Jump to content

Yet another issue with ESET Cyber Security for macOS


Recommended Posts

  • Administrators

Installation on Mac OS 11.1 is possible. Even if you get a warning that the OS is not supported, you can continue with the installation. The OS check will be updated as of the next version which is planned for Jan/Feb 21 and which will also add the firewall system extension.

As for ECS being listed twice, this is because it uses two extensions. Software with more extensions appears multiple times in this list.

As for issues with email, make sure that IMAPS and POP3S ports are not listed in the list of ports scanned by email protection. Only ports 110 and 143 should be in the list.

Link to post
Share on other sites
  • Administrators
2 minutes ago, Martin A said:

Are you saying the default settings are wrong?

The next version will have them removed and only ports 143 and 110 will be in the list. For some reason it may cause issues on Big Sur even if the POP3S and IMAPS communication was not actually scanned.

Link to post
Share on other sites
3 minutes ago, Marcos said:

The next version will have them removed and only ports 143 and 110 will be in the list. For some reason it may cause issues on Big Sur even if the POP3S and IMAPS communication was not actually scanned.

Ergo, there is no email protection in Big Sur for secure ports?

Is this a feature removal?

Link to post
Share on other sites
9 minutes ago, Marcos said:

SSL filtering has never been supported on Mac OS. It will be added in later v7 versions.

Email client protection is not actually protecting email clients using secure ports then?

Completely baffling given secure ports are listed by default; even deceptive one might argue.

And who uses insecure ports?  Not those interested about email client protection I imagine

So my takeaway is, users don't actually have the protection that the settings intimate they do, and this has been exposed due to changes in Big Sur which cause said protection that isn't there to crash?

In which case, is it that this has never worked, but this was only made evident due to the changes in Big Sur?  Did ESET think this was working but it wasn't?  Or did they always know but left the settings with secure ports listed by default anyway?

More questions than answers.

Please explain the logic here.

Link to post
Share on other sites
On 1/13/2021 at 5:10 PM, Martin A said:

In which case, is it that this has never worked, but this was only made evident due to the changes in Big Sur?  Did ESET think this was working but it wasn't?  Or did they always know but left the settings with secure ports listed by default anyway?

Is there an answer to this please?

Link to post
Share on other sites
  • Administrators

The SSL ports were added a long time ago probably together with the HTTPS port 443 which makes sense and partially enables url blocking for https websites even without support for SSL filtering.

Link to post
Share on other sites
11 minutes ago, Martin A said:

 Did ESET think this was working but it wasn't?

 

11 minutes ago, Martin A said:

Or did they always know but left the settings with secure ports listed by default anyway?

 

So am I to infer the second statement is true?

Link to post
Share on other sites
  • Administrators

My understanding is that developers didn't realized that adding IMAPS and POP3S ports to the list won't have the same benefits than adding the HTTPS port. For a long time it hadn't caused any issues until Big Sur. Another AV vendor notified us about the bug they found:

We at ... have detected the following issue in macOS BigSur. When MailShield is enabled and some other Network System extension app (Cisco AnyConnect VPN version 4.9, Little Snitch) is installed, Apple Mail stops working with IMAP properly. The issue lies in Apple’s libnetwork.dylib that is used by Apple Mail and Safari. This library starts logging some SSL handshake errors without any connections even arriving to our extension.

Our MailShield is built as an NETransparentProxy Network System Extension. Our tests show that the issue occurs even when we reject any incoming connections. Also the Network Extension in Cisco AnyConnect is dormant as only VPN is enabled. We have already checked that the same issue appears between ESET and CISCO. We did not check any other AV. We reported this to Apple a few months ago, but it was not fixed yet. We would like to ask you to check your solution and report similar bugs to Apple to hopefully push this forward a bit faster.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...