itman 1,655 Posted October 31, 2020 Share Posted October 31, 2020 I just noticed something interesting in regards to Eset's root certificate stored in both FireFox and Thunderbird. It is only authorized for code signing purposes. Why that is I am clueless since it has full authorization privileges assigned in its Win root CA store certificate. This issue wouldn't cause problems with FireFox since the Eset cert. stored there can identify web sites. What I am wondering is if enabling the "identify e-mail providers" setting on the Eset cert. stored in Thunderbird will fix this Thunderbird SSL connection issue? Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,128 Posted November 2, 2020 ESET Moderators Share Posted November 2, 2020 Hello guys, in case you still face the issue after the certificate re-generation On 10/28/2020 at 3:40 PM, Marcos said: Please try the following: - switch to the pre-release update channel in the advanced update setup - with TB closed, disable SSL filtering and click OK - re-enable SSL filtering and click OK - launch TB and check if the issue persists. you can provide me with a logs to check it. 1. Close the e-mail client 2. ESET's Advanced settings -> Tools -> Diagnostics -> Enable Protocol filtering advanced logging ; confirm by OK 3. Start the e-mail client and wait for the error 4. Disable the logging from the step #2 5. collect the logs by ESET Log Collector Once you have the logs collected, upload them to a safe location and send me a private message with the download details and a reference to this forum topic. Peter Link to comment Share on other sites More sharing options...
Marco5342 3 Posted November 4, 2020 Share Posted November 4, 2020 On 11/2/2020 at 10:07 AM, Peter Randziak said: in case you still face the issue after the certificate re-generation I don't know what certificate re-generation you're talking about, but I just sent you a message with a link to a generated log. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,128 Posted November 4, 2020 ESET Moderators Share Posted November 4, 2020 3 hours ago, Marco5342 said: I don't know what certificate re-generation you're talking about, but I just sent you a message with a link to a generated log. sorry I should be more clear, I meant part of the process described by Marcos, I quoted (in bold) On 10/28/2020 at 3:40 PM, Marcos said: Please try the following: - switch to the pre-release update channel in the advanced update setup- with TB closed, disable SSL filtering and click OK - re-enable SSL filtering and click OK - launch TB and check if the issue persists. Peter Link to comment Share on other sites More sharing options...
joaer 3 Posted November 4, 2020 Author Share Posted November 4, 2020 For the record, I managed to solve my Thunderbird SSL/TLS problems by keeping protocol filtering enabled, but adding the IP address of the IMAP server (a local address on my home network) to the Excluded IP addresses list, found in Advanced setup > Web and email > Protocol filtering > Excluded IP addresses. Maybe not the correct or best way to solve it, for for now, I'm good. I presume my firefox errors were a result of certificate regeneration, which I handled by following the advice above. Regards, Joakim Peter Randziak 1 Link to comment Share on other sites More sharing options...
itman 1,655 Posted November 4, 2020 Share Posted November 4, 2020 (edited) 7 hours ago, joaer said: For the record, I managed to solve my Thunderbird SSL/TLS problems by keeping protocol filtering enabled, but adding the IP address of the IMAP server (a local address on my home network) to the Excluded IP addresses list, found in Advanced setup > Web and email > Protocol filtering > Excluded IP addresses. Maybe not the correct or best way to solve it, for for now, I'm good. That's fine as long as you realize nothing to/from that server will be scanned. -EDIT- Also if you're in fact using IMAP versus IMAPS in Thunderbird for this server, Eset is not performing any SSL/TLS interception since the network traffic is not encrypted. Edited November 4, 2020 by itman Link to comment Share on other sites More sharing options...
ExcelIT2417 1 Posted November 5, 2020 Share Posted November 5, 2020 Just to chime in, we have a separate thread going on the business user forums for Eset Endpoint Antivirus - tested with 7.3.2041.0 and 7.3.2044.0 with the exact same issues. When SSL filtering is on, Outlook cannot connect to the email servers. Tried this across 5 companies we manage across over 30 pcs connecting to different email hosting providers. There are more pcs I just haven't had a chance to test them yet. So far not 1 computer I log into will work in Outlook if SSL filtering is turned on. In some rarer cases it even stops Firefox from browsing HTTPS pages correctly. The user calls started for us on Monday 11/2/2020. In our Firefox cases, doing the steps mentioned above (resulting in certificate regeneration) did not solve the problem. In our Outlook cases it did not solve the problem either. https://forum.eset.com/topic/26108-ssltls-protocol-filtering-breaking-email-and-web-browsing/ Link to comment Share on other sites More sharing options...
