ESET endpoint AV causing Google Meet Network error

[denzilla 0]

Endpoint version 7.3.2041.0 intsalled on Windows 10 Pro v.2004. Problem is on every workstation.

Shortly after starting a meeting, its times out with "A Network Error has occurred". 

What I've tried so far:

*Disabled Realtime protection = FAIL

*Disabled Network Attack Protection/Botnet Protection = FAIL

*Uninstalled ESET Endpoint = Success!

What can I do to help resolve this?

 

[itman 1,659]

When you access Network Protection in the Eset GUI, does the Troubleshooting Wizard show blocked activity after starting a Google Meet session?

Edited October 15, 2020 by itman

[denzilla 0]

1 hour ago, itman said:

When you access Network Protection in the Eset GUI, does the Troubleshooting Wizard show blocked activity after starting a Google Meet session?

Nope.

[denzilla 0]

Happening on Windows 7 workstations as well. 

[itman 1,659]

Temporally disable SSL/TLS protocol filtering in Web Access protection and see if that corrects the problem.

Edited October 15, 2020 by itman

[Marcos 5,074]

Do you have ESET Endpoint Antivirus or ESET Endpoint Security installed? If the latter, did you try pausing the firewall? Did you try temporarily disabling protocol filtering in the advanced setup?

[denzilla 0]

ESET Endpoint Antivirus 7.3.2041.0

Disabling protocol filtering fixes the issue

What should I do from here?

 

Edited October 15, 2020 by denzilla

[itman 1,659]

4 minutes ago, denzilla said:

Can you direct me to the protocol filtering location? I looked and didn't see it.

Refer to the below screen shot:

[denzilla 0]

Thanks. I found it just before you replied. Disabling protocol filtering fixes it. What should I do from here?

Thanks for your help

[itman 1,659]

34 minutes ago, denzilla said:

What should I do from here?

First, re-enable SSL/TLS protocol filtering. Next, refer to the posted screen shot.

1. Mouse click on "Edit" setting for the List of SSL/TLS filter applications.

2. Search for the .exe associated with this Google Meet application.

3. Highlight it and click on the "Edit" tab. Change the Scan action to "Ignore." 

4. Mouse click on the "OK" tab and any subsequent one to save your settings.

Note that from now on, any Google Meet HTTPS traffic will not be filtered by Eset for malware at the network level.

Edited October 15, 2020 by itman

[denzilla 0]

13 minutes ago, itman said:

First, re-enable SSL/TLS protocol filtering. Next, refer to the posted screen shot.

1. Mouse click on "Edit" setting for the List of SSL/TLS filter applications.

2. Search for the .exe associated with this Google Meet application.

3. Highlight it and click on the "Edit" tab. Change the Scan action to "Ignore." 

4. Mouse click on the "OK" tab and any subsequent one to save your settings.

Note that from now on, any Google Meet HTTPS traffic will not be filtered by Eset for malware at the network level.

There is no application/exe installed. Google Meet is initiated by going to meet.google.com and clicking new meeting.

[itman 1,659]

 

1 hour ago, denzilla said:

There is no application/exe installed. Google Meet is initiated by going to meet.google.com and clicking new meeting.

Yeah, I was just reviewing details of it on the web. Appears to work through the browser. Do you have Google Workspace installed?

You might also want to contact Google Meet tech support and ask if they know of conflicts with AV solutions SSL/TLS protocol scanning.

As it stands now, your only option is to disable Eset SSL/TLS protocol scanning prior to initiating a Google Meet session. Then re-enable it when the session sends.

Another alternative is to use another supported browser for Meet use only. Then set that browser .exe to Ignore in List of SSL/TLS filter applications. Also, your current in-use browser might be issue when using Google Meet. Try another browser such as FireFox if your currently using Chrome, and see if the issue persists.

You should also open a tech support ticket with Eset North America tech support.

Edited October 15, 2020 by itman

[denzilla 0]

I opened a support ticket with ESET and linked this thread. 

Workspace isn't installed.

These are student workstations that kids use to communicate with local school district teachers for e-learning. They are required to use Google Chrome.

Not feasible to disable\re-enable after sessions due to number of students.

I will attempt to also contact Google and report this. ESET is well known/used, so I can't believe we're the only ones with this problem.

Thank you again for your help.

[Marcos 5,074]

You could exclude the appropriate certificate via a policy. First, open meet.google.com and save the certificate for *.google.com (the screen shot is from Firefox):

Then create or edit an existing policy, add the certificate from the file and select "Ignore" scan action:

 

However, a safe solution that would avoid excluding all communication with *.google.com could be adding https://meet.google.com/ to the list of addresses excluded from content scan under Web access protection -> URL management.

