Jump to content

ESET endpoint AV causing Google Meet Network error


Recommended Posts

Endpoint version 7.3.2041.0 intsalled on Windows 10 Pro v.2004. Problem is on every workstation.

Shortly after starting a meeting, its times out with "A Network Error has occurred"

What I've tried so far:

*Disabled Realtime protection = FAIL

*Disabled Network Attack Protection/Botnet Protection = FAIL

*Uninstalled ESET Endpoint = Success!

What can I do to help resolve this?

 

Link to post
Share on other sites

When you access Network Protection in the Eset GUI, does the Troubleshooting Wizard show blocked activity after starting a Google Meet session?

Edited by itman
Link to post
Share on other sites
1 hour ago, itman said:

When you access Network Protection in the Eset GUI, does the Troubleshooting Wizard show blocked activity after starting a Google Meet session?

Nope.

Link to post
Share on other sites

Temporally disable SSL/TLS protocol filtering in Web Access protection and see if that corrects the problem.

Edited by itman
Link to post
Share on other sites
  • Administrators

Do you have ESET Endpoint Antivirus or ESET Endpoint Security installed? If the latter, did you try pausing the firewall? Did you try temporarily disabling protocol filtering in the advanced setup?

Link to post
Share on other sites
4 minutes ago, denzilla said:

Can you direct me to the protocol filtering location? I looked and didn't see it.

Refer to the below screen shot:

Eset_SSL.thumb.png.2e6029fbd801b0b8cc7ebb6d89547e19.png

Link to post
Share on other sites
34 minutes ago, denzilla said:

What should I do from here?

First, re-enable SSL/TLS protocol filtering. Next, refer to the posted screen shot.

1. Mouse click on "Edit" setting for the List of SSL/TLS filter applications.

2. Search for the .exe associated with this Google Meet application.

3. Highlight it and click on the "Edit" tab. Change the Scan action to "Ignore." 

4. Mouse click on the "OK" tab and any subsequent one to save your settings.

Note that from now on, any Google Meet HTTPS traffic will not be filtered by Eset for malware at the network level.

Edited by itman
Link to post
Share on other sites
13 minutes ago, itman said:

First, re-enable SSL/TLS protocol filtering. Next, refer to the posted screen shot.

1. Mouse click on "Edit" setting for the List of SSL/TLS filter applications.

2. Search for the .exe associated with this Google Meet application.

3. Highlight it and click on the "Edit" tab. Change the Scan action to "Ignore." 

4. Mouse click on the "OK" tab and any subsequent one to save your settings.

Note that from now on, any Google Meet HTTPS traffic will not be filtered by Eset for malware at the network level.

There is no application/exe installed. Google Meet is initiated by going to meet.google.com and clicking new meeting.

Link to post
Share on other sites

 

1 hour ago, denzilla said:

There is no application/exe installed. Google Meet is initiated by going to meet.google.com and clicking new meeting.

Yeah, I was just reviewing details of it on the web. Appears to work through the browser. Do you have Google Workspace installed?

You might also want to contact Google Meet tech support and ask if they know of conflicts with AV solutions SSL/TLS protocol scanning.

As it stands now, your only option is to disable Eset SSL/TLS protocol scanning prior to initiating a Google Meet session. Then re-enable it when the session sends.

Another alternative is to use another supported browser for Meet use only. Then set that browser .exe to Ignore in List of SSL/TLS filter applications. Also, your current in-use browser might be issue when using Google Meet. Try another browser such as FireFox if your currently using Chrome, and see if the issue persists.

You should also open a tech support ticket with Eset North America tech support.

Edited by itman
Link to post
Share on other sites

I opened a support ticket with ESET and linked this thread. 

Workspace isn't installed.

These are student workstations that kids use to communicate with local school district teachers for e-learning. They are required to use Google Chrome.

Not feasible to disable\re-enable after sessions due to number of students.

I will attempt to also contact Google and report this. ESET is well known/used, so I can't believe we're the only ones with this problem.

Thank you again for your help.

Link to post
Share on other sites
  • Administrators

You could exclude the appropriate certificate via a policy. First, open meet.google.com and save the certificate for *.google.com (the screen shot is from Firefox):

image.png

Then create or edit an existing policy, add the certificate from the file and select "Ignore" scan action:

image.png

image.png

 

However, a safe solution that would avoid excluding all communication with *.google.com could be adding https://meet.google.com/ to the list of addresses excluded from content scan under Web access protection -> URL management.

