

  • ESET Insiders
6 hours ago, itman said:

For additional testing, I had an e-mail with the eicarcom2.zip attachment sent to me using this web site: https://www.aleph-tec.com/eicar/

I receive e-mail via IMAPS, so the e-mail would have been received encrypted. The minute I open the e-mail in Thunderbird, the eicar attachment was deleted. Unfortunately and an ongoing problem I have had with Eset scanning of IMAPS e-mail, I received no alert and no log entry for this deletion activity. But nonetheless, the attachment was deleted which is the important point.

I never receive emails when using this test. Since i use gmail I've always assumed Google scanned them and didn't allow the email through.

Link to comment
Share on other sites

  • ESET Insiders
9 hours ago, SeriousHoax said:

I just remembered actually it worked for me before the current Internet protection module. I updated to pre-release version which is the current stable version but this method didn't work. Then I reverted to stable build and then the method worked. So, it's definitely the issue of the current module. The one prior to this version didn't have the problem.

Thanks I tried both methods after itman pointed out your workaround. Neither method works here. I'm currently using pre release updates and seeing this issue. hopefully they update the module, I don't see a way to rollback individual modules.

Link to comment
Share on other sites

  • ESET Insiders
8 hours ago, itman said:

Again, on Win 10 x(64) 1909 with FireFox ver. 75 and EIS ver. 13.1.21, the Eicar web site download of the 2x zip is detected:

Eset_EZip2.png.8bf20fca5c7b7d675c7cc6a9f1f97016.png

Are you downloading the this file from the above shown web site? Also check your Eset Detection log for a like entry. It is possible an issue might exist with your Eset installation with displaying of the associated desktop Eset alert.

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
4/29/2020 7:18:29 AM;Real-time file system protection;file;C:\Users\ZZZ\AppData\Local\Temp\dPKU32kV.com.part;Eicar test file;cleaned by deleting;;Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe (124D3C2BA93644AC6C2D7253DE242B46BE836692).;CF8BD9DFDDFF007F75ADF4C2BE48005CEA317C62;4/29/2020 7:18:27 AM
 

As you see, here it;s detected by real time protections not by http 

Link to comment
Share on other sites

21 minutes ago, NewbyUser said:

As you see, here it;s detected by real time protections not by http 

All I can say is something is screwed up with the way you have FireFox configured.

What your log entry shows is a "stub" of the Eicar download file. Last time I saw one of those was when I was using IE11 sometime ago. These stubs don't actually contain any data.

Also suspicious is "dPKU32kV.com" as if you were being redirected somewhere else.

Your FireFox profile file might be screwed up. You previously stated you have reinstalled FireFox, but I suspect you didn't delete your existing FireFox profile when doing so. By default, FireFox retains the existing profile file when it is uninstalled.

Link to comment
Share on other sites

  • ESET Insiders
5 minutes ago, itman said:

All I can say is something is screwed up with the way you have FireFox configured.

What your log entry shows is a "stub" of the Eicar download file. Last time I saw one of those was when I was using IE11 sometime ago. These stubs don't actually contain any data.

Also suspicious is "dPKU32kV.com" as if you were being redirected somewhere else.

Your FireFox profile file might be screwed up. You previously stated you have reinstalled FireFox, but I suspect you didn't delete your existing FireFox profile when doing so. By default, FireFox retains the existing profile file when it is uninstalled.

I do have the DNS through https feature enabled on FF, could that be whats causing this redirect?

 

And I didn't reinstall FF, I was referring to the certificates, I removed and reapplied them.

Edited by NewbyUser
Additional info
Link to comment
Share on other sites

1 hour ago, NewbyUser said:

Additionally the tests at wicar all fail when clicking on the ssl tab for each test in FF.

Further proof something is screwed up with your FireFox installation. If I try to execute any of the Wicar tests in FireFox, they are immediately blocked by it's built-in Google Safe Browsing blacklist:

Eset_Wicar.thumb.png.73d5e329bdfff166bb5b0c72faf8ba13.png

 

Edited by itman
Link to comment
Share on other sites

8 minutes ago, NewbyUser said:

I do have the DNS through https feature enabled on FF, could that be whats causing this redirect?

I have it enabled using its ClouldFare DNS servers w/o any issues.

Link to comment
Share on other sites

  • ESET Insiders
8 minutes ago, itman said:

Further proof something is screwed up with your FireFox installation. If I try to execute any of the Wicar tests in FireFox, they are immediately blocked by it's built-in Google Safe Browsing blacklist:

Eset_Wicar.thumb.png.73d5e329bdfff166bb5b0c72faf8ba13.png

 

I get these too. You have to click details and then visit the site anyway, or turn off FF from checking sites to be able to let EIS see the traffic.

Link to comment
Share on other sites

  • ESET Insiders
51 minutes ago, itman said:

Further proof something is screwed up with your FireFox installation. If I try to execute any of the Wicar tests in FireFox, they are immediately blocked by it's built-in Google Safe Browsing blacklist:

Eset_Wicar.thumb.png.73d5e329bdfff166bb5b0c72faf8ba13.png

 

I'll also say, why assume something is wrong with my FF? If you scroll through this thread you see that two Eset employees have said they're aware of the issue and working on a fix. Which while not stated, would imply that I'm far from the only person experiencing the issue.

Link to comment
Share on other sites

  • ESET Insiders
15 minutes ago, itman said:

Eset detection of Eicar download from wicar.org. Note I was on the HTTPS site when tested:

Eset_Wicar.png.118b915088e21f3b02af6811dd3ed0a7.png

If you look at the Object scanned , it's scanning HTTP, not HTTPS. 

Link to comment
Share on other sites

19 minutes ago, NewbyUser said:

If you look at the Object scanned , it's scanning HTTP, not HTTPS. 

Refer to my posting. I stated I downloaded from the wicar.org HTTPS web site. Appears it redirects to its HTTP web site to do the EICAR download.

BTW - I am done with you.

Link to comment
Share on other sites

  • ESET Insiders
18 minutes ago, itman said:

Refer to my posting. I stated I downloaded from the wicar.org HTTPS web site. Appears it redirects to its HTTP web site to do the EICAR download.

BTW - I am done with you.

I read what you said, and pointed out the object being actually scanned was http. Not sure where your animosity comes from, but it works for me. Thanks for the assistance.

Link to comment
Share on other sites

  • Administrators

There is no reason to argue about the issue here. The cause is known and I too was able to reproduce it. Probably next week we will release a new Internet protection module for those updating from pre-release update channel that will address the issue.

Link to comment
Share on other sites

18 hours ago, NewbyUser said:

If you look at the Object scanned , it's scanning HTTP, not HTTPS. 

Wicar_Eicar.png.de7a6e6fc7b70ea0adce65447bdfe4ad.png

 

Edited by itman
Link to comment
Share on other sites

  • ESET Insiders
6 hours ago, itman said:

Wicar_Eicar.png.de7a6e6fc7b70ea0adce65447bdfe4ad.png

 

Not sure what the point of this post is. I'm glad you're not experiencing the issue. Thanks again for your assistance.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...