Jump to content

Protocol filtering stops access to emails


joaer
 Share

Recommended Posts

I just noticed something interesting in regards to Eset's root certificate stored in both FireFox and Thunderbird.

It is only authorized for code signing purposes. Why that is I am clueless since it has full authorization privileges assigned in its Win root CA store certificate.

This issue wouldn't cause problems with FireFox since the Eset cert. stored there can identify web sites.

What I am wondering is if enabling the "identify e-mail providers" setting on the Eset cert. stored in Thunderbird will fix this Thunderbird SSL connection issue?

Link to comment
Share on other sites

  • ESET Moderators

Hello guys,

in case you still face the issue after the certificate re-generation  

On 10/28/2020 at 3:40 PM, Marcos said:

Please try the following:

- switch to the pre-release update channel in the advanced update setup
- with TB closed, disable SSL filtering and click OK
- re-enable SSL filtering and click OK
- launch TB and check if the issue persists.

you can provide me with a logs to check it.

1. Close the e-mail client 

2. ESET's Advanced settings -> Tools -> Diagnostics -> Enable Protocol filtering advanced logging ; confirm by OK

3. Start the e-mail client and wait for the error 

4. Disable the logging from the step #2 

5. collect the logs by ESET Log Collector 

 

Once you have the logs collected, upload them to a safe location and send me a private message with the download details and a reference to this forum topic.

 

Peter

Link to comment
Share on other sites

On 11/2/2020 at 10:07 AM, Peter Randziak said:

in case you still face the issue after the certificate re-generation  

I don't know what certificate re-generation you're talking about, but I just sent you a message with a link to a generated log.

Link to comment
Share on other sites

  • ESET Moderators
3 hours ago, Marco5342 said:

I don't know what certificate re-generation you're talking about, but I just sent you a message with a link to a generated log.

sorry I should be more clear, I meant part of the process described by Marcos, I quoted (in bold)

On 10/28/2020 at 3:40 PM, Marcos said:

Please try the following:

- switch to the pre-release update channel in the advanced update setup
- with TB closed, disable SSL filtering and click OK
- re-enable SSL filtering and click OK

- launch TB and check if the issue persists.

Peter

Link to comment
Share on other sites

For the record, I managed to solve my Thunderbird SSL/TLS problems by keeping protocol filtering enabled, but adding the IP address of the IMAP server (a local address on my home network) to the Excluded IP addresses list, found in Advanced setup > Web and email > Protocol filtering > Excluded IP addresses. Maybe not the correct or best way to solve it, for for now, I'm good.

I presume my firefox errors were a result of certificate regeneration, which I handled by following the advice above.

Regards, Joakim

Link to comment
Share on other sites

7 hours ago, joaer said:

For the record, I managed to solve my Thunderbird SSL/TLS problems by keeping protocol filtering enabled, but adding the IP address of the IMAP server (a local address on my home network) to the Excluded IP addresses list, found in Advanced setup > Web and email > Protocol filtering > Excluded IP addresses. Maybe not the correct or best way to solve it, for for now, I'm good.

That's fine as long as you realize nothing to/from that server will be scanned.

-EDIT- Also if you're in fact using IMAP versus IMAPS in Thunderbird for this server, Eset is not performing any SSL/TLS interception since the network traffic is not encrypted.

Edited by itman
Link to comment
Share on other sites

Just to chime in, we have a separate thread going on the business user forums for Eset Endpoint Antivirus - tested with 7.3.2041.0 and 7.3.2044.0 with the exact same issues. When SSL filtering is on, Outlook cannot connect to the email servers. Tried this across 5 companies we manage across over 30 pcs connecting to different email hosting providers. There are more pcs I just haven't had a chance to test them yet. So far not 1 computer I log into will work in Outlook if SSL filtering is turned on. In some rarer cases it even stops Firefox from browsing HTTPS pages correctly. The user calls started for us on Monday 11/2/2020.

In our Firefox cases, doing the steps mentioned above (resulting in certificate regeneration) did not solve the problem.

In our Outlook cases it did not solve the problem either.

https://forum.eset.com/topic/26108-ssltls-protocol-filtering-breaking-email-and-web-browsing/

Link to comment
Share on other sites

  • Administrators

Could you please check if you have SSL2 blocking enabled under Web access protection -> SSL/TLS setup?
If disabled, try enabling it and let us know if it makes a difference. It's enabled by default and shouldn't be disabled.

image.png

Link to comment
Share on other sites

  • ESET Moderators

Hello guys,

The dev team analyzed the reported issues and prepared a module with one of the changes reverted, which should address the issue.

The module is Internet protection module 1401.1 and is available on pre-release update channel.

Can you please try to switch to pre-release updates, revert the workarounds and let me know how it went?

 

Thank you and have a nice weekend,

Peter

Link to comment
Share on other sites

  • Administrators
1 hour ago, Marco5342 said:

I got 1410.1 with the beta release, but unfortunately still no connection.

 

Have you tried rebooting the computer? Do you have the option to block SSL2 enabled?

image.png

Link to comment
Share on other sites

I also came across this posting over at TechNet where someone specifically added SSL v2 to his Win 10 and Outlook 365 build:

Quote

This works but SSL 2.0 on my machine Office 365 and Windows 10.  Thanks.

This problem seemed to come from nowhere!  Very annoying.  I re-installed Office, deleted and added email accounts, changed security and port setting but nothing worked.

