Jump to content
SwartPerel

Certificate Issues for Firefox 74.0 64bit

Recommended Posts

Yea, I saw the certificate issue problems, and searched for eset certs on this laptop. Only had the current one. I still deleted it and then activated web protection to put back the current one. Didn't have any effect. Additionally people with clean installs wouldn't have any prior Eset certs, such as my case, I'm new to Eset on this laptop,  so I don't see that as being the source of the problem.

Share this post


Link to post
Share on other sites

@SeriousHoax already posted a work around that worked for him here: https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/?do=findComment&comment=111976

Note that he deleted the existing and only Eset certificate from the Windows root CA certificate store, not the from FireFox's Authorities certificate store, He then rebooted, and Eset's root certificate auto repopulated in the Windows root CA certificate store. Why this works, I really have no clue.

Share this post


Link to post
Share on other sites

Just tried both ways, through FF settings, then restarted EIS and from the cert msc and restarted the whole laptop, no effect, FF still downloads the 2x zip in ssl. 

Share this post


Link to post
Share on other sites

What's the "danger" to this issue/"vulnerability?  is it still safe using FF until this is fixed?

Share this post


Link to post
Share on other sites
11 hours ago, itman said:

@SeriousHoax already posted a work around that worked for him here: https://forum.eset.com/topic/23125-certificate-issues-for-firefox-740-64bit/?do=findComment&comment=111976

Note that he deleted the existing and only Eset certificate from the Windows root CA certificate store, not the from FireFox's Authorities certificate store, He then rebooted, and Eset's root certificate auto repopulated in the Windows root CA certificate store. Why this works, I really have no clue.

I just remembered actually it worked for me before the current Internet protection module. I updated to pre-release version which is the current stable version but this method didn't work. Then I reverted to stable build and then the method worked. So, it's definitely the issue of the current module. The one prior to this version didn't have the problem.

Share this post


Link to post
Share on other sites
Posted (edited)

Again, on Win 10 x(64) 1909 with FireFox ver. 75 and EIS ver. 13.1.21, the Eicar web site download of the 2x zip is detected:

Eset_EZip2.png.8bf20fca5c7b7d675c7cc6a9f1f97016.png

Are you downloading the this file from the above shown web site? Also check your Eset Detection log for a like entry. It is possible an issue might exist with your Eset installation with displaying of the associated desktop Eset alert.

Edited by itman

Share this post


Link to post
Share on other sites

For additional testing, I had an e-mail with the eicarcom2.zip attachment sent to me using this web site: https://www.aleph-tec.com/eicar/

I receive e-mail via IMAPS, so the e-mail would have been received encrypted. The minute I open the e-mail in Thunderbird, the eicar attachment was deleted. Unfortunately and an ongoing problem I have had with Eset scanning of IMAPS e-mail, I received no alert and no log entry for this deletion activity. But nonetheless, the attachment was deleted which is the important point.

Share this post


Link to post
Share on other sites
7 hours ago, itman said:

Again, on Win 10 x(64) 1909 with FireFox ver. 75 and EIS ver. 13.1.21, the Eicar web site download of the 2x zip is detected:

Eset_EZip2.png.8bf20fca5c7b7d675c7cc6a9f1f97016.png

Are you downloading the this file from the above shown web site? Also check your Eset Detection log for a like entry. It is possible an issue might exist with your Eset installation with displaying of the associated desktop Eset alert.

Yes I downloaded from that site. All 4 http versions are detected, and 3 of the https are, the eicar2 zip is not and can be downloaded. Additionally the tests at wicar all fail when clicking on the ssl tab for each test in FF. When using Edge and Opera all tests at both sites are detected so I doubt it's an issue with my overall Eset installation. Even after downloading the eicar2 zip ssl version from FF, it gets detected when I access the folder.  

Share this post


Link to post
Share on other sites
6 hours ago, itman said:

For additional testing, I had an e-mail with the eicarcom2.zip attachment sent to me using this web site: https://www.aleph-tec.com/eicar/

I receive e-mail via IMAPS, so the e-mail would have been received encrypted. The minute I open the e-mail in Thunderbird, the eicar attachment was deleted. Unfortunately and an ongoing problem I have had with Eset scanning of IMAPS e-mail, I received no alert and no log entry for this deletion activity. But nonetheless, the attachment was deleted which is the important point.

I never receive emails when using this test. Since i use gmail I've always assumed Google scanned them and didn't allow the email through.

Share this post


Link to post
Share on other sites
9 hours ago, SeriousHoax said:

I just remembered actually it worked for me before the current Internet protection module. I updated to pre-release version which is the current stable version but this method didn't work. Then I reverted to stable build and then the method worked. So, it's definitely the issue of the current module. The one prior to this version didn't have the problem.

Thanks I tried both methods after itman pointed out your workaround. Neither method works here. I'm currently using pre release updates and seeing this issue. hopefully they update the module, I don't see a way to rollback individual modules.

Share this post


Link to post
Share on other sites
8 hours ago, itman said:

Again, on Win 10 x(64) 1909 with FireFox ver. 75 and EIS ver. 13.1.21, the Eicar web site download of the 2x zip is detected:

Eset_EZip2.png.8bf20fca5c7b7d675c7cc6a9f1f97016.png

Are you downloading the this file from the above shown web site? Also check your Eset Detection log for a like entry. It is possible an issue might exist with your Eset installation with displaying of the associated desktop Eset alert.