Administrators Marcos 5,050 Posted November 6, 2020 Administrators Share Posted November 6, 2020 Could you please check if you have SSL2 blocking enabled under Web access protection -> SSL/TLS setup? If disabled, try enabling it and let us know if it makes a difference. It's enabled by default and shouldn't be disabled. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,128 Posted November 6, 2020 ESET Moderators Share Posted November 6, 2020 Hello guys, The dev team analyzed the reported issues and prepared a module with one of the changes reverted, which should address the issue. The module is Internet protection module 1401.1 and is available on pre-release update channel. Can you please try to switch to pre-release updates, revert the workarounds and let me know how it went? Thank you and have a nice weekend, Peter Link to comment Share on other sites More sharing options...
itman 1,655 Posted November 6, 2020 Share Posted November 6, 2020 1 hour ago, Peter Randziak said: The module is Internet protection module 1401.1 and is available on pre-release update channel. Also has been pushed to regular update channel. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Marco5342 3 Posted November 6, 2020 Share Posted November 6, 2020 I got 1410.1 with the beta release, but unfortunately still no connection. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,050 Posted November 6, 2020 Administrators Share Posted November 6, 2020 1 hour ago, Marco5342 said: I got 1410.1 with the beta release, but unfortunately still no connection. Have you tried rebooting the computer? Do you have the option to block SSL2 enabled? Link to comment Share on other sites More sharing options...
itman 1,655 Posted November 7, 2020 Share Posted November 7, 2020 (edited) I also came across this posting over at TechNet where someone specifically added SSL v2 to his Win 10 and Outlook 365 build: Quote This works but SSL 2.0 on my machine Office 365 and Windows 10. Thanks. This problem seemed to come from nowhere! Very annoying. I re-installed Office, deleted and added email accounts, changed security and port setting but nothing worked. I used “registry editor” (used to be reg edit) and it was easy. Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client Change the 1 to a zero. This my first ever posting on one of these sites and account not verified so couldn't post pics https://social.technet.microsoft.com/Forums/en-US/6e486936-e4a2-4da8-87ef-903d67e4bb84/outlook-2016-cannot-connect-to-email-server-with-ssltls Suspect this is what was done by one poster in this thread since he had the Eset SSL/TLS Disable SSL v2 setting disabled in his screen shot. So the question is does Eset support SSL v2 in ver. 14? Edited November 7, 2020 by itman Link to comment Share on other sites More sharing options...
Marco5342 3 Posted November 7, 2020 Share Posted November 7, 2020 14 hours ago, Marcos said: Have you tried rebooting the computer? Do you have the option to block SSL2 enabled? Block SSL2 option was enabled. Disabled the block SSL2 option, no change. Completely rebooted the computer. No change. Enabled the SSL2 option. No change. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,050 Posted November 7, 2020 Administrators Share Posted November 7, 2020 2 hours ago, Marco5342 said: Block SSL2 option was enabled. Disabled the block SSL2 option, no change. Completely rebooted the computer. No change. Enabled the SSL2 option. No change. Please carry on as follows: - enable advanced logging under Help and support -> Details for technical support - launch ThunderBird and reproduce the issue - stop logging - collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
itman 1,655 Posted November 7, 2020 Share Posted November 7, 2020 Someone opened another thread with an interesting observation. They have two devices w/Eset 14.0.22 installed using Thunderbird as their e-mail client. One is running Win 10 Pro. The other device is running Win 10 Home. The Win 10 Pro device is the one having problems receiving e-mail w/Eset SSL/TLS protocol scanning enabled. Further the e-mail is ISP provided and is not using IMAPS at all, but rather IMAP using STARTTLS. So the question is to everyone having current e-mail issues are you running a Win 10 Pro version? Link to comment Share on other sites More sharing options...
joaer 3 Posted November 7, 2020 Author Share Posted November 7, 2020 itman, I have the Home version of Win 10 version 2004 (OS Build 19041.572), and I still have problems (albeit currently handled by using excluding IP address list). Link to comment Share on other sites More sharing options...
itman 1,655 Posted November 7, 2020 Share Posted November 7, 2020 1 hour ago, joaer said: itman, I have the Home version of Win 10 version 2004 (OS Build 19041.572), and I still have problems (albeit currently handled by using excluding IP address list). Yours is a special case in that you are only having issues with your local e-mail server. You also never answered my previous question in regards to this server: Quote In regards to this Thunderbird e-mail account, is it indeed an IMAP account and not IMAPS? What is the connection security for this account in Thunderbird? The options are None, STARTTLS, or SSL/TLS. If you have that set up for IMAP; i.e. non-encrypted traffic, you should be using either None or STARTTLS as security connection type. Link to comment Share on other sites More sharing options...
joaer 3 Posted November 8, 2020 Author Share Posted November 8, 2020 10 hours ago, itman said: If you have that set up for IMAP; i.e. non-encrypted traffic, you should be using either None or STARTTLS as security connection type. I use STARTTLS for the server I am having trouble with, and SSL/TLS for all other (functioning) servers. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,050 Posted November 8, 2020 Administrators Share Posted November 8, 2020 44 minutes ago, joaer said: I use STARTTLS for the server I am having trouble with, and SSL/TLS for all other (functioning) servers. Please carry on as follows: - enable advanced logging under Help and support -> Details for technical support - launch the email client and reproduce the issue - stop logging - collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
joaer 3 Posted November 8, 2020 Author Share Posted November 8, 2020 Marcos, I have already sent a log collection to Peter Randziak. Do you require another one? Peter Randziak 1 Link to comment Share on other sites More sharing options...
Marco5342 3 Posted November 8, 2020 Share Posted November 8, 2020 I just uploaded a new log to a private message thread chat with Peter and TomasP. Peter Randziak 1 Link to comment Share on other sites More sharing options...
ExcelIT2417 1 Posted November 8, 2020 Share Posted November 8, 2020 Hello, Wanted to update this thread as well as I think I've figured out the problem with Eset Endpoint Antivirus doing the same thing. It seems from my testing there's a bug in the engine or the GUI where regardless of what you set "Block encrypted communication utilizing the obsolete protocol SSL v2" to the engine ignores it. The way I fixed ours is through our ESMC server. With the business version you can have all your endpoints managed by a central server. When we push out a policy with it disabled from the central server, then the engine respects the setting and stops blocking SSL. But with the just the local gui set to disabled, it still blocks. Not sure if this is applicable for the version in this thread, but it worked for us. https://forum.eset.com/topic/26108-ssltls-protocol-filtering-breaking-email-and-web-browsing/ Link to comment Share on other sites More sharing options...
Marco5342 3 Posted November 8, 2020 Share Posted November 8, 2020 Hmmm, but if Thunderbird works how it's configured, it shouldn't use SSL v2. So the setting shouldn't matter for me. In Thunderbird I have deprecated TSL versions disabled and the value of security.tls.version.min is 3 (which should mean: TLS 1.2 is the minimum required encryption protocol.). Link to comment Share on other sites More sharing options...
itman 1,655 Posted November 8, 2020 Share Posted November 8, 2020 34 minutes ago, ExcelIT2417 said: Hello, Wanted to update this thread as well as I think I've figured out the problem with Eset Endpoint Antivirus doing the same thing. It seems from my testing there's a bug in the engine or the GUI where regardless of what you set "Block encrypted communication utilizing the obsolete protocol SSL v2" to the engine ignores it. The way I fixed ours is through our ESMC server. With the business version you can have all your endpoints managed by a central server. When we push out a policy with it disabled from the central server, then the engine respects the setting and stops blocking SSL. But with the just the local gui set to disabled, it still blocks. Not sure if this is applicable for the version in this thread, but it worked for us. https://forum.eset.com/topic/26108-ssltls-protocol-filtering-breaking-email-and-web-browsing/ Believe we are getting closer to the source of the issue here. My suspicion has been for a while that Eset in the latest ver. is disabling all SSL protocol scanning. The reason it is not showing up in browser blocking activity is that SSL has been disabled by default in most browsers for some time. Link to comment Share on other sites More sharing options...
Recommended Posts