Link to post
Share on other sites

Oops. When I last replied, it was evening and I am a "morning person."

6 hours ago, Marcos said:

However, a safe solution that would avoid excluding all communication with *.google.com could be adding https://meet.google.com/ to the list of addresses excluded from content scan under Web access protection -> URL management.

Problems with this URL exclusion option.

To start, the Meet web page is actually https://apps.google.com/meet/  . To start a Meet session, you are directed to the Google sign-on web page, https://accounts.google.com/signin/v2/identifier?ltmpl=meet&continue=https%3A%2F%2Fmeet.google.com%2Fnew%3Fhs%3D190&flowName=GlifWebSignIn&flowEntry=ServiceLogin . And I am sure more URLs are involved.

I would start with this URL content scan exclusion, https://apps.google.com/meet/* . Hopefully that will cover all web sites involved with a Meet session.

If disconnects persist, I would then do the Google certificate exclusion noted above. Note: do the certificate export on this web page, https://apps.google.com/meet/* .

Also Google has dozens of certificates issued to it. Hopefully, they are using the same certificate for each Meet sub-domain accessed.

 

Edited by itman
Link to post
Share on other sites
30 minutes ago, itman said:

Oops. When I last replied, it was evening and I am a "morning person."

Problems with this URL exclusion option.

To start, the Meet web page is actually https://apps.google.com/meet/  . To start a Meet session, you are directed to the Google sign-on web page, https://accounts.google.com/signin/v2/identifier?ltmpl=meet&continue=https%3A%2F%2Fmeet.google.com%2Fnew%3Fhs%3D190&flowName=GlifWebSignIn&flowEntry=ServiceLogin . And I am sure more URLs are involved.

I would start with this URL content scan exclusion,  https://apps.google.com/meet/* . Hopefully that will cover all web sites involved with a Meet session. If disconnects persist, I would then do the Google certificate exclusion noted above.

URL Exclusion = No joy

Cert Exclusion = Works!

Link to post
Share on other sites

@Marcos this Google cert. is used at dozens of other Google and affiliated web sites such as https://www.youtube.com/

Eset SSL/TLS protocol scanning excludes the youtube web site for example. Believe the real solution here is to add the Google Meet web site to SSL/TLS protocol scanning internal web site exclusions.

Link to post
Share on other sites

Should I attempt to contact ESET support and forward this info or does @Marcoshave the means to resolve it? I waited 1.5hrs on the phone for ESET phone support this morning with no response. My next attempt was going to be through Chat.

Link to post
Share on other sites
  • Administrators

You won't be able to resolve this on the phone. Please open a support ticket via the built-in or web form. As a workaround, temporarily exclude Google's certificate as suggested above. It could be a permanent solution if there's no other way to fix it.

Link to post
Share on other sites
4 minutes ago, Marcos said:

You won't be able to resolve this on the phone. Please open a support ticket via the built-in or web form. As a workaround, temporarily exclude Google's certificate as suggested above. It could be a permanent solution if there's no other way to fix it.

I have a support ticket that was generated via web form. I got an email this morning telling me to call support # or Chat. 

Wont the excluded Cert expire, forcing me to update the exclusion each time?

Link to post
Share on other sites
39 minutes ago, denzilla said:

Wont the excluded Cert expire, forcing me to update the exclusion each time?

That cert. is valid until 12/15/2020, 10:22:19 AM (Eastern Daylight Time) . So you're good for at least a couple of months.

Link to post
Share on other sites

Could network config be a factor even though uninstalling eset or excluding google cert resolves it? I can duplicate this on every machine in my domain running Windows/ESET. The only machines without the issue are a few Linux boxes (no AV on those).

Link to post
Share on other sites
4 hours ago, Marcos said:

I would add that I was able to present via Google Meet in Chrome without issues and with no exceptions created.

Why am I not surprised by this .......

Also, many U.S. school districts issue Chromebook's en-mass to their students for remote learning purposes. I suspect this Google Meet app is ported from the Chrome OS which Google modified to run on Windows via Google cloud interface.

Link to post
Share on other sites
9 minutes ago, denzilla said:

Could network config be a factor even though uninstalling eset or excluding google cert resolves it?

Did you try using Google Meet via Chrome browser as @Marcos suggested? To test if there are no issues, you can set the *.goggle.com certificate in Eset certificate exclusions from "Ignore" to "Auto" prior to opening the Chrome browser.

Edited by itman
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...