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
4/29/2020 7:18:29 AM;Real-time file system protection;file;C:\Users\ZZZ\AppData\Local\Temp\dPKU32kV.com.part;Eicar test file;cleaned by deleting;;Event occurred on a file modified by the application: C:\Program Files\Mozilla Firefox\firefox.exe (124D3C2BA93644AC6C2D7253DE242B46BE836692).;CF8BD9DFDDFF007F75ADF4C2BE48005CEA317C62;4/29/2020 7:18:27 AM
 

As you see, here it;s detected by real time protections not by http 

Share this post


Link to post
Share on other sites
21 minutes ago, NewbyUser said:

As you see, here it;s detected by real time protections not by http 

All I can say is something is screwed up with the way you have FireFox configured.

What your log entry shows is a "stub" of the Eicar download file. Last time I saw one of those was when I was using IE11 sometime ago. These stubs don't actually contain any data.

Also suspicious is "dPKU32kV.com" as if you were being redirected somewhere else.

Your FireFox profile file might be screwed up. You previously stated you have reinstalled FireFox, but I suspect you didn't delete your existing FireFox profile when doing so. By default, FireFox retains the existing profile file when it is uninstalled.

Share this post


Link to post
Share on other sites
Posted (edited)
5 minutes ago, itman said:

All I can say is something is screwed up with the way you have FireFox configured.

What your log entry shows is a "stub" of the Eicar download file. Last time I saw one of those was when I was using IE11 sometime ago. These stubs don't actually contain any data.

Also suspicious is "dPKU32kV.com" as if you were being redirected somewhere else.

Your FireFox profile file might be screwed up. You previously stated you have reinstalled FireFox, but I suspect you didn't delete your existing FireFox profile when doing so. By default, FireFox retains the existing profile file when it is uninstalled.

I do have the DNS through https feature enabled on FF, could that be whats causing this redirect?

 

And I didn't reinstall FF, I was referring to the certificates, I removed and reapplied them.

Edited by NewbyUser
Additional info

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, NewbyUser said:

Additionally the tests at wicar all fail when clicking on the ssl tab for each test in FF.

Further proof something is screwed up with your FireFox installation. If I try to execute any of the Wicar tests in FireFox, they are immediately blocked by it's built-in Google Safe Browsing blacklist:

Eset_Wicar.thumb.png.73d5e329bdfff166bb5b0c72faf8ba13.png

 

Edited by itman

Share this post


Link to post
Share on other sites
8 minutes ago, NewbyUser said:

I do have the DNS through https feature enabled on FF, could that be whats causing this redirect?

I have it enabled using its ClouldFare DNS servers w/o any issues.

Share this post


Link to post
Share on other sites
8 minutes ago, itman said:

Further proof something is screwed up with your FireFox installation. If I try to execute any of the Wicar tests in FireFox, they are immediately blocked by it's built-in Google Safe Browsing blacklist:

Eset_Wicar.thumb.png.73d5e329bdfff166bb5b0c72faf8ba13.png

 

I get these too. You have to click details and then visit the site anyway, or turn off FF from checking sites to be able to let EIS see the traffic.

Share this post


Link to post
Share on other sites
51 minutes ago, itman said:

Further proof something is screwed up with your FireFox installation. If I try to execute any of the Wicar tests in FireFox, they are immediately blocked by it's built-in Google Safe Browsing blacklist:

Eset_Wicar.thumb.png.73d5e329bdfff166bb5b0c72faf8ba13.png

 

I'll also say, why assume something is wrong with my FF? If you scroll through this thread you see that two Eset employees have said they're aware of the issue and working on a fix. Which while not stated, would imply that I'm far from the only person experiencing the issue.

Share this post


Link to post
Share on other sites

Eset detection of Eicar download from wicar.org. Note I was on the HTTPS site when tested:

Eset_Wicar.png.118b915088e21f3b02af6811dd3ed0a7.png

Share this post


Link to post
Share on other sites
15 minutes ago, itman said:

Eset detection of Eicar download from wicar.org. Note I was on the HTTPS site when tested:

Eset_Wicar.png.118b915088e21f3b02af6811dd3ed0a7.png

If you look at the Object scanned , it's scanning HTTP, not HTTPS. 

Share this post


Link to post
Share on other sites
19 minutes ago, NewbyUser said:

If you look at the Object scanned , it's scanning HTTP, not HTTPS. 

Refer to my posting. I stated I downloaded from the wicar.org HTTPS web site. Appears it redirects to its HTTP web site to do the EICAR download.

BTW - I am done with you.

Share this post


Link to post
Share on other sites
18 minutes ago, itman said:

Refer to my posting. I stated I downloaded from the wicar.org HTTPS web site. Appears it redirects to its HTTP web site to do the EICAR download.

BTW - I am done with you.

I read what you said, and pointed out the object being actually scanned was http. Not sure where your animosity comes from, but it works for me. Thanks for the assistance.

Share this post


Link to post
Share on other sites

There is no reason to argue about the issue here. The cause is known and I too was able to reproduce it. Probably next week we will release a new Internet protection module for those updating from pre-release update channel that will address the issue.

Share this post


Link to post
Share on other sites
Posted (edited)
18 hours ago, NewbyUser said:

If you look at the Object scanned , it's scanning HTTP, not HTTPS. 

Wicar_Eicar.png.de7a6e6fc7b70ea0adce65447bdfe4ad.png

 

Edited by itman

Share this post


Link to post
Share on other sites
6 hours ago, itman said:

Wicar_Eicar.png.de7a6e6fc7b70ea0adce65447bdfe4ad.png

 

Not sure what the point of this post is. I'm glad you're not experiencing the issue. Thanks again for your assistance.

Share this post


Link to post
Share on other sites
Posted (edited)

Here's a web site: https://ipinfo.info/html/testvirus.php , that will perform eicar 2x, 3x, and 4x .zip plus .tar, .gz, and .cab HTTPS downloads. Eset using FireFox detected them all. 

Eset_Eicar.thumb.png.ee45907e8ca66caab7d1e8c8c83b9bc3.png

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...