[itman 1,659]

Oops. When I last replied, it was evening and I am a "morning person."

6 hours ago, Marcos said:

However, a safe solution that would avoid excluding all communication with *.google.com could be adding https://meet.google.com/ to the list of addresses excluded from content scan under Web access protection -> URL management.

Problems with this URL exclusion option.

To start, the Meet web page is actually https://apps.google.com/meet/  . To start a Meet session, you are directed to the Google sign-on web page, https://accounts.google.com/signin/v2/identifier?ltmpl=meet&continue=https%3A%2F%2Fmeet.google.com%2Fnew%3Fhs%3D190&flowName=GlifWebSignIn&flowEntry=ServiceLogin . And I am sure more URLs are involved.

I would start with this URL content scan exclusion, https://apps.google.com/meet/* . Hopefully that will cover all web sites involved with a Meet session.

If disconnects persist, I would then do the Google certificate exclusion noted above. Note: do the certificate export on this web page, https://apps.google.com/meet/* .

Also Google has dozens of certificates issued to it. Hopefully, they are using the same certificate for each Meet sub-domain accessed.

 

Edited October 16, 2020 by itman

[denzilla 0]

30 minutes ago, itman said:

Oops. When I last replied, it was evening and I am a "morning person."

Problems with this URL exclusion option.

To start, the Meet web page is actually https://apps.google.com/meet/  . To start a Meet session, you are directed to the Google sign-on web page, https://accounts.google.com/signin/v2/identifier?ltmpl=meet&continue=https%3A%2F%2Fmeet.google.com%2Fnew%3Fhs%3D190&flowName=GlifWebSignIn&flowEntry=ServiceLogin . And I am sure more URLs are involved.

I would start with this URL content scan exclusion,  https://apps.google.com/meet/* . Hopefully that will cover all web sites involved with a Meet session. If disconnects persist, I would then do the Google certificate exclusion noted above.

URL Exclusion = No joy

Cert Exclusion = Works!

[itman 1,659]

@Marcos this Google cert. is used at dozens of other Google and affiliated web sites such as https://www.youtube.com/

Eset SSL/TLS protocol scanning excludes the youtube web site for example. Believe the real solution here is to add the Google Meet web site to SSL/TLS protocol scanning internal web site exclusions.

[denzilla 0]

Should I attempt to contact ESET support and forward this info or does @Marcoshave the means to resolve it? I waited 1.5hrs on the phone for ESET phone support this morning with no response. My next attempt was going to be through Chat.

[Marcos 5,074]

You won't be able to resolve this on the phone. Please open a support ticket via the built-in or web form. As a workaround, temporarily exclude Google's certificate as suggested above. It could be a permanent solution if there's no other way to fix it.

[denzilla 0]

4 minutes ago, Marcos said:

You won't be able to resolve this on the phone. Please open a support ticket via the built-in or web form. As a workaround, temporarily exclude Google's certificate as suggested above. It could be a permanent solution if there's no other way to fix it.

I have a support ticket that was generated via web form. I got an email this morning telling me to call support # or Chat. 

Wont the excluded Cert expire, forcing me to update the exclusion each time?

[itman 1,659]

39 minutes ago, denzilla said:

Wont the excluded Cert expire, forcing me to update the exclusion each time?

That cert. is valid until 12/15/2020, 10:22:19 AM (Eastern Daylight Time) . So you're good for at least a couple of months.

[Marcos 5,074]

I would add that I was able to present via Google Meet in Chrome without issues and with no exceptions created.

[denzilla 0]

Could network config be a factor even though uninstalling eset or excluding google cert resolves it? I can duplicate this on every machine in my domain running Windows/ESET. The only machines without the issue are a few Linux boxes (no AV on those).

[itman 1,659]

4 hours ago, Marcos said:

I would add that I was able to present via Google Meet in Chrome without issues and with no exceptions created.

Why am I not surprised by this .......

Also, many U.S. school districts issue Chromebook's en-mass to their students for remote learning purposes. I suspect this Google Meet app is ported from the Chrome OS which Google modified to run on Windows via Google cloud interface.

[itman 1,659]

9 minutes ago, denzilla said:

Could network config be a factor even though uninstalling eset or excluding google cert resolves it?

Did you try using Google Meet via Chrome browser as @Marcos suggested? To test if there are no issues, you can set the *.goggle.com certificate in Eset certificate exclusions from "Ignore" to "Auto" prior to opening the Chrome browser.

Edited October 17, 2020 by itman