I used “registry editor” (used to be reg edit) and it was easy.

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client

Change the 1 to a zero.

This my first ever posting on one of these sites and account not verified so couldn't post pics

 

https://social.technet.microsoft.com/Forums/en-US/6e486936-e4a2-4da8-87ef-903d67e4bb84/outlook-2016-cannot-connect-to-email-server-with-ssltls

Suspect this is what was done by one poster in this thread since he had the Eset SSL/TLS Disable SSL v2 setting disabled in his screen shot.

So the question is does Eset support SSL v2 in ver. 14?

Edited by itman
Link to comment
Share on other sites

14 hours ago, Marcos said:

Have you tried rebooting the computer? Do you have the option to block SSL2 enabled?

Block SSL2 option was enabled. Disabled the block SSL2 option, no change. Completely rebooted the computer. No change. Enabled the SSL2 option. No change.

Link to comment
Share on other sites

  • Administrators
2 hours ago, Marco5342 said:

Block SSL2 option was enabled. Disabled the block SSL2 option, no change. Completely rebooted the computer. No change. Enabled the SSL2 option. No change.

Please carry on as follows:
- enable advanced logging under Help and support -> Details for technical support
- launch ThunderBird and reproduce the issue
- stop logging
- collect logs with ESET Log Collector and upload the generated archive here.

Link to comment
Share on other sites

Someone opened another thread with an interesting observation.

They have two devices w/Eset 14.0.22 installed using Thunderbird as their e-mail client. One is running Win 10 Pro. The other device is running Win 10 Home. The Win 10 Pro device is the one having problems receiving e-mail w/Eset SSL/TLS protocol scanning enabled. Further the e-mail is ISP provided and is not using IMAPS at all, but rather IMAP using STARTTLS.

So the question is to everyone having current e-mail issues are you running a Win 10 Pro version?

Link to comment
Share on other sites

itman, I have the Home version of Win 10 version 2004 (OS Build 19041.572), and I still have problems (albeit currently handled by using excluding IP address list).

Link to comment
Share on other sites

1 hour ago, joaer said:

itman, I have the Home version of Win 10 version 2004 (OS Build 19041.572), and I still have problems (albeit currently handled by using excluding IP address list).

Yours is a special case in that you are only having issues with your local e-mail server. You also never answered my previous question in regards to this server:

Quote

In regards to this Thunderbird e-mail account, is it indeed an IMAP account and not IMAPS? What is the connection security for this account in Thunderbird? The options are None, STARTTLS, or SSL/TLS.

If you have that set up for IMAP; i.e. non-encrypted traffic, you should be using either None or STARTTLS as security connection type.

Link to comment
Share on other sites

10 hours ago, itman said:

If you have that set up for IMAP; i.e. non-encrypted traffic, you should be using either None or STARTTLS as security connection type.

I use STARTTLS for the server I am having trouble with, and SSL/TLS for all other (functioning) servers.

Link to comment
Share on other sites

  • Administrators
44 minutes ago, joaer said:

I use STARTTLS for the server I am having trouble with, and SSL/TLS for all other (functioning) servers.

Please carry on as follows:
- enable advanced logging under Help and support -> Details for technical support
- launch the email client and reproduce the issue
- stop logging
- collect logs with ESET Log Collector and upload the generated archive here.

Link to comment
Share on other sites

Hello,

Wanted to update this thread as well as I think I've figured out the problem with Eset Endpoint Antivirus doing the same thing. It seems from my testing there's a bug in the engine or the GUI where regardless of what you set "Block encrypted communication utilizing the obsolete protocol SSL v2" to the engine ignores it. The way I fixed ours is through our ESMC server. With the business version you can have all your endpoints managed by a central server. When we push out a policy with it disabled from the central server, then the engine respects the setting and stops blocking SSL. But with the just the local gui set to disabled, it still blocks. Not sure if this is applicable for the version in this thread, but it worked for us.

https://forum.eset.com/topic/26108-ssltls-protocol-filtering-breaking-email-and-web-browsing/

 

Link to comment
Share on other sites

Hmmm, but if Thunderbird works how it's configured, it shouldn't use SSL v2. So the setting shouldn't matter for me. In Thunderbird I have deprecated  TSL versions disabled and the value of security.tls.version.min is 3 (which should mean: TLS 1.2 is the minimum required encryption protocol.).

 

Link to comment
Share on other sites

34 minutes ago, ExcelIT2417 said:

Hello,

Wanted to update this thread as well as I think I've figured out the problem with Eset Endpoint Antivirus doing the same thing. It seems from my testing there's a bug in the engine or the GUI where regardless of what you set "Block encrypted communication utilizing the obsolete protocol SSL v2" to the engine ignores it. The way I fixed ours is through our ESMC server. With the business version you can have all your endpoints managed by a central server. When we push out a policy with it disabled from the central server, then the engine respects the setting and stops blocking SSL. But with the just the local gui set to disabled, it still blocks. Not sure if this is applicable for the version in this thread, but it worked for us.

https://forum.eset.com/topic/26108-ssltls-protocol-filtering-breaking-email-and-web-browsing/

 

Believe we are getting closer to the source of the issue here. My suspicion has been for a while that Eset in the latest ver. is disabling all SSL protocol scanning. The reason it is not showing up in browser blocking activity is that SSL has been disabled by default in most browsers for some